Yesterday i open sourced the app. The app is still unstable and a work in progress. Help me understand what security concerns users might have with my app?

[chat.positive-intentions.com](http://chat.positive-intentions.com/)

I'm thrilled to announce that I am open-sourcing my project, a decentralized chat application designed as a Progressive Web App (PWA) built entirely in JavaScript. This decision marks a significant step forward for the project, aiming to embrace the ethos of transparency, collaboration and community feedback. I previously used to talk about my app being secure, which was easily struck down when it was close-source. My app is working in a unique decentralized way and so i used some creatinvity on the implementation.

For those who might not have seen my previous posts, here's a brief rundown of what this app brings to the table:

* **Secure Messaging**: Utilizing end-to-end encryption to ensure that your messages remain private and secure.

* **File Sharing**: Leverage WebRTC technology and QR codes for easy and secure file transfers.

* **Voice and Video Calls**: Connect with friends, family, or colleagues through seamless voice and video calls.

* **Shared Virtual Space**: Explore a shared mixed-reality space, offering an experience akin to entering a metaverse.

* **Image Board**: An intuitive, scrollable format for browsing and sharing images, inspired by platforms like Instagram.

You can find a high-level overview of the app’s workings [here](https://www.reddit.com/r/positive\_intentions/comments/19b940t/a\_different\_kind\_of\_chat\_app) and some initial thoughts and features discussed in [this post](https://www.reddit.com/r/WebApps/comments/1bml7pz/p2p\_alternative\_to\_whatsapp\_instagram\_and/). **An easy way to test out the app is between two of your devices like a phone and laptop.**

The app is working in a unique way in how it stores large amounts of files in the browser (indexedDB) so the storage used is always on your local device, but has a couple other selhosting options:

* [host the statics](https://www.reddit.com/r/positive\_intentions/comments/1aqu6fx/adding\_the\_decentralized\_to\_decentralizedchat/)

* [host a peerjs-server](https://github.com/peers/peerjs-server)

Previously, I was cautious about a "big-bang" open-sourcing approach, as outlined [here](https://www.reddit.com/r/positive\_intentions/comments/1934nf9/how\_i\_want\_to\_approach\_open\_sourcing\_my\_app/). However, I've decided that open-sourcing the project now is the best path forward. It will allow me to engage more deeply with the community on the app's security and privacy features—areas I’ve [claimed to excel in](https://www.reddit.com/r/cryptography/comments/1736211/the\_theoretically\_most\_secure\_chat\_app\_in/), but have rightly been critiqued for not being verifiable in a closed-source model.

I acknowledge the importance of good documentation in open-source projects. However, I must admit that the documentation for this project is not yet comprehensive. The codebase remains a work-in-progress and it is far from being a complete proof-of-concept. It might present challenges in understanding. For now, the best form of documentation might just be the code itself, alongside discussions on our subreddit: [r/positive\_intentions](https://www.reddit.com/r/positive\_intentions). Your questions and curiosity are welcome.

**What Open-Sourcing the Project Aims to Achieve**:

* **Enhanced Feedback**: Open-sourcing allows me to gather invaluable feedback from the community, helping refine and improve the app.

* **Focus on Security and Privacy**: It opens the door for more in-depth analysis and contributions toward the app’s security and privacy capabilities.

* **Support through GitHub Stars and Sponsors**: If you believe in the project, your stars on GitHub and potential sponsorship can provide much-needed support.

This journey is just beginning and I'm excited to see where collaborative development can take this project. Thank you for your interest, support and feedback.

* Github: [positive-intentions/chat](https://github.com/positive-intentions/chat)

* More information about the app: [positive-intentions.com](http://positive-intentions.com/)

* Follow the subreddit to keep updated about the app: [r/positive\_intentions](https://www.reddit.com/r/positive\_intentions/)