top | item 40263027

Show HN: I built a website to share files and messages without any server

132 points| dkraj | 1 year ago |neighbor-share.vercel.app

NeighborHoodShare: It is a p2p files and messages sharing platform without involvement of any server. It has end-to-end encryption, ensuring your messages and files remain confidential.

These are some features: - Share photos, documents, videos, and more with ease, no matter the size. - Connect instantly with anyone for speedy and reliable file transfers, bypassing the need for centralized servers. - Get started in minutes with our intuitive interface designed for seamless communication. No registration. - Easily connect with others using QR codes, simplifying the sharing process further.

The inspiration behind NeighborHoodShare stemmed from a common dilemma: the reluctance to share personal contact details like phone numbers or email addresses when sharing photos or messages with strangers. With NeighborHoodShare, you can share content securely without compromising your privacy.

I would be happy to hear your feedback and suggestions for improving NeighborHoodShare.

I had written a blog on how p2p networking in browsers work: https://dikshantraj2001.medium.com/nat-stun-turn-and-ice-466...

105 comments

scrose|1 year ago

You’ve done nothing but submit half a dozen random extensions in the 3 weeks that all collect different personal information on browsing history at a minimum. Your README’s look AI generated, and you’re a completely anonymous account. Additionally, your responses on how files are encrypted here is severely lacking.

All I can say is: There are a lot of red flags here.

dkraj|1 year ago

Yes you are absolutely right. I had replied on other threads. Files are not encrypted. WebRTC provides encryption on all sessions

d-z-m|1 year ago

I looked around and couldn't find a description of the protocol by which two peers authenticate to each other/transfer files. Also, is the E2EE encryption referred to simply whatever is being used to encrypt the transport(DTLS/SRTP/etc)? or are you doing additional encryption/decryption of files?

Also I'm curious like others, does this only work if no nat traversal is required? or are you leveraging public stun/turn infrastructure?

dkraj|1 year ago

WebRTC it is: https://webrtc.org/

Yes only the network layer encryption. No file encryption as it will cost client browsers a lot in case of encrypting and then decrypting that at other end.

I have written more about it here: https://dikshantraj2001.medium.com/nat-stun-turn-and-ice-466...

Currently, I am using the public STUN servers only. If the IPs are not reachable, it would show an error and won't work as setting up TURN server would mean same as a third party server saving in file and serving it over network

meiraleal|1 year ago

It's webrtc, no?

ramchip|1 year ago

> without involvement of any server

> bypassing the need for centralized servers

I don't follow this part... it's using a centralized server to serve the web app, which could easily serve JS code that steals confidential data right?

jfoster|1 year ago

That is true, but unless you develop an application yourself, it is always coming from somewhere else.

Web apps are better than native apps from a security perspective. Browsers have fairly decent built-in debugging tools that you could use to verify that data isn't being uploaded to a 3rd party.

On the other hand, to do the same with a native application you would need to use a separate network protocol analyzer application.

Web apps also run in a sandbox that users tend to have fairly good knowledge about. For example, they generally cannot access any file on your device unless you grant permission. What are the limits of the iOS, OSX, Android or Windows application sandboxes? Can apps on those platforms access files without explicit permission? I think the vast majority of users wouldn't be able to tell you.

dkraj|1 year ago

Didn't get the part of steals confidential data?

It can not do anything without your permissions. All websites are well scoped and run in their private environment in a web browser.

unknown|1 year ago

[deleted]

James_K|1 year ago

How can this work without a a server? You surely need a third party to traverse NAT.

NayamAmarshe|1 year ago

It's using WebRTC's P2P. It does require internet but the middleman is absent in file-sharing.

cynicalsecurity|1 year ago

If at least one party is behind NAT, it's a dead end. I wouldn't trust anyone who makes a false claim it's possible.

dkraj|1 year ago

We need a STUN server to traverse NAT and get IP addresses but it does not use server to store or share the file. Only ice candidates are gathered, discovered and a handshake is facilitated by a STUN server. If that is not possible it shows error.

nrvn|1 year ago

There have been plenty trusted battle tested open source implementations of WebRTC-based p2p transfer.

Why would I use this one instead of them?

deely3|1 year ago

Could you please name these implementations?

dkraj|1 year ago

Here is the source code:

https://github.com/dikshantrajput/neighborHoodShare

siamese_puff|1 year ago

No offense, but why would people use this without associated source code for anyone to scrutinize? Why keep it private? WebRTC based tools like this exist so it’s only a red flag IMO to keep it private.

dkraj|1 year ago

Had open sourced it. You can check it at: https://github.com/dikshantrajput/neighborHoodShare

aster0id|1 year ago

Obligatory callout to the excellent server-free CLI file transfer tool magic wormhole which is open source and battle tested

matheusmoreira|1 year ago

> This program uses two servers

> the mailbox server, and the transit relay.

The dream of the P2P internet died with NAT.

johnea|1 year ago

There's a website... but no server?

Language sure is weird...

dkraj|1 year ago

"Share files and messages without server"

unknown|1 year ago

[deleted]

fenesiistvan|1 year ago

TURN and P2P are incompatible things.

unknown|1 year ago

[deleted]

gradientsrneat|1 year ago

OP reply says they use STUN, not TURN.

NayamAmarshe|1 year ago

Looks good but any plans to make it open source?

Similar open source solutions exist like:

- https://pairdrop.net/

- https://wormhole.app/

- https://www.snapdrop.net/

How does this compare?

Retr0id|1 year ago

The "wormhole" you linked is closed-source, perhaps you meant this one, which is open-source (and iirc came first, but presumably has a smaller SEO budget)

https://webwormhole.io/

https://github.com/saljam/webwormhole

XeO3|1 year ago

https://www.sharedrop.io/ as well. It's open sourced, too.

INTPenis|1 year ago

I've been hosting my own pairdrop for a year now, very easy and quick to share a file between my smartphone and laptop without digging out a usb cable.

huhtenberg|1 year ago

Non-open source - https://file.pizza/

dkraj|1 year ago

Yes will make it open source in future. Just need to clean the code a little bit and make few more changes.

leeoniya|1 year ago

also https://github.com/schollz/croc

unknown|1 year ago

[deleted]

Vinnl|1 year ago

A bit off-topic, but since I was looking at doing a side project with a P2P feature, would appreciate if I could pick your brain for a bit: don't you still need to run the STUN and TURN servers? Can you run those using Vercel's serverless functions?

vmfunction|1 year ago

look at https://peerjs.com that this the project is using.

dkraj|1 year ago

A STUN server is required for discoverability and if still ICE candidates are not found or a negotiation can not take place, I just shows an error for now. About vercel I am not sure need to check whether it provides or not

unknown|1 year ago

[deleted]

anonu|1 year ago

I'm curious about the effectiveness of your other app, NoFap, a browser extension. You might need something a bit less easy to control to make it useful. Just my two cents.

dkraj|1 year ago

Can you please elaborate