this post was submitted on 10 Sep 2025
19 points (100.0% liked)

Privacy

2685 readers
119 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
19
Help me understand if ChatControl could affect my P2P messaging app. (programming.dev)
submitted 1 month ago by xoron@programming.dev to c/privacy@programming.dev
5 comments fedilink hide all child comments
 

im working on a proof-of-concept messaging app. it has a fairly unique architecture which i think makes it so ChatControl wouldnt affect it... but im not an expert in laws, so im sure im not asking the right questions. any guidance is appriciated.

to make things clear: my project is far from finished. its pretty experiemental, unstable and buggy. im not at a stage where i can say my app is watertight... but that is my general aim.

i think the code for my app is too complicated and not well documented for anyone to pick up and look at in their spare time, so i think its better i describe how it works (please reach out for clarity on any details i may miss!). i hope it can be used to determine how ChatControl can apply to my project.

  • im working on a fully client-side messaging app. cryptography is done client-side using browser API's to generate encryption keys. messages are encrypted client-side and decrypted on the recieving client-side

  • as a webapp i can avoid installation and registration so there are no databases with registered users that can be compromized. user ID's are cryptographically random. this allows allows profiles to be as ephemeral or persistent as the user wants.

  • the app is using webrtc to exchange messages which are then stored on the recieving device client-side only. there is no database storing "pending" messages. if your peer is offline, you cannot send a message.

there are a lot of nuances to a p2p-only messaging app, but i hope that by reducing the amount of infrastructure, it can simplify e2ee.

i dont think its written well enough to be worth your time to do a deep dive into my code, but you can find it here: https://github.com/positive-intentions/chat

top 5 comments
sorted by: hot top controversial new old
[–] throws_lemy@lemmy.nz 6 points 1 month ago* (last edited 1 month ago)

non-EU citizens here

The biggest problem with ChatControl is that you are required to weaken the encryption of your chat application, or possibly give authorities access to scan all messages.

[–] iii@mander.xyz 2 points 1 month ago* (last edited 1 month ago)

I get where you're coming from, trying to find a technical solution, bypassing the app stores by going for a webapp, peer-to-peer to avoid storing logs, e2ee.

The EU however takes another approach and just attacks developer(s) instead (1).

Glad the EU still knows their classics.

[–] Mikina@programming.dev 1 points 1 month ago (1 children)

The biggest step you can take is making sure that you are hosting the repo anonymously, and that it can not be linked to you (or anyone), so they can't go after you.

Github probably isn't a good place for that, but I don't know if anonymous alternatives exist.

[–] xoron@programming.dev 1 points 1 month ago (1 children)

my app is a sideproject. its aiming to be a regular messaging app (like whatsapp, signal, etc). im not breaking any rules by being a webdeveloper developing a webapp (i already asked this question on reddit). im actively trying to turn this into something that can support me.

i dont see myself moving my work away from github. i dont know what benefits it could bring. being anonymous is not something i see as valuable when trying to create a product.

[–] 6nk06@sh.itjust.works 3 points 4 weeks ago

im not breaking any rules by being a webdeveloper developing a webapp (i already asked this question on reddit).

You would be breaking a lot of rules if chat control was a law. Also reddit is not a lawyer and it sucks.