Replying to Avatar Saberhagen The Nameless

Thanks for the info. Can you name some of the security and metadata issues? I'm not super familiar with Keet
fc
p2pwins 2mo ago 💬 2

Because some of keet remains closed its not fully certain what the issues are, which is probably the biggest issue, but from having used it here is some ideas and speculationsI have

Direct IP connections exposing your IP. These do not happen all the time tho

Main id, username and screen name exposed to every room

Seems like no forward secrecy on the P2P distributed room data

Seems the room data can be freely distributed to anyone that knows it exists but there is obviously an issue identifying it given peers also encrypt connections to each other

Notifications on mobile in some part (said to be encrypted obviously) go via Google and apples servers

Each room message is identifiable to each device

Screenshot message data might be matchable to room hash data

Might be possible to forge results with their username system then maybe mitm is possible etc

Reply to this note

Please Login to reply.

Discussion

Avatar
Saberhagen The Nameless 2mo ago

Wow thats a lot of problems...tbh I kind of lost interest after waiting for them to go fully open source for about 4+ years now. I know they recently did for the android app but pretty sad that some parts are still closed after all this time. Holepunch itself seems like it has a lot of potential though.

fc
p2pwins 2mo ago

They are my speculations, tbh P2P solves so many problems it's worth trying. They never fully open source anything yet, they plan to next year

The early versions of keet on desktop had all the source available in the install location which they later obfuscated but is still available

The app and tech is extremely promising and looks near 100% will replace all current tech. You need to realise any problem centralised tech and data centres etc solve P2P can solve and actually solve better but it just needs different thinking