[alanfriedman]

Firstly, thanks for inspecting the source and offering a suggestion for improvement. The latter point should be a relatively easy fix.

As for your first point, there’s little we can do to prevent TLS or AWS tampering. But we can make it easier to choose e2e encryption in the first place. So we focused on reducing barriers to entry (no signup required, simple URL-based rooms) as well as providing these benefits over alternatives:

- Open source code

- Ephermeral message history (not persisted in a DB)

- Opt-out anonymity

We think these features make Darkwire a good solution for many users seeking secure, private online communication. Having said that, no solution is perfect and we hope to see contributions from the open source community to make it even better.

[tptacek]

Just to be clear: I didn't look carefully; I looked for about 2 minutes, found the first indication of unsound crypto I could, and then stopped.

[rndgermandude]

Given that the server distributes the keys, and there is no way for the user to compare/verify known-good keys of other users, it's possible for the server to MITM everything, actively, meaning modification instead of just eavesdropping.

>- Open source code

Open source doesn't save you either, because a user cannot inspect what is actually running on the server.

And even the client side, while the code is technically there (downloaded to the browser in minified form), it's not feasible for a user no matter what level of skills to verify the distributed code is actually what's open sourced in your github repository and that the code stays like that whenever you refresh or reopen the site.

So basically, you need to trust the server (operator) and your webcrypto scheme does not provide any additional security whatsoever given that the server (operator) can MITM it trivially. The only thing preventing third parties other than the server (operator) in a MITM position to do harm is the TLS, but not your webcrypto scheme.

>- Ephermeral message history (not persisted in a DB)

Even with best intensions, what happens when you receive some National Security Letter, court order or similar, which forces you into silently MITM the key exchanges, thereby enabling you to MITM the messages and then log every message and pass that to some state actor?

To say something positive, I like the minimal UI and the way you handle file uploads. Even tho your service cannot fulfill the strong user-to-user security it somewhat claims, it's still a nice chat tool.

However, since your service is easy to use (copy-paste just one URL and type away), I'd guess soon enough you'll run into the same troubles as similar services where some bad users (e.g. from the chans) will use your service to e.g. distribute child pornography, revenge porn and other very illegal content.

[alanfriedman]

Thanks for the feedback. If we assume the server is compromised then it's true that a MITM attack is trivial. However it seems to me this would be the case for any web-based e2e chat application, all of which must use a server by definition.

Regardless, it's easy enough to spin up your own instance of Darkwire (`docker compose`) and operate the server yourself if so inclined.

[nobadco]

Hey, it is painfully obvious that you have a high school level understanding of the crypto at play here. That's really OK, crypto is hard.

You'll want to look into how real cryptographically secure open source comms apps do end to end encryption. Properly implemented, the server can be fully hostile and never recover messages.

Then you'll need to go remove every claim of e2e or cryptographic security from darkchat. Thank you for your time.

[alanfriedman]

My point was that if the server providing client code is compromised, it can serve malicious code to said client. This isn’t a cryptographic claim, just a point about how all web-based applications work.

Also while I appreciate the feedback, this comment struck me as more hostile than helpful, so I’d suggest having a look at HN comment guidelines for future reference.