Steem Messenger V0.0.1 Chat securely with the power of Steem blockchain !
In this post, I will explain the SteemMessenger Project, the state of developpement, features, and how everything works !
The Steem Messenger
- What is the project about?
Steem Messenger is about convenience, security, and privacy. Many Steem users decided to use chats mediums like Discord, and Steemit.chat. Steem Messenger enables a secure and fast instant messaging interface between users on the Steem blockchain, without the need to trust your recipient, or any third party. This is a Proof of Concept. The project is still in developpement stage, and this release is not yet hosted on our servers.
- Technology Stack
We use a combination of Javascript, and of course, HTML and CSS for the frontend. We also implemented therequirefunction in our client side withBrowserify. We usesocket.io,socket.io-clientandMongoDB.
Features
For now, the features included are :
Client sided authority. You no longer have to trust anybody for your keys. Everything runs directly on your browser, meaning that your private memo key is safe.
Sending/Receiving encrypted messages, based on your account's keys.
With a clever use of the functionsteem.memo.encodeincluded insteemjs, we made a chat system where only you and your recipient can read them. In case of a major data leak, your content will be safe, as long as you keep your private memo key in a safe place.Delete messages. We believe your messages belongs to you. So we integrated a function to delete every message between you and your recipient.
Secure database. All messages are encrypted in your browser before they are sent to the server, providing you an E2EE (End to End Encryption). Meaning that only you and your recipient can read your messages. It would take 10,000 centuries to successfully brute force your memo key with a regular computer.
How does it work?
First, the client side (client.js). Here is the log in screen.
When you enter your private memo key, and press "Log in", this is what happen :
It will check the public memo key associated with your username (pubWif = result[0]["memo_key"];) and verify if the private key you specified is valid with steem.auth.wifIsValid(privWif, pubWif);. If everything is ok, your private key is then stored on a local var with var privateMemoKey = privWif;.
You will then have access to the chat page like this :
You can then set your recipient name and your message in the specified forms. Press enter, and this will happen :
It will fetch automatically your recipient public memo key (publicMemoReceiver = result[0]["memo_key"];), and encrypt your message with var encoded = steem.memo.encode(privateMemoKey, publicMemoReceiver, texte);.
Your input is then transmitted to the server with socket.emit, and you can see your message is encrypted before it goes to the server.
The data is then saved in the database.
Same thing when you receive a message, this is what happen :
The raw variable is the encrypted message received from the server. It is decoded with var decoded = steem.memo.decode(privateMemoKey, raw);, and then, inserted in the chat box. Without your private MemoKey, nobody should be able to decode your message but you.
Installation guide
To test this Proof of Concept, you need Node.js, and MongoDB.
Simply use npm install into the directory, start mongod, and then run the server.js with npm start. You can now launch index.html !
Roadmap
We aim to be the most secure, fast, and reliable way to interact and chat with people/groups/guilds on the Steem blockchain. For now, we are working with the goal of delivering the first public release. Here are our next steps :
- Add many social functionalities
- Multiple chats
- Improve UI
Contribution
If you would like to contribute to this project, or have any question about it, feel free to contact me on Discord @Kingswisdom#7650, or on github
Posted on Utopian.io - Rewarding Open Source Contributors
Very interesting project ! You play around the memo limitations that allows you to defeat problems like block time/size etc. The only issue with that implementation is that it's centralized, but I mean steem.chat and discord are centralized so it's ok. This would allow any project to tap into it and implement a small chat window using your system (assuming the db is open/you offer apis) which would be very cool !
Thanks a lot @howo ! As you said, centralization is the only issue, but data is well protected with the usage of the encode function on the client side. That way, any project can use the data from the db, without compromising the level of security !
Let me just ask you, because this bugs me and makes it really hard for me to be excited about a project like this.
If the messages can be deleted and are not stored in the blockchain but rather your own database, how is this a steem project? Yeah, it uses our memo keys but... you can do that with any app that allows for encrypting your messages.
Not trying to discourage you, I've been thinking about a good application of the private memo key for some time now, and I'm just wondering if you're sure about a steem related app that's 100% dependent on a centralized server?
Because you can send messages to steem users, without needing to trust any party. Plus, you are guaranteed that your recipient only can read your message. And you are sure that your recipient is who he claim he is.
For example in steem.chat and discord, many people were scammed because of some guys creating accounts with the same name as some whales here. With SteemMessenger, you are 100% certain that if a person messaged you, it is real. If you make an app for messaging without this steem memo key, anybody can start scamming other people by using someone else's name.
A centralized server isn't necessarily a bad thing if used correctly. If messages were stored in the blockchain, imagine in a few years, with the rise of quantum computing, it woud be unsecure to have all your private messages in a blockchain, ready to be "brute forced" by anyone. And even if Steem evolves to become "quantum proof", all your previous messages would still be encoded with a deprecated solution. In a centralized server, you avoid those issues, because people can actually delete their messages as they like.
Solid answer. That actually makes a lot of sense to fight phishing and I can see it becoming a very useful tool once it is perfected thanks to it's open source nature guaranteeing that your server never even sees the private keys.
Thank you for your in depth response and good luck on the project!
irc+ssl ftw :)
héhé ;)
👏👏
;-)
Super ! Merci pour ton boulot !
Merci !
not saving the messages on our steem chain is cool, so we can actually chat as often as we want without BW limitation on the blockchain
100% upvoted
Exactly ! :) Thanks for your support !
Awesome !
Thank you !
Thank you for the contribution. It has been approved.
You can contact us on Discord.
[utopian-moderator]
Hey @kingswisdom I am @utopian-io. I have just upvoted you!
Achievements
Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!
Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x
interesting