Simple Chat

A little while ago, I pushed a new version of Simple Chat, my incredibly basic Sandstorm chat app. It has a new feature that I think is kind of cool: you can have private, unlogged group chats with it. Depending on your threat model (and specifically, assuming your threat model is not-Mossad), it might be good enough for you to use for sensitive communication.

(Interlude: my recommendation for usable secure communication is still Signal. Their app is miles better than Simple Chat both on the security and user-experience fronts, and also has a strong existing user base. It’s unreasonable to even make the comparison. Simple Chat is a toy that I hacked together in a couple weekends. It’s interesting primarily as a proof-of-concept for how great Sandstorm is to develop on. Use Signal.)

So, what’s cool about Simple Chat’s OTR mode? Mostly that I didn’t have to do anything extra to get it right. I didn’t need to think about encryption at all, anywhere, at any point—neither on the wire nor in storage. And you can easily verify for yourself that the app does what it says it does.

The traditional way that we’ve gone about verifying that purported security apps do what they say they do has been, at least in practice, a combination of having access to the source code and trusting the developers. This way is still available with Simple Chat: it’s about 1000 lines of code total. See? But because Sandstorm is so great, you don’t even have to do that. (Asterisk: Sandstorm still doesn’t appear to implement client-side sandboxing, as far as I can tell. So you do need to look at the 100 or so lines of JavaScript if you’re really concerned. But I mean, it’s fine. Trust me.)

How do you know I’m not writing anything to disk? Observe that when you download a grain backup, it is empty. How do you know the server isn’t sending any data home? Recall that Sandstorm apps run without network access. How do you know data sent over the wire is encrypted? Look for the green lock in your address bar.