The goal is to develop a simple, secure, light-weight and easy to use open source video chat application. The application should work in any modern browser without requiring installation of extra plugins. Hosting the application should only require minimal resources.
https://arthurdejong.org/webchat/
The application provides end-to-end confidentiality of all communications between users. The server hosting the application does not have access to the contents of the communication.
Video and audio communication use WebRTC with peer-to-peer connections between the browsers (optionally through a TURN server). More details on the security of WebRTC can be found at https://webrtc-security.github.io/
Other communication (text chat and some of the WebRTC signalling messages) are encrypted in Javascript before being relayed through the server to the other participants.
Users that participate in a chat share an encryption key that is never sent to the server. Users can share the encryption key via a URL that can be shared in whatever way the users deem appropriate.
Currently it does not provide:
- privacy of IP addresses of participants (the IP address will be used in communication with the server and in WebRTC between the browsers)
- full anonymity (on the server it is possible to deduce the number of active meetings and number of participants per meeting)
- mutual authentication (it is assumed that users only share the encryption key in a secure manner with trusted participants)
The application is released under the GNU General Public License and can be easily deployed on any server that supports websockets. On the server a simple Python application provides message relaying. Other than that only static files need to be served.
Build the static HTML, Javascript and CSS files to the static
directory:
npm install
npm run build
Optionally an RTCConfiguration.json
file with extra ICE options can be put
in the same directory.
The Python 3 application can be run with (likely create a virtualenv first):
pip install aiohttp
python3 channel.py
An example systemd service file to start the application:
[Unit]
Description=Simple chat daemon
[Service]
Type=simple
WorkingDirectory=/opt/webchat
ExecStart=/opt/webchat/venv/bin/python3 /opt/webchat/channel.py
Restart=on-failure
User=webchat
Group=webchat
[Install]
WantedBy=multi-user.target
A web server that serves HTTPS is assumed to be available. It should be configured to serve the static files and forward the handling of the websocket connections to the Python application.
An example Apache config snippet (requires the proxy_wstunnel module):
Alias /webchat /opt/webchat/static
ProxyPass /webchat/channel ws://localhost:8080/channel
<Directory /opt/webchat/static>
Require all granted
Header always set Content-Security-Policy "default-src 'none';style-src 'self' 'unsafe-inline';img-src 'self';media-src 'self';script-src 'self';connect-src 'self';frame-ancestors 'none';form-action 'self';base-uri 'self'"
</Directory>
Copyright (C) 2020 Arthur de Jong and others
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.