this post was submitted on 30 Jun 2026
29 points (93.9% liked)

Privacy

49578 readers
1046 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
 

Source code and details: https://git.anarchists.space/NanoChat/Server

Features

  • Small codebase
  • Messages expire after 30 days
  • Panic button to delete all messages in a room
  • WebSocket for communication
  • Docker support

Technical details

  • AES-256-GCM for client-side encryption
  • Key is not sent to server
you are viewing a single comment's thread
view the rest of the comments
[–] armrecords@lemmy.ca 1 points 21 hours ago

A few ideas that could further strengthen the design:

  • Consider deriving separate keys from a master secret using HKDF (e.g. encryption key, authentication key, attachment key) instead of relying on a single key for everything.
  • Room IDs alone could leak metadata if discovered. An HMAC-based room authentication scheme could help without requiring the server to know any encryption keys.
  • Adding replay protection with counters/nonces and periodic key rotation would make the protocol more resilient.
  • For public deployments, some abuse protection (rate limiting, room creation limits, optional proof-of-work) would help prevent DoS attacks.