PrivatePing is a secure messaging application built on Python's Django framework, providing end-to-end encryption for messages exchanged between users. It leverages HTML, CSS, JavaScript, SubtleCrypto API, channels, and Redis to ensure secure communication channels.
- End-to-End Encryption: Messages are encrypted using SubtleCrypto API in JavaScript. It uses SHA-256 algorithm, ensuring that only the intended recipient can decrypt and read the messages.
- No Message Storage: PrivatePing does not store messages on its servers, ensuring user privacy and confidentiality.
- Anonymous Login: Offers an anonymous login feature, creating temporary user accounts valid for 24 hours, enhancing privacy and security for users.
- Secure Authentication: Utilizes Django's default authentication mechanism to ensure secure user authentication and authorization.
Note: Currently, the application is not accessible from mobile and tablet devices.
PrivatePing is hosted on Heroku. It is accessible through a web browser. Users can register, log in securely, and exchange encrypted messages with each other without the need to install or run the application locally.
To get started:
- Visit PrivatePing in your web browser.
- You can either:
- Sign up for a standard account using your email address, and Login using your credentials to continue.
- Alternatively, use the option for anonymous direct login, which creates a temporary account for you valid for the next 24 hours. No private information will be attached to this account.
- After successfully logging into the account, click on "Add User" button on the navigation bar at the top left.
- Enter your friend's username and click on "Add". A friend request will be sent to your friend.
- Your friend will be able to see upcoming request from you, and can accept or reject the request.
- If a friend accepts the request, then you will be able to chat.
- Once added, click on the user's name you wish to chat with.
- PrivatePing will create a secure room for you both and wait for the other person to connect.
- When you and your friend are successfully connected over a secure channel, you can start exchanging encrypted messages, which not even PrivatePing can decipher.
PrivatePing employs a robust encryption system to ensure secure and private communication between users. Here's a step-by-step breakdown of the process:
-
User Authentication and Key Generation: When a user logs into their account or creates a temporary account, PrivatePing's SubtleCrypto module generates a secure key-pair for the user. The private key is stored locally in the user's browser's local storage, while the public key is sent to the server. This key generation process occurs each time a user logs in, and any previous session keys are destroyed to maintain security.
-
Initiating Communication: When a user initiates communication with another user, PrivatePing fetches the recipient's public key from the server. This public key is then stored in the user's browser's cookie, awaiting connection. The same process occurs for the recipient user on the other side.
-
Secure Connection Establishment: Once both users are connected, PrivatePing establishes a secure and private communication channel between them.
-
Message Encryption and Transmission: When a user types a message and hits the send button, PrivatePing retrieves the recipient's public key from its cookie. The message is then encrypted using the SHA-256 algorithm and sent to the recipient over websockets.
-
Message Decryption and Display: Upon receiving the encrypted message, the recipient retrieves their private key from their browser's local storage. Using this private key, the recipient decrypts the message, which is then displayed on the webpage in its original form.
This comprehensive encryption process ensures that all communication on PrivatePing remains secure and private, with messages encrypted end-to-end and inaccessible to anyone other than the intended recipient.
You can install PrivatePing locally on Linux and Mac devices using the provided installation script.
- Clone the repository.
- Open a terminal window.
- Navigate to the directory where the
install.sh
script is located. - Run the following command to make the script executable:
chmod +x install.sh
- Eecute the script by running:
./install.sh
If you prefer not to use the provided installation script or encounter any issues, you can manually install PrivatePing on Linux and Mac using the following steps:
-
Install Python 3: If you haven't already, install Python 3 on your system. You can download it from Python's official website.
-
Install Virtualenv: This command installs Virtualenv, a tool used to create isolated Python environments.
pip3 install virtualenv
-
Clone the repository with the following command:
git clone https://github.com/princekhunt/privateping.git
-
Create a Virtual Environment: This command creates a virtual environment named
venv
in the current directory.python3 -m venv venv
-
Activate the Virtual Environment: Activating the virtual environment isolates your Python environment, ensuring dependencies are installed locally rather than globally.
- If you are using linux or mac, Activate virtual environment using:
source venv/bin/activate
- If you are using windows, Activate virtual environment using:
venv\Scripts\activate
- If you are using linux or mac, Activate virtual environment using:
-
Install Dependencies: This command installs all required Python packages specified in the
requirements.txt
file.pip3 install -r requirements.txt
-
Create
.env
File: These commands create a .env file in thePrivatePing/settings
directory with environment variable configurations. (Recommendation: Generate a new SECRET_KEY and replace it with the defined here.)echo "SECRET_KEY='*$j@tpltfyblml&*1d+n9t@il^0xef4=bvdu&!7r=zvoq$a19g'" > PrivatePing/settings/.env echo "SECRET_ADMIN_URL=''" >> PrivatePing/settings/.env echo "HCAPTCHA_SITEKEY='10000000-ffff-ffff-ffff-000000000001'" >> PrivatePing/settings/.env echo "HCAPTCHA_SECRET='0x0000000000000000000000000000000000000000'" >> PrivatePing/settings/.env
-
Run Database Migrations: This command applies migrations to create necessary database tables.
python3 manage.py migrate
-
Start the Server: This command starts the Django development server. You can access PrivatePing through your web browser at http://localhost:8000.
python3 manage.py runserver
We extend our heartfelt gratitude to all contributors who have helped improve PrivatePing! Your efforts are greatly appreciated. See the humans.txt page for a list of contributors.
Contributions are welcome! If you'd like to contribute to PrivatePing, please follow these guidelines:
- Fork the repository.
- Create a new branch for your feature or bug fix.
- Make your changes and ensure the code follows the project's coding standards.
- Submit a pull request with a clear description of your changes.
We invite everyone to use this absolutely free application and suggest improvements that can enhance security and privacy.
PrivatePing is licensed under the MIT License.
Special thanks to @Madhur215 for the groundwork and inspiration for this project.