That's a great point. I'll tweak the README a little later to suggest using https://burnernote.com/ (as others here have suggested) to more securely share room links. Thanks for the suggestion!
> Anyone with knowledge of the room UUID can listen to the conversation, even though the presence of the eavesdropper may (or may not) show up in the connected peers' counter.
Though much of Chitchatter's security model is based on security by obscurity, I don't know that peers would be able to connect without room participants being notified. Is there a scenario you have in mind where a peer would be able to connect and intercept messages without the peer counter incrementing?
An attacker may try to exploit bugs in the code base, or subtle language features (e.g., weird behaviours, overflows), in order to hide one or more connected endpoints. Further, in order to build assurance about the counter integrity, we would need to employ formal verification and code authentication techniques, so as to ensure that 1/ the software will behave only as intended, and 2/ nobody has tampered with the code base. In absence of such assurance guarantees – which are difficult to provide when the client can be instantiated essentially on any compatible device, the security of the protocol (ie., WebRTC + UUID out-of-band communication) reduces to software security of the code base.
> Further, in order to build assurance about the counter integrity, we would need to employ formal verification and code authentication techniques
Can you point me to resources that might help be understand what that might look like? I'm assuming it requires a third party to audit the project in-depth. I would further assume that such a service costs quite a bit of money. Chitchatter is not a revenue-generating project, so that would have to be to be figured out.
FWIW, I don't consider myself a security expert. I'm learning security best practices by developing Chitchatter. More than anything, I'm hoping to form a community of interested subject matter experts around this project to help build towards the vision of simple and secure communication! :)
Formal verification is basically mathematically proving the code does what you intend it to do - no third party auditors necessary. I'm not super familiar with it, but I've heard quite a bit about it in recent years.
> Anyone with knowledge of the room UUID can listen to the conversation, even though the presence of the eavesdropper may (or may not) show up in the connected peers' counter.
Though much of Chitchatter's security model is based on security by obscurity, I don't know that peers would be able to connect without room participants being notified. Is there a scenario you have in mind where a peer would be able to connect and intercept messages without the peer counter incrementing?