MeroChat - Friendly Random Chat
mero.chat
Chat to new people who also just want to chat. MeroChat is a text based chat site for having actual conversations

Bored on holidays or miss Omegle? Come chat with us on MeroChat!

It’s a web based random chat where you’re presented with a flow of user profiles, whom you can choose to chat with. And of course someone else might find you the same way and send you a message out of the blue (provided your privacy settings allow it).

And here’s the code. (Written in PureScript!) A lot remains to be done but it’s a joyful thing already.

  • wiki_me@lemmy.mlEnglish
    1·
    5 hours ago

    Written in PureScript

    Using a purely functional niche language like that will really prevent good developers from contributing IMO.

  • Undertaker@feddit.org
    222·
    1 day ago

    Messages are not end to end encrypted and can thus be read from service provider.

    Additionally Google is integrated into website.

    • Tiuku@sopuli.xyzOP
      121·
      1 day ago

      That’s true. It’s due to lack of implementation.

      Getting e2ee right is tricky business. Any help or insight would be appreciated.

      • Semperverus@lemmy.worldEnglish
        7·
        22 hours ago

        Look into libaxolotl (AKA “OMEMO”), it is the same system Signal uses and is highly standardized.

      • waffle@sh.itjust.works
        4·
        1 day ago

        I know Matrix has E2EE with some public documentation on its implementation. Maybe it could help you? Idk how familiar you’re with E2EE or what kind of implementation you’d want, anything will have drawbacks :/

        • Tiuku@sopuli.xyzOP
          3·
          24 hours ago

          Thanks for the tip!

          I have somewhat of a grasp on how Signal does it, but that’s very client oriented. How to go about it a web app is a mystery to me.

          • waffle@sh.itjust.works
            4·
            21 hours ago

            Yeah, I’m not used to E2EE in the browser either and StackExchange seems to agree that there’s no nice solution :/

            The sanest option in terms of user practicality to me appears to be storing the private key on the server, maybe encrypted with the user’s password, and sending it to the user on successful login where it would be decrypted client side. It seems like it’s more or less what Mega is doing since they have a similar issue

            If the server having temporary access to the user’s password is an issue maybe the password could be partially pre-hashed before being sent?

            It’s be interesting to talk about it with someone with more experience, especially since implementing all of that will be a pain so it can’t be redone every Thursday

            • Tiuku@sopuli.xyzOP
              1·
              3 hours ago

              The sanest option in terms of user practicality to me appears to be storing the private key on the server, maybe encrypted with the user’s password, and sending it to the user on successful login where it would be decrypted client side.

              That does seem reasonable, but it doesn’t solve the trust issue. The server might always send a modified script that just uploads the plaintext private key.

              That said it would still be useful in other ways. Like in a breach the data would be secure.

  • rhythmisaprancer@moist.catsweat.com
    131·
    1 day ago

    Why upload duck-face pictures when you can talk about dancing plagues of the 16th century?

    Hilarious 😂 looks like you (and others?) have put some effort into this.

    • Tiuku@sopuli.xyzOP
      6·
      1 day ago

      I can’t take too much credit myself, but yes, effort has been put. 😄😌

  • Alfenstein@lemmy.ml
    52·
    1 day ago

    Cool 😎 But it feels more like a dating app than an Omegle alternative. But I like the concept.