Discussion

EphemChat

zRinexD: I wanted to be able to talk to anyone in the world without relying on any company's servers. No censorship, no rules, no limits except the ones I set in my own room. So I built this.No signup, no registration. Just create a room with a password, share the code, and anyone can join directly. Everything is peer-to-peer, ephemeral, and disappears when you close the tab.Would love to hear what you think. Code is open source. Link: https://ephemchat.vercel.app/ Source code: https://github.com/zzrinexd/EphemChat

ranger_danger: Many users in the world are behind CGNAT or symmetrical NAT, and if both sides are, they will not be able to use WebRTC unless there is a TURN relay server involved. Does your software have a way to account for this?

atmanactive: This is great, thanks! Would you accept a Github pull request to translate it to English and several other languages?

michaelsbradley: What about use of STUN / TURN, entirely avoided?

nikisweeting: THis is not without servers, you still use a signaling server for TURN.If you want true serverless you need a side channel to copy the offer/response, e.g. tell the user's to copy paste them as base64 thorugh whatsapp manually or something.

indigodaddy: - does the room vanish after the last user exits? Seems like it?- can the room code be tacked on to the url/slug?

elwebmaster: You should mention that it uses PeerJS. That's not without servers. PeerJS runs their own signaling server which you are relying on to connect your peers.

zRinexD: Absolutely! I'd love to make this accessible to everyone. English translation would be a great start. Let's coordinate on GitHub issues.

zRinexD: Great question! Currently it uses Google's public STUN servers, which works for ~85% of connections. For the remaining cases, I'm planning to add a community-maintained list of TURN servers or a P2P fallback mechanism.

iamnothere: You could look into DHT as a way to distribute info about connected nodes, and maybe nodes with the right firewall setup could opt in to being TURN servers.

stainlu: The commenters pointing out that STUN/TURN servers are involved are technically right, but the privacy argument doesn't hinge on "no servers" -- it hinges on where the message content flows. A STUN server tells you your public IP. A TURN server relays encrypted packets it can't read. Neither sees your plaintext messages. The actual security property is that message content only exists on the two endpoints and disappears when the session ends.The more precise framing would be "no servers that see your data" rather than "without servers." Every P2P system has a bootstrapping problem -- BitTorrent needs trackers or DHT, blockchains need seed nodes. The question is never "servers or no servers" but "what trust are you placing in the server." In WebRTC's case, the signaling server knows that two parties connected but not what they said. That's a meaningful privacy property even if it's not literally serverless.