this post was submitted on 17 Apr 2026
-1 points (33.3% liked)

Privacy

9793 readers
536 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
-1
PeerBox, the first fully P2P secure email system (novafuture.org)
submitted 3 weeks ago by NovaFuture@lemmy.world to c/privacy@lemmy.world
6 comments fedilink hide all child comments
 

NovaFuture is proud to announce the official release of PeerBox! A 100% P2P messaging system for Linux, fully open source. Runs on SSH over Tor for maximum security. No account required, no spam possible. Please share the word.

you are viewing a single comment's thread
view the rest of the comments
[–] NovaFuture@lemmy.world -4 points 3 weeks ago (3 children)

Thanks for the detailed review, really appreciate it — this is exactly the kind of feedback the project needed before a public release.

You were right on two of the three points, and I've just pushed fixes to Codeberg (commit 93b8985):

GPG: you nailed it. config.py was silently reusing the user's personal ~/.gnupg keyring if a key was present, which is obviously wrong for an identity-isolated app. Fixed: PeerBox now uses a dedicated keyring at system/gpg/ with --homedir enforced on every gpg call. Existing users get their key auto-migrated on next config.py run so contacts don't break.

Dependencies: install_pysocks() was calling pip install --break-system-packages at runtime, which is indefensible. Removed entirely — it was actually dead code (never called) but still a trap. Documented PySocks in the README as a required pip dep alongside cryptography and pywebview. The broader venv/lockfile refactor is a bigger chantier, planned for phase 6.

SSH keys: here I have to push back a bit — ssh_setup.py does generate a dedicated id_rsa_peerbox key, never reuses id_rsa or id_ed25519. BUT you indirectly uncovered a real bug: request_creator.py had a silent fallback reading id_rsa.pub / id_ed25519.pub if id_rsa_peerbox.pub was missing. That's gone now too.

Quill 1.3.7 → 2.0.3: fair point, on the roadmap for this weekend. Non-minified too for auditability.

Seriously, thanks for taking the time to read the code and call out what needed calling out. This is what keeps small projects honest.

[–] randamumaki@lemmy.blahaj.zone 2 points 3 weeks ago

Obvious LLM reply is obvious.

[–] FalschgeldFurkan@lemmy.world 2 points 3 weeks ago

Aaaand there goes your credibility.

This is what keeps small projects honest.

Oh, the irony!

[–] quack@lemmy.zip 0 points 2 weeks ago (1 children)

Yeah this response is not reassuring. Death to AI slop.

[–] NovaFuture@lemmy.world -1 points 2 weeks ago

Are you alright? Just chilling? Doing your own thing in your corner? You're speaking without any basis. That's unacceptable.