Web Browser Private Messaging

The Browser as a Messaging Server

Traditional Model vs. CommunisP
Most real-time messaging systems require you to install a dedicated server or rely on a centralized service storing messages for you. In this solution, a standard web browser on your home device (e.g., laptop or desktop) acts as the “always-on server,” simply by being logged into the CommunisP site:

• Logged-In Browser: Stays running at home (or on whichever device you choose).
• Your Nickname: Tied to your login credentials. Your home browser is effectively your “nickname’s presence” on the network.
• Message Reception: If you’re offline on mobile, peers can still send messages to your nickname. They go to your home browser session, which holds them until you reconnect from another device.
• No Extra Installation: There’s no complicated Docker container, no custom server to configure. Just leave a modern browser tab open.

Why It’s Useful

• Receive Messages Offline: If your phone is inactive or turned off, your home browser can keep running, storing new messages as they arrive.
• Notification Relay: Because the browser remains logged in, it can trigger Ping notifications (or push notifications) to alert you.
• On-the-Fly Access: Later, you can log in from a different device (like your mobile phone) and retrieve logs or continue the conversation in real time.

Essentially, the “miniature server” approach means all the reliability of a 24/7 presence without renting or installing a dedicated server in the cloud. It’s more like a personal “cloud in your browser.”

Syncing and Logs

Local Logs and Identity Check

• Local Logs: When you enable “Enable Local Message Logs,” ephemeral messages are optionally stored in local storage or a local file on the home browser.
• Nickname Matching: Only a device logged in as the same user (i.e., same nickname) can retrieve or clear these logs. If you attempt to request logs from another random nickname, that action is prevented.
• Log Retrieval: From your mobile device, you can log in with your existing nickname, send a special ephemeral message with your passphrase, and the home browser will respond by sending you the stored logs.

Why Logs Matter

• Messages at a Glance: If someone tried contacting you while you were away, you’ll see exactly who reached out and what they said—since the home browser was always on guard.
• User Control: You decide if you want the ephemeral messages to remain ephemeral or if you want them captured in logs for convenience. You can also remotely “Clear*” them if you’d like to burn the record.

Security Features

Even though your browser acts like a mini-server, the design ensures end-to-end encryption so that the central platform you’re logged into (the website’s signaling server) never sees decrypted messages. Key aspects:

• Peer-to-Peer Channels: Once you connect to another user, the actual message transit is E2EE through WebRTC data channels, skipping any third-party data store.
• Top-of-the-Line Encryption:
  Standard ephemeral ECDH + ECDSA ensures each message is encrypted with a unique ephemeral key.
  Forward secrecy is preserved, so even if an attacker obtains your current keys, they cannot decrypt old or future messages.

W Ratchet Encryption

• Time-Based Ephemeral Key Rotation: Every 60 seconds, the session key automatically changes.
• Per-Message Ephemeral Derivations: Each message is individually encrypted using a fresh ephemeral key.
• Forward Secrecy and Post-Compromise Security: If a key is compromised at one moment, it quickly becomes obsolete. The attacker cannot use it to decode older or future messages, because keys rotate frequently and each message uses a unique ephemeral derivation.

Thus, “W Ratchet” effectively merges a time-based rotation (like a short-lifespan session) with the standard “message-based ratchet” approach. It’s an advanced scheme that’s more dynamic than typical end-to-end encryption protocols, ensuring additional layers of security.

Walkthrough: A Typical Usage Scenario

Home Browser Session

• You open https://communisp.com/, log in with your username (nickname) and password.
• You enable “Local Logs” if you want ephemeral messages stored.
• You leave this tab open (perhaps on your home PC).

Receiving Messages

• Someone (Peer B) tries to contact you by your nickname. The site matches your nickname to your currently active home browser session.
• Because your home browser is actively connected, it receives the inbound ephemeral messages in real time—fully encrypted.
• If “Ping on Recieved” is on, a Ping notification is sent to your remote/mobile device, indicating new ephemeral content.

You’re Away

• Your mobile phone is offline or your laptop is closed while you’re out.
• Meanwhile, your home browser continues to gather messages from different peers.

Access from Mobile

• Later, you open your phone and log in with the same nickname.
• You send a special ephemeral request message with your “secret passphrase.”
• The home browser verifies you share the same nickname. If so, it encrypts the logs and sends them back via ephemeral message. Now you can read a full record of who’s been chatting you.

Follow-Up Chat

• After reviewing the logs, you decide to connect directly to one of the peers from your mobile device’s WebRTC data channel.
• You can continue the conversation live, even if you decide to close your home browser.

Optionally Clear Logs

• If you want to keep ephemeral truly ephemeral, you can send a “Clear*” ephemeral message. This instructs the home browser to delete local logs.
• Because the system ties clearing privileges to the same username login, random strangers cannot nuke your logs.

Benefits & Highlights

• Self-Hosted, No Extra Setup: You don’t need a separate service or dedicated server. A browser tab on your PC is your “node,” storing and forwarding messages.
• Offline Resilience: Your phone can be offline, but your account remains “online” through the home browser. Peers see you as contactable.
• Security at All Layers: The W Ratchet approach ensures time-based ephemeral keys, so even if something is compromised, the damage is short-lived. Data never travels unencrypted. No central server can read your messages or your logs.
• Extremely Minimal Central Infrastructure: The official server only has to manage “who’s connected under which nickname?” (signaling) plus some login authentication. It doesn’t store messages or logs in a big database. All message content flows peer-to-peer.
• User Identity = Nickname: By linking ephemeral log control to the nickname, the system ensures only the legitimate user (with correct password/JWT token) can request logs or clear them.
• Time + Message Ratchet: Traditional ratchets rotate keys at the message level. W Ratchet ups the security by doing timed session resets plus ephemeral keys per message. This synergy makes it extremely difficult for an attacker to glean anything from partial key compromises.

Concluding Notes

• Browser-as-Server: This idea solves a big problem in P2P messaging—usually, your phone or device must be online to receive messages. By running your browser as a continuous presence, you effectively have a self-hosted message relay that’s trivially easy to set up.
• Ephemeral & Logs: The ephemeral approach means messages can vanish or not be kept, but you still have an option to store logs if that suits your workflow. With “Ping on Recieved,” you won’t miss time-sensitive messages.
• W Ratchet: Merging frequent time-based key rotation with ephemeral per-message keys elevates the entire app’s security. Even if an attacker obtains your key, it quickly expires.
• Forward Secrecy, Post-Compromise Security: The final result is a system that’s robust enough to handle both typical eavesdropping attempts and future key leaks, providing you with a level of assurance comparable to or exceeding many known secure messengers.

CommunisP’s self-hosted messaging structure from a browser represents a cutting-edge approach to bridging synchronous real-time chat, ephemeral cryptography, user-friendly self-hosting, and minimal server overhead. By simply logging in to the website, you become your own host, with the power to store, forward, or discard messages at will—all while benefiting from best-in-class end-to-end encryption.