lockbitchat
1.9 KiB
1.9 KiB
Configuration Guide
Requirements
- modern browser with WebRTC and Web Crypto support
- Node.js 18+ for local development
- TURN service only when relay-only privacy mode is required
Local setup
npm install
npm run build
npm run serve
ICE server configuration
SecureBit.chat keeps existing STUN support for ordinary WebRTC connectivity. Deployments that require relay-only privacy must provide their own TURN service credentials through deployment configuration; public TURN credentials are intentionally not bundled.
Privacy modes
| Mode | Behavior | IP privacy |
|---|---|---|
| default | standard WebRTC candidate gathering | direct candidates may expose IP addresses |
| relay-only | iceTransportPolicy: "relay" |
requires TURN and avoids direct peer candidates when configured correctly |
Operational rules
- STUN is not a privacy substitute for TURN.
- Relay-only mode without TURN cannot establish a working relay connection.
- The UI warns users when TURN is missing.
- Validate TURN deployment with browser WebRTC diagnostics before production rollout.
Verification flow
Protocol 4.1 requires interactive SAS verification:
- both peers derive the same SAS from shared session material
- users compare the code out of band
- each user enters the matching code manually
- the chat unlocks only after both confirmations succeed
Three failed local attempts disconnect the session.
File-transfer policy
Incoming file requests are validated before the consent prompt and require explicit user approval.
Allowed categories:
- common raster images
- plain text
- ZIP archives
Blocked examples:
.exe,.bat,.cmd,.sh,.js.msi,.dmg,.app,.jar,.scr.ps1,.vbs,.html,.svg
Both MIME type and extension must be acceptable. Missing or unknown MIME types are treated as unsafe unless explicitly covered by policy.