echoplexus

Echoplexus is an anonymous, web-based, IRC-like chatting platform that makes its best effort to respect your privacy. It allows you to create public or private channels. You can secure a pseudonym for linkable anonymity, and secure it with PGP.

Most importantly, echoplexus is open source software. (GPLv3 and MIT) Feel free to check out the code on github! It's written in CoffeeScript (Backbone, jQuery) and node.js (socket.io) using redis.

Chat

No sign up – seriously. Start chatting anonymously by visiting a link. Make a new chat channel by sending a link.

Code

Stuck on a coding problem? Just want to share a text blob? Edit and evaluate code in real-time with everybody in the same channel.

Draw

You may have whiteboards in your office, but can you draw at the same position at the same time?

Call

Peer2Peer video and audio chat with friends and strangers! No plugins/installs, just a modern browser.

Chat

The most important part of echoplexus is the support for anonymity. Users hate sign-ups. Anonymity fosters freedom of speech. Linkable anonymity is also possible.

echoplexus will attempt to embed any image URLs directly into the Media bar on the right side. Similarly, it will attempt to parse YouTube URLs and embed an object. When the server encounters a URL, it can take a screenshot of the page in question along and attempt to provide a short excerpt to the user. To protect your privacy, media embedding is disabled for the client by default.

You can edit any message you've sent up to 2 hours ago, as long as you haven't lost your connection. This duration is configurable by server operators. You can do this by double clicking the message, or clicking the pencil icon that appears while hovering the message.

When you join a channel, you'll automatically sync some of the most recent chat history you may have missed while you were away. At any time, you can pull the chatlog history for that channel.

Currently Supported Commands:

  • /join [channel_name]

    Join a channel. All channel names begin with "/", even if not supplied

  • /leave

    Leaves the currently active channel

  • /topic [topic string]

    Set the topic of conversation for the channel (the message that sits visible at all times at the top)

  • /broadcast [a chat message]

    Send the message to every channels that you're connected to. Alias: `/bc`

  • /nick [your_nickname]

    Changes your name to whatever you desire. This preference is stored in a cookie on a per channel basis

  • /private [channel_password]

    Makes a channel private. Only those with the password may enter it.

  • /password [channel_password]

    Supply the password to a private channel after joining it. Incorrect attempts will notify everybody in the room.

  • /public

    Make the private channel a public channel.

  • /whisper [nickname]

    Send a private message that is visible to anybody with the nickname you've supplied. Aliases: `/w`, `/tell`, `/t`, `/pm`. *Pro-tip:* Press "ctrl+r" to quick-reply to the last person who has whispered you.

  • /pull [N]

    Sync the N latest chat messages that you've missed while you weren't connected to the channel. Currently, maximum is set to 100 for UI responsiveness until a more efficient rendering method is added.

  • [partial nickname]+<TABKEY>

    Autocompletes (based on L-Distance) to the name of somebody in the channel

  • @[nickname]

    Gets the attention of the user in question

  • /color [#FFFFFF]

    Supply a 6-digit hex code with or without the `#`, and change your nickname's color

  • /edit #[integer] [new body text]

    Changes the body text of a specific message to something else. Useful for correcting typos and censoring yourself. You can also double click on a chat message to edit inline-- press enter to confirm, escape or click elsewhere to cancel.

  • >>[integer]

    Quotes a specific chat message. Clicking the Reply icon on the chat message will automatically add this for you.

  • /chown [password]

    Become the channel owner. This gives you all permissions in the channel and allows you to /chmod

  • /chmod [(+|-)permissionName] [optional username]

    This allows you to selectively toggle on/off certain permissions for the particular channel or user. User permissions are checked first, and if not set, then channel permissions are checked. If a username is not supplied, then the permission is specified at the channel level.

  • /github track [github repo URL]

    This generates a URL that you can add to your repo's postreceive hooks on Github.

  • /roll [1d20|2d30|5d6|XdY]

    RPG players will enjoy this command, allowing you to command the server to roll a set of dice of certain multiples. Each roll is displayed then added together. Trying to roll an invalid dice format will default to a d20. Aliases: `/r`

  • /destroy

    If you are the channel owner, you can delete the entire chatlog history for the channel in question. There is no recovery!

Permissions

The currently implemented list of permissions (and their defaults) includes:

  • canSetTopic: null
  • canMakePrivate: null
  • canMakePublic: null
  • canSpeak: true
  • canPullLogs: true
  • canUploadFile: null
  • canSetGithubPostReceiveHooks: null

Example: `/chmod -canSpeak`: now everyone in the channel can't speak unless you do `/chmod [username] +canSpeak` to selectively enable it for a specific user.

Server-hosted file upload

You can upload a file by dragging it onto the "Media & Links" panel. From there, you'll have the option of confirming the upload, as well as an image preview.

For server operators, this must be enabled in config.coffee (see config.sample.js ). You have the option of setting a max file size limit. Further, it must be enabled on a per-channel basis by the channel operator. If there is not yet a channel operator, you will need to use /chown [operator password] to become it.

This feature is enabled on chat.echoplex.us, but channel owners must toggle it on.

A bridge to IRC networks

To use IRC via echoplexus, join a new channel name like irc:chat.freenode.net#math

Many people that use group-chat based messengers will be familiar to IRC. Some may not wish to have to start up 2 clients to use IRC and echoplexus. As of 0.2.6, you can now connect to an IRC channel using echoplexus as your middleman. For some, this might be a preferable way to connect to an IRC network, obfuscating your IP.

  • Echoplexus operators can theoretically see all messages to/from any IRC network, so keep that in mind!
  • Each room you join in a specific network is actually a new connection established by echoplexus. As such, IRC will require you to use a different nickname since it will consider your 2+ rooms different people connecting. This is a known limitation in echoplexus at the moment. If enough people use the IRC feature regularly enough, we may be able to multiplex a single IRC connection.
  • Some features, like PGP and encryption, may not work properly when used through IRC

Security focused

Security is at the forefront of the design of echoplexus. We don't require any kind of identification to use echoplexus on the chat.echoplex.us server. We strive to make sure our server configuration is the most secure, and provide a solid nginx SSL configuration for potential echoplexus server operators.

On echoplex.us, your data is not shared with anyone. No analytics, no cookies tracking your visits, no scripts parsing the server logs to see how often you visit.

Images are not embedded by default. User linked images can be embedded, but in some cases, you may not want to. Embedding a 3rd party image implies downloading it from said server, which risks exposing information about you to that host. A malicious user could find out your IP by linking the channel a picture that resides on his servers.

Private channels and channel ownership

You'll notice the padlock icon above the chat input area. When you click this button, you'll have the option of providing a shared secret (you should negotiate this through a secure side channel, not on echoplexus ). Once supplied, the button will change to Encrypted. Encryption is performed with the Crypto-JS library (256-bit AES).

Furthermore, you can use PGP signatures and/or PGP encryption. You can layer your PGP encrypted messages with shared secret encryption.

Things that are not encrypted with this shared secret:

  • Draw (infeasible, stream of data, low impact)
  • Code (infeasible, stream of data, higher impact)
  • Call (secure transmission is baked into WebRTC)

Specific things that will not while encrypted:

  • Permissions set on a specific user (since the server doesn't know their nickname)
  • PhantomJS webshot previews (since the server can't read the body text to screenshot the URL)
  • Any other commands that rely on server knowing the body contents of a message

Encryption

You can make a channel private to only those who know a shared password via the /private command. To do that, you must become the channel owner with the /chown command.

Your private channel and channel owner passwords are first salted with 256 random bytes from node's crypto.randomBytes. Then, they are run through 4096 iterations of crypto.pbkdf2 with a key length of 256 bytes before the is stored in Redis. In your deployment, these measures can be considered meaningless if you do not use HTTPS.

Linkable identity via PGP

PGP integration is baked right into echoplexus. This means that you can sign and encrypt your messages with public-key infrastructure. For more information on exactly what this entails, see this blog post describing what PGP is and roughly how it works.

Users with PGP enabled will be shown in the userlist with a key beside their name. Clicking this key icon will cycle that public key's trust level between "Untrusted" (red), "Neutral" (orange), and "Trusted" (green).

When users sign or encrypt their messages, you can check the status of those operations with icons displayed to the left of their username in the chat channel. If a user usually signs his messages, and you trust that key, and the verification is successful, then you will see a green checkmark.

If he's using a different key that you don't trust, then you will see an orange checkmark. If his signature doesn't check out (a potential sign of an impersonator), then you will see a red X.

This way, anonymity/pseudonymity can coexist with strong identity guarantees! You may not know exactly who your chat participant is, but you can verify that he is the same person that he was yesterday (if he's signing his messages).

Embeddable

Use echoplexus as a widget on your site. e.g.,
<iframe src="https://embed.echoplex.us/embed.html?channel=/echoplexus-news frameborder="0"></iframe>

Code

Currently, interactive and collaborative HTML & JavaScript is supported. A sandboxed iframe is used to protect the contents of your browser, but just to be completely safe, no code is evaluated without your consent. A LiveReload checkbox allows you to re-evaluate as you or someone else types. The "Re-initialize Iframe" button resets & wipes the iframe back to its initial state (useful should it get messed up).

The iframe has access to jQuery and underscore.js for user convenience. More libraries may be exposed in the future.

We hope to support Ruby and Python next, in the near term. Other languages will come based on support or – your contribution!

Draw

Right now, the Draw capabilities are fairly basic; just enough to facilitate sharing a persistent whiteboard with the people you're chatting with. I do not think that there is a need to completely re-invent the wheel (and end up re-implementing Photoshop/Illustrator here).

Call

Make a secure Peer2Peer audio & video call with everyone in the same channel as you, using WebRTC.

You'll want to use Chrome Canary/Beta or Firefox Aurora/Beta, which, at the time of writing, have experimental WebRTC support.

Motivation

  • Client-side encryption
  • Supports anonymity
  • Respects your privacy
  • No set-up
  • No sign-up
  • Rich media in chat (images, youtube, website previews)
  • You can own your own data
  • Group chat by default
  • Private messaging
  • Code in real-time, together
  • Chat while you code
  • Draw together
  • Open-source, extend it!

Echoplexus works well for teams that want to enable rich, secure, and truly privacy respecting chat. Since it's OSS and fairly easy to install, you can have your own private communication infrastructure without needing to rely on cloud services. There's peace of mind in that. We've found it's also great for groups of friends who care about their data (and who may or may not be looking at it).

Many teams might use a pay-to-use web-based communication platform. There are many out there, and we've derived some inspiration from them in our development. Echoplexus bridges that gap with open source software.

Others use IRC. However, it's somewhat time consuming to set up a server, many people don't really want to set up a client, and they certainly don't want to configure servers and ports in their client. In the end, most of the users are stuck with a text-only interface (no rich media). Your IP is also visible to others unless you go through measures to hide it.

Other services (like Google Talk / Hangouts) are OK, but by default they are 1v1 chat, a closed client platform, and cloud-based.

Almost all of the alternatives require you to specifiy some kind of name before you start chatting. Worse, register with an e-mail address. I always thought the biggest barrier was requiring the user to perform actions he doesn't care about completing -- he's got many other things to do! Anonymity can be conducive to great conversations.

Future goals

  • Distributed network of many echoplexus servers
  • Peer2Peer file transfer via WebRTC
  • Peer2Peer chat, boostrapped by Echoplexus (to facilitate off-the-record communication)
  • Increased selection of languages for the real-time collaborative REPL

Be sure to check out the planned enhancements

What's new?

Please take a look at the CHANGELOG hosted on Github for detailed information on what's changed between releases.

Generally, you will want to download and use the newest release, tagged here

Installation

Please see the instructions on github.