There are many, many products to address this, like Mozilla's defunct Send, or the excellent but not self-hostable Wormhole.app. You will need to describe what is novel with Berb and why we should use it over other solutions, and no, using WebRTC is not sufficient.
My personal choice for this kind of situation is Wormhole-William, but it is not something my dad could use when he asks me to send the last year's worth of his granddaughter's photos to make a photobook of.
You make a good point there but all those solutions you mentioned store your file one way or another. Which also means your file is getting uploaded to some random server and you pretty much have no control over what happens after. With Berb that simply is not the case. WebRTC is a tool to achieve what I want and not the main selling point. It is simple - I don't want my files to be uploaded and I want the transfer to be instant (no download link later).
Beside the fact that this JUST got launched and can either be liked and used by many, or another dead product in a year, I have found myself using it multiple times so far. Like sending a large file to/from my work computer etc. If this is solving a problem for even a small number of people, that is great!
Wormhole.app and Magic Wormhole/Wormhole-William are all end to end encrypted by the client.
Are you familiar with Iroh's sendme?
I've used sendme a few times after coming across Iroh on Bluesky. It's honestly great. Just Works™, very fast, supports files and folders, resumable transfers, one sender to many receivers, and has fast relays as a fallback when a direct connection truly isn't possible, and it will actually tell you whether you have a direct connection or are using a relay (unlike others like Magic Wormhole or Croc from my experience).
This looks very interesting. I will def take a look. thx
Is there a website for sendme? Or is this a cli tool?
My understanding is that the signaling server could be used as the perfect place to perform MITM attack. The README does not mention how berb addresses this concern at all.
Oh I would love some more details if you think that's the case. With Berb only two clients can connect really. So let's say you somehow guess a peer ID, which is very tough, and connect to a random user. You can technically send a file but they can easily ignore it since they didn't initiate the transfer. That being said, I can definitely add a way to verify the file is legit like the suggestion in the reply with hashes.
Should users trust the signaling server? IIRC, the signaling server can easily intervene SDP offer/answer so that it can intercept user files or instruct users to send files wherever it wants.
Oh I see what you are saying. Yeah I guess if we didn't know what the signalling server was doing, that would be a valid argument. But in my case we can see the server code is pure and simple. Unless you mean there's a bug that allows an attacker to do that?
Either way, would love to know your thoughts on improving trust with this.
Do you have a proposal? (Showing file hashes could help, perhaps?)
Is it doing the ICE offer/answer exchange over websocket hosted on your server?
Im not a js programmer but index.js has the line: "Signaling server running on http://localhost:${PORT}" -- is that what you're talking about? I think you're talking about the initial connection right?
util.js also contains "copyToClipboard = (value) => {", not sure why that would be needed.
and googletagmanager for tracking error/diagnostics I think? its hard to understand this code without learning the language lol.
Also in privacy.html: "To initiate a peer-to-peer connection, Berb uses a temporary signaling server to exchange network metadata (such as IP addresses, session descriptions, and ICE candidates)."
Thx for the analysis! copyToClipboard is for copying the session link so it can be opened on your other device.
As for analytics, you are exactly right. I need to know if people are using the app the way it was intended and soon need to add more events for errors. Though perhaps it is something I can maintain on a separate repo? idk, the goal for me was to truly make everything on berb.app open source. no hiding anything
Yes, that's pretty much the only thing the server does. And maintain an in-memory state of connections. Room for improvement for sure.
Very cool. Do you mind adding license and contributing information to the project?
Thx for the suggestion. Just added a license but don't really have a good contributing guideline yet. Would love to discuss any feature requests/bugs if you open an issue.
A LICENSE file would be better, yes. But the package.json at least says it is ISC-licensed.
also check out localsend https://localsend.org/
This looks cool. However my goal with Berb is pretty much browser to browser only. Although if people keep asking for other features, I might consider a desktop/mobile app.
> No servers
Except an impressively large amount of people in the world are behind symmetrical or CGNAT and would require a TURN server.
Because of this, I've personally never gotten a single p2p/WebRTC site to work with another person.
You do have a valid point that TURN is sometimes needed but not ALWAYS right?
My understanding is that ICE tries to establish a direct p2p connection between clients and only if there is no path, it uses TURN?
In either case, the files definitely don't go through my servers and are not stored anywhere and are e2e encrypted which really matters the most.
Connecting browsers directly is a fascinting area to explore in web development. It always goes a little haywire when punching thru NAT and I wish there was more research into what the best methods are.
https://github.com/dmotz/trystero is a one tool I've used to build these kinds of apps.
Do you think the AT protocol could ever work for this? I wish we had one centeralized scriptable method that was popular to enable ubiquitous discovery.
atproto would be a great pull request for Trystero come to think of it