Show HN: I built a website to share files and messages without any server

P2P Architecture and NAT Traversal

  • Tool is built on WebRTC (and PeerJS) with STUN servers for ICE candidate discovery and connection brokering.
  • TURN is explicitly not used; if NAT traversal fails, the app shows an error instead of relaying via a server.
  • Several commenters stress that some centralized infrastructure (STUN / signalling) is unavoidable for most NAT’d users.
  • There’s debate over whether “P2P without server” is accurate when STUN / signalling servers are still required.

Encryption and Security Model

  • WebRTC’s built‑in DTLS/SRTP encrypts transport; there is no additional, application‑layer file encryption.
  • Some commenters argue that transport‑level encryption alone is not “end‑to‑end encryption” in the strong sense, since the signalling layer can be a MiTM and app‑layer keys are not independently managed.
  • Suggestions are made to add client‑side crypto (e.g., WebCrypto‑based libraries) to achieve real E2E.

“No Server” Claim and Trust Model

  • Multiple comments challenge the marketing claim “without involvement of any server” and “bypassing centralized servers.”
  • Points raised:
    • The web app itself is served from a centralized host and could be modified at any time to exfiltrate data or weaken crypto.
    • Different users could be served different JS bundles, making auditing difficult.
    • Even if the author is trustworthy now, ownership or intent could change.

Web vs Native Security Discussion

  • Some argue web apps are safer due to sandboxing and strong browser dev tools.
  • Others counter that native apps benefit from code signing and more stable integrity guarantees, while web apps require renewed trust on every load and rely on a complex CA/hosting ecosystem.

Comparison to Existing Tools

  • Many similar WebRTC P2P file/message tools are cited: Pairdrop, Snapdrop, Sharedrop, FilePizza, Wormhole variants, Webwormhole, Sendfiles, etc.
  • Non‑WebRTC / non‑browser tools such as Syncthing, KDE Connect, Magic Wormhole, croc, woof, and FileBrowser are also mentioned as alternatives with varying UX and trust properties.
  • Several commenters question what meaningful differentiation this project offers.

Open Source and Adoption Concerns

  • Initial skepticism over closed source and the author’s other data‑accessing extensions leads to “red flag” comments.
  • The source code is eventually published on GitHub, but concerns remain about vague/weak encryption claims and the general trust model.