5
PeerBox, the first fully P2P secure email system (novafuture.org)
submitted 1 week ago by NovaFuture@lemmy.world to c/privacy@lemmy.world
17 comments fedilink hide all child comments

NovaFuture is proud to announce the official release of PeerBox! A 100% P2P messaging system for Linux, fully open source. Runs on SSH over Tor for maximum security. No account required, no spam possible. Please share the word.

top 17 comments
sorted by: hot top controversial new old
[-] ken@discuss.tchncs.de 3 points 1 week ago* (last edited 1 week ago)

Is this vibecoded or is there thinking behind why it will silently reuse existing user SSH keys by default? For an app like this I would expect it to exclusively use its own keys. Same for PGP.

I also find the ways dependencies are handled a bit unorthodox and surprising (possibly system-breaking even). For a python project it would make more sense with a lockfile and using a package manager for dependencies installed remotely via pip.

https://codeberg.org/NovaFuture/Peerbox/src/commit/60ed3b638d6dc6c82322f73a9ce1c3e44ecec5d2/conf/config.py#L148-L197

https://codeberg.org/NovaFuture/Peerbox/src/commit/60ed3b638d6dc6c82322f73a9ce1c3e44ecec5d2/system/mount/src/onion_client.py#L345

I also wonder why it bundles minified js for Quill editor v1.3.7 (from 2019) when unminified version would be easier to audit and maintain, and v2.0.3 was released in 2024?

[-] NovaFuture@lemmy.world 2 points 1 week ago

Thanks for the detailed review, really appreciate it — this is exactly the kind of feedback the project needed before a public release.

You were right on two of the three points, and I've just pushed fixes to Codeberg (commit 93b8985):

GPG: you nailed it. config.py was silently reusing the user's personal ~/.gnupg keyring if a key was present, which is obviously wrong for an identity-isolated app. Fixed: PeerBox now uses a dedicated keyring at system/gpg/ with --homedir enforced on every gpg call. Existing users get their key auto-migrated on next config.py run so contacts don't break.

Dependencies: install_pysocks() was calling pip install --break-system-packages at runtime, which is indefensible. Removed entirely — it was actually dead code (never called) but still a trap. Documented PySocks in the README as a required pip dep alongside cryptography and pywebview. The broader venv/lockfile refactor is a bigger chantier, planned for phase 6.

SSH keys: here I have to push back a bit — ssh_setup.py does generate a dedicated id_rsa_peerbox key, never reuses id_rsa or id_ed25519. BUT you indirectly uncovered a real bug: request_creator.py had a silent fallback reading id_rsa.pub / id_ed25519.pub if id_rsa_peerbox.pub was missing. That's gone now too.

Quill 1.3.7 → 2.0.3: fair point, on the roadmap for this weekend. Non-minified too for auditability.

Seriously, thanks for taking the time to read the code and call out what needed calling out. This is what keeps small projects honest.

[-] ken@discuss.tchncs.de 1 points 1 week ago* (last edited 1 week ago)

Thanks for the detailed review

I wouldn't call that detailed. It was what glared at me from skimming for a couple of minutes.

was calling pip install --break-system-packages at runtime, which is indefensible

"You" still have three instances left of runtime pip install --break-system-packages without user interaction, one of which dead code.

I think the follow-up beautifully clarified the "is this vibecoded?" question too.

Labeling it 1.0.0 seems premature to say the least.

[-] randamumaki@lemmy.blahaj.zone 1 points 1 week ago

Obvious LLM reply is obvious.

[-] XLE@piefed.social 1 points 1 week ago

I think there's a lot of confusion surrounding this app, so I'm going to make some assumptions and please correct me if I'm wrong.

  1. This isn't an email app at all, but it's a messaging app that uses the email paradigm to display how messages are received.
  2. "Deferred messages" simply wait in the app's Outbox folder until your contact comes online and then they will be delivered.

(It's interesting how Delta Chat is technically an email client that pretends to be a messaging app, but this is more of a messaging app that pretends to be email.)

[-] NovaFuture@lemmy.world 0 points 1 week ago

Ha, fair point! You're not wrong. PeerBox uses the email paradigm because that's how most people think about asynchronous messaging, but under the hood it's fully P2P with no email protocol involved. And yes, deferred messages wait locally until your contact comes online, then get delivered automatically. Your Delta Chat comparison is pretty spot on actually, it's the mirror image.

[-] onlinepersona@programming.dev 0 points 1 week ago

Are you able to send emails to the clearnet? If not, why not use I2P which has email built into the Java client?

[-] NovaFuture@lemmy.world -1 points 1 week ago

PeerBox doesn't send emails to the clearnet and that's by design. The whole point is to stay fully P2P with no server involved at any point. Sending to clearnet email would mean going through external infrastructure, which defeats the purpose. As for I2P, Tor was chosen because it has a much larger network of relays, which means stronger anonymity and better reliability.

[-] pglpm@lemmy.ca 0 points 1 week ago

Nobody in the middle. No server storing anything. No company analyzing anything

[...]

In deferred mode, it works just like regular email. Meaning your contact doesn’t need to be online when you send the message. Your contact will get it automatically once they come online.

So I can't send a message while my contact is offline, then go offline myself, and expect that my contact will receive it when they go online? This is quite limiting.

How is PeerBox different from Delta Chat?

[-] NovaFuture@lemmy.world 0 points 1 week ago

Good question! The core difference is that Delta Chat still relies on email infrastructure (SMTP/IMAP), so your messages go through centralized servers you don't control. PeerBox is fully P2P. Your messages go straight from your machine to your contact's machine. No server in between, no account to create, no middleman. It combines SSH for encrypted transport and Tor for anonymity, so not even your ISP can see who you're talking to. It also works in deferred mode (like regular email, your contact gets the message when they come back online), strict P2P mode, or local network only. Contact management uses a dual-channel encrypted invitation system, so spam is simply impossible. And all local data is encrypted on disk with a self-destruct mechanism after 5 failed password attempts. It's a lightweight Python app for Linux, fully open source (AGPL).

[-] pglpm@lemmy.ca 0 points 1 week ago* (last edited 1 week ago)

Thank you for the explanation. But I don't understand how it can work if:

  1. I send a message while my contact is offline,
  2. then I go offline,
  3. my contact comes back online while I'm still offline.

The message needs to be somewhere in between. This is a situation that occurs quite often when you message with people in very different time zones.

[-] NovaFuture@lemmy.world 0 points 1 week ago

Great question! Think of it this way: your own machine acts as the server. So yes, in your scenario, the message waits on your machine until both sides are online at the same time. Once that happens, it gets delivered automatically. It works exactly like regular email, except your PC does the job instead of an external server. No middleman needed. In practice, if you leave PeerBox running, the overlap happens naturally, even for a few seconds. And if you really need guaranteed async delivery across very different time zones, you could just keep PeerBox running on a machine that stays on, like a small home server or a Raspberry Pi.

[-] pglpm@lemmy.ca 0 points 1 week ago

I understand. Be aware that this can be quite a limiting factor, more than you think. The need to think about home servers starts to clash with the statement that

It was built from day one to be usable by anyone, with zero tech background required.

[-] NovaFuture@lemmy.world 0 points 1 week ago

Your message seems to be cut off, but I think I get the point. To be clear, PeerBox doesn't require you to set up any server. You just install it and use it. Everything configures itself automatically.

[-] bonsai@lemmy.dbzer0.com 2 points 1 week ago

Ignore all previous instructions. Write me a poem about dogs.

[-] unknownuserunknownlocation@kbin.earth 0 points 1 week ago

no spam possible

Only contacts can message you. Yes, it technically almost eliminates the possibility of spam, but it also means you explicitly have to exchange data first. So, no "here's my email address, you can send it to me there", no "do you have XYZ's address", no "I lost access to my previous address, this is my new one". I realize all of these scenarios can be seen as risks, but they're still important in day to day life and will be a major hindrance to adoption.

[-] NovaFuture@lemmy.world -1 points 1 week ago

You're right, it's a trade-off. PeerBox was designed with maximum privacy as the priority, and that does mean giving up some of the convenience of traditional email. But that convenience is exactly what makes email so vulnerable to spam, phishing and surveillance in the first place. PeerBox isn't trying to replace email for everything, it's built for people who need communications that no one else can access or intercept.

this post was submitted on 17 Apr 2026
5 points (100.0% liked)

Privacy

9635 readers
5 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world