Show HN: Exploiting Slack's video embeds to achieve E2EE communication
5 hours ago
- #Slack
- #Encryption
- #Web Technologies
- Explored Slack's video block, which lacks runtime checks beyond verifying URL accessibility.
- Created a Slack app for end-to-end encrypted messaging using browser crypto APIs and key pairs.
- Used TypeScript for fast iteration and discovered undocumented limitations of video blocks in ephemeral messages.
- Employed openpgpjs for cryptography, avoiding complex custom implementation.
- Stored minimal server data with slugs in KV database for client-side cryptographic operations.
- Implemented an encryption flow via Slack commands, private key decryption, and message encryption.
- Learned modern Node.js features, like native .env file support.
- Project is a hack not fully compliant with Slack's design but showcases potential for embedded apps.