I wrote a few paragraphs but don't want to talk past you, that sounds fine for a secure channel, but are you going to warn users against using Skype for example? I mean, I don't know if someone has tried Google Docs with Skype, but I know I posted a GDoc link somewhere a while back only to have a bot pop into the doc. So, if the same happens with Skype, someone "joins" this shared resource... and you hit "Transmit"... who or what received it?
Of course, Skype's bot won't implement WebRTC.
They'll implement the proprietary blend that they told no one they were working on until everyone else was making serious progress with the implementation that everyone else collaborated on...
Yes, I'll make sure to tell users to share the link over a secure channel, or to verify each other's IDs. So, even if a bot does join, it ostensibly won't MITM the intended recipient when they say "my ID is ZXCV-BNMA", so you can still tell if the recipient is in.
Obviously it's not going to be secure against coordinated attacks by governments (which I will also make clear), but my intention is to have it be secure enough for 99% of people while being easy to use. It'll at least be more secure than Dropbox/Box/Skype/whatever, which aren't secure in the slightest.
Mega, for example, might be secure, but I haven't personally seen their implementation, don't trust them not to implement any backdoors, and don't trust them not to change it. I'm aiming to make mine as small as possible, so you can verify it at pretty much a glance.
Of course, Skype's bot won't implement WebRTC.
They'll implement the proprietary blend that they told no one they were working on until everyone else was making serious progress with the implementation that everyone else collaborated on...
http://html5labs.interoperabilitybridges.com/prototypes/cu-r... [hm, they've actually put some money where their proposal is, I'll have to check into this more]