Record numbers of people have been in the market for a house this past year. Now working at home, I also bought a house, with an office. Finding one in this market was frenzied, but I spent as much time trying to figure out the best financing arrangement as picking the house.
Every mortgage calculator I could find couldn’t answer most relevant questions. Is it better to put more down or invest the money? When is buying points worth it? Do mortgages affect your taxes? Are VA fees justified? So I put together realratecalculator.com to quickly find out.
Oh and there’s a little chat box at the bottom. Lots of sites have chat. But this one runs a rust-compiled WASM binary that implements P-256 ECDH and ECDSA, and AES-GCM-SIV, generating an asymmetric keypair and saving it in your browser’s local storage for end-to-end encryption.
But you know that ProtonMail trouble? Even seeing metadata like IP addresses, who’s talking to who, is invasive and dangerous. So it uses a websocket with the server and negotiates WebRTC data connections with peers to create an onion-routing peer-to-peer metadata-hiding network.
Tor and I2P do this on a very large scale. But if you’re really paranoid, adversaries with extensive global surveillance might be able to track data in those kinds of systems being sent from one node and forwarded by others. So this uses scheduled & dummy or padded transmissions.
Inspired by Adam Langley’s pond, every few seconds it sends the exact same size encrypted data chunks to peers. Receiving or sending a message should have no impact on the metadata seen by a passive adversary.
Another big issue with secure chat apps is the fact that for those in greatest danger, like dissidents in oppressive regimes, even having one on your device is suspicious and may be enough to be persecuted. Visiting a mortgage calculator site though is far less suspicious.
This is all very alpha-quality proof of concept and not polished or reliable or audited or secure against many threat models, but it could be if refined enough. I hope it inspires people to embed censorship and metadata security everywhere. Let me know if you want the full code.