You just clicked....?

Pushing these buttons is not for the faint of heart.

  • PANIC will crush your D3CK into uselessness. Good if people are hammering at your door wanting its data or keys. UI will no longer work. Don't worry, it isn't implemented yet.
  • Stop server stops the D3CK server dead. UI will no longer work until restarted!
  • Restart server does just that - the D3CK server restarts. UI will no longer work until it finishes restarting.
  • Stop VPN client kills any VPN clients


Enough about you, what about me?

Details about your D3CK and possibly you, if you wish.

Eventually you'll be able to edit your details; picture, name, etc., etc.

Aspect Information
WebRTC is web technology used for video and audio when connected to another d3ck
Feature Support? Feature Support?

Who trusts your D3CK?

Who does your d3ck allow to do...?

"*" means not implemented yet

Owner VPN WebRTC (Video, etc) File Transfer Instant Messaging Friend Request * SIP * Cmd Execution * Geo Translocation


This is where you can create, choose, and see who you allow to come/go to/from your D3CK. Would you like to export:

Other D3CKs may use the import feature (TBD :)) to import your D3CK's salient data.

Copy and paste the below and send it to a friendly D3CK owner.

This is essentially the same data what D3CKs share when you add them in the UI by IP address.

Other normal computers (e.g. non-D3CKs) who can run OpenVPN will be able to use the below OVPN profile to connect to your D3CK as an OpenVPN client.

They must be able to connect to your D3CK server from wherever they are coming from; in addition only the "just make it work" security setting allows OpenVPN connectivity from non-D3CKs by default (higher security levels use a firewall to block the VPN port until they a trusted D3CK is trying to connect.)

Finally if your D3CK changes its IP address you'll need to either generate a new profile or manually change the IP address in the client.

You will also be able to stamp out D3CK slaves, Laptop/generic computer/iOS/Android VPN certificates so they can access the D3CK.

Finally there will be a set of capabilities; you'll be able to assign them for everyone or for specific individuals/computers. Such capabilities might give remote d3cks the ability to:

  • incoming voice/SIP
  • incoming Video/Sound
  • incoming Drag-n-Drop files
  • remote systems to surf as if they were at your D3CK's physical location
  • arbitrary network connections from your D3CK
  • execute commands on your D3CK
  • masquerade as your D3CK - essentially act on your D3CK's behalf. If Dan really trusts Charles, Charles may initiate actions as though Dan's D3CK was doing them. This could cause long chains of traffic/activity being passed along, from D3CK A -> B -> C ... -> N. Each D3CK has to trust the D3CK attempting to pass through it.

iptable output

To the skilled eye this shows what ports are open/closed/etc by your firewall. Good luck trying to figure it out, iptables isn't for the faint of heart.... perhaps someday a reasonable output showing. The filter table is the default table.

Your d3ck's client data

This is data and certs from remote d3cks; your d3ck uses them to to authenticate and get authorized to do various things.
Aspect Information

What's in the vault?


Add to your own (someday encrypted!) file vault

Possible entries here include notices of missed calls, files that have been dropped off, rejected calls, typed missives, etc., etc.

For now simply a log of events... calls coming/going, plus additions/deletions of D3CKs.

browser changes have broken this... will get back to it, but mostly ignore for now... if my day job allows, I've redesigned and simplified the concept to 10% of its size.

Welcome to the home of the d3ck.

The d3ck is my attempt at making a confidential (e.g. encrypted) pure p2p communication tool.

The problem, as I see it:

If you and I wanted to have a private voice or Skype-like conversation, share data, instant message, etc - it's pretty rough unless we involve a 3rd party or use PGP (which is even rougher, god, what a user experience!) Lately we haven't had much luck with those 3rd parties keeping our data and activities confidential, hence this effort.

Basic features/capabilities

  • Tiny Appliance that runs on can sit on a Raspberry Pi (a small $20+ computer), a virtual machine (VMware/Amazon's EC2/etc.), etc.
  • P2P communication - no central server
  • Fairly easy to use... at least it beats PGP in usability... yeah, high bar, I know.
  • UI allows voice/video, drag-n-drop file transfer, etc. with another d3ck user
  • If you share a d3ck with another, gives near-trivial to use video
  • Web interface works on modern browsers - including recent android phones (uses WebRTC). Older/broken browsers will still connect, just not support nifty video/etc.
  • Strong encryption
  • Under the hood: Linux, OpenVPN, OpenSSL, Node.js, and more
  • Easily generate OpenVPN keys (at long last I can run VPN on laptops and ipad w/o having to figure out how to use it, what a concept.)
  • Open source
The d3ck is collection of software I've written that allows you to communicate (voice, video, IM, file transfers, etc.) with confidentiality (e.g. it uses encryption) to someone else who has the same software (or uses yours.) It's sort of a clumsy cryptohammer, and can be used for all sorts of things.
    This site is basically the d3ck UI, minus all personalized bits... you can see some of it in action by checking out the webRTC based video sharing (instructions on that), but there is more.... If nothing else, it could help with this eternal problem:


    Courtesy of XKCD; Randall, thanks for all the fish!


    It's browser based, so in theory can be used from almost any computer with a modern browser (you simply point your browser at your d3ck.)
      The d3ck itself on linux; it can sit on a Raspberry Pi (a small $20+ computer), a virtual machine inside VMware or Amazon's EC2, or your random basic linux system.
        While it's fairly simple to use (really!), this is the first release and it has pressing issues that would preclude it from being used in life-or-death situations. I've a long list of issues, overdue enhancements/features, etc. at [TODO](/dox/


        I've started on what are some hopefully clear instructions to get it up and running.

        First Use

        Post install, first Use - a quick document here shows how to use the tool.

        UI and Examples

        The web based interface is somewhat demonstrated on this site... you can find quick instructions on github.),


        There's a description on data flow and server architecture on github as well.),


        Note: the d3ck is meant to provide CONFIDENTIALITY, not ANONYMITY! That is, someone (NSA, China, whomever) might see you talking, and possibly to whom, but the goal is to make it difficult for them to glean what was said (unless they're standing behind you listening, have bugged your computer, etc, etc....)
          The d3ck uses client-side certs and OpenVPN primarily for its communications.


          So much. Next to do - automatic port blocking (code written, but not tested), encrypted at-rest (e.g. on the disk) file storage (actually very simple on a Raspberry Pi, I simply haven't gotten to it,), a self-destruct button (vaporizes keys, bye-bye data), and final Linux security lockdown on d3ck distro.
            Redo UI listing of remote d3cks... grumble... have to get it out the door... must not continue to tinker.
              Port forwarding - code works, just isn't hooked up to UI.
                Putting an ICE/STUN server on a d3ck will happen, just a pain to do ('cuz the arch, not the install....)
                  I actually started with SIP (a telephone protocol) and had that working, but that's been put on the backburner.
                    I've also used this as a mail server that can mail to other d3cks using a standard mail server and IMAP; pretty nifty to send email with zero special software that's encrypted and authenticated to other d3ck users. This works, but is sitting in piles of code in my vast TBD folder.
                      Multiuser d3cks are something I dismissed early on, but given it's so easy to do video on a single d3ck, I may well revisit this... pondering. Ditto with many users on the same video.

                      Really Big Issues

                      No one has really used it seriously other than me. That should say something.
                        It needs an examination of the architecture. Some parts are good, some not so. This is not a production release.
                          It's been rewritten and revamped so many times that there is code and stuff in it that don't make sense anymore. Presumably this will change over time.
                            Incoming network traffic/ports should be automatically blocke, and they aren't (TBD!) DO NOT RUN THIS NAKED ON THE INTERNET or you'll be pretty darn sorry, I'd think. For now, ensure that it's either behind a firewall or you've locked down the ports manually.
                              In the same vein, if your d3ck is talking to someone else's d3ck, it's probably vulnerable to the other until I (or you!) put in place some firewall rules on the VPN interface (easy to do, just so many things.....)
                                It's meant for 1-to-1 communication. It was only at the last minute that I realized how to do 1-N, but you're stuck with artificial limitations for now.
                                  I said pure P2P - I lied. For webRTC I currently leverage the STUN/ICE server @ That'll change - it's not difficult to toss a server on the d3ck, but because of my architecture it's actually a bit tricky to make all the traffic flow through one's d3ck. Feel free to drop me a line if you're a l33t SDP haxx0r. Everything else is P2P except DNS, if you use it.

                                  Usage Requirements

                                  You need to be fairly techie at this stage - not to use it (that's actually pretty simple), but to install it.
                                    You'll need a linux box - a cheap raspberry pi works fine, as does VMware, Amazon's EC2, etc. It works in multiple linuxes, but ubuntu is probably the safest bet (if the distro doesn't have the "services" command it'll be a bit painful, but I've gotten it working even then.)
                                      You will probably need your own network (not sure who doesn't these days, but...) and be able to open a network port to the inside.
                                        Patience. The stuff will work some and break some.
                                          Time to write or talk to me and tell me what (a) went wrong, (b) went right (if anything!), and (c) how you think it could be improved upon.
                                          On the Qualys SSL report a d3ck gets an A - "if trust issues are ignored." If trust issues are ignored: A

                                          (The "A" is in the fine print under the T.) Other crypto issues are around using SHA-1 instead of SHA2 (known problem, but hey, SHA1 was cool when I started this :)) and some other various issues that still need to get fixed.


                                          The raspberry pi A+ is really small....