proposals VS OpenWifiPass

Compare proposals vs OpenWifiPass and see what are their differences.

proposals

A home for well-formed proposed incubations for the web platform. All proposals welcome. (by WICG)

OpenWifiPass

An open source implementation of Apple's Wi-Fi Password Sharing protocol in Python. (by seemoo-lab)
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
proposals OpenWifiPass
19 6
196 787
4.6% 0.0%
0.0 0.0
about 2 years ago almost 3 years ago
Python
GNU General Public License v3.0 or later GNU General Public License v3.0 only
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

proposals

Posts with mentions or reviews of proposals. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-06-10.
  • Argon2id hash “costs”
    2 projects | /r/Bitwarden | 10 Jun 2023
    Ideally, Argon2, like PBKDF2 would just get added to SubtleCrypto (GitHub issue here), which would allow to forgo WebAssembly entirely.
  • Argon2 is live
    4 projects | /r/Bitwarden | 14 Feb 2023
    Yeah, looking forward to switching it out if/when argon2 enters webcrypto.
  • What's new in Safari and WebKit (WWDC 2022)
    5 projects | news.ycombinator.com | 7 Jun 2022
    > The problem is that people look at the Apple / Google duopoly and say "look we have competition! How can you compare this to Microsoft in the 90s!?"

    Strong agreement. There's also a flacid, weak, shitty, useless anti-trust system, which was stripped of power by Borkism in the Reagan era. My generation has literally never seen effective anti-trust. Not once has a case been made against exploitative, anti-competitive practices that really has resonated in America, in decades, and it's not for lack of shitty, no good villians. It's because of Borkism[1][2], because of redefinition of what anti-trust meant under Reagan.

    > The sheer amount of anticompetitive behavior both these companies have done over the years is insane when you put in prospective what Microsoft went to court over.

    That Microsoft faced so much shit for such a relatively small act is amazing. What Apple does is absurd to me, that there's seemingly no legal challenge to their dominion-without-question of 30% of the web. I've looked at quite a number of anti-trust complaints against Google, and frankly, I owe it to myself/all to go re-review.

    Google like Apple has suits against them for the 30% cut they charge at their store, which is both valid & respectable but also- on Android- easily avoidable & the open-source OS itself (& it's releases) actively supports alternative delivery platforms such as F-Droid and sideloading: Google actively supports competition. But we're seeing a lot of apps drop in-app sales, and I think that's a telling & real response: 30% is absurd. There's a number of suits against ads, and search. To be honest, none of these have left a distinct impression, have really clicked for me. I am fully able to believe there may be some serious fuckery here-abouts. There's a suit about Google Assistant systems being unable to also support alternative systems like Alexa: as a fan of general-purpose computing & competitive competition, I think this is absolutely a place that there should be straightforward & clear mandates for all companys, Google included, to be compelled to allow interopation: restricting people making devices to have to pick one and only one partner is basically a reasonable battle against Qualcomm-ism[3], against coersion, is a move to enable basic device-maker and consumer choice.

    Against all of this backdrop though, one critical thing I think most of the world really has no sense of is that Google is somewhat alive under a weird patronage model. Their cash cows feel serve as patrons to the artists, and the artists are there just to make the ecosystem healthy & alive. The cash registers ring because of a semi-open market, because the web is a pretty damned good place to connect, host shit, do shit; better than AOL, better than Microsoft Windows, better than apps.

    Trying to stack the deck laterally, to make the web be Google's web, or Android be Google's Android: they are extremely liable to kill the cash cow. These need to be healthy, independent, functional systems, that are getting better & remaining at the very forefront of competition against all others. This health is absolutely the pinnacle concern, is existentially important. Android or the web could readily collapse if things go poorly, if corruption takes root, if whiffs of real genuine misdealings gets into the air. And frankly, the problem solves itself internally. Google historically & famously has been an engineering lead organization. They have a long history of employing very good, public figures who care about the web, who know about the web, who have wanted to make the web better, who seem motivated by strong intrinsic desires. These people sit on standards boards, they help align Chrome. These people don't take shit from traditional corporate lackies trying to make some fast bucks by dodgy inter-dealings.

    Again, given Google's strong first & second party relationships (search and ads), no matter what happens with browsers, webtech (& to a lesser degree Android), Google will have an incomparable vast & mighty perch to understand & analyze & model the web from, and not unfairly, not by cheating, not by underhandedness. The objective is to keep the shared, common, competitive platform alive, shared, & competitive. By doing good engineering. By making development better & easier & giving them better superpowers. By not hazarding gross breakage that would sabotage public belief/faith. This isn't a super complex system. It's nicely isolated parts, which each do their own thing: make better systems, use free-market search & ads to be top of the game (to make $ & to keep funding/patronizing the essential ecosystem).

    > Many of us saw projects like Firefox grow in the 2000s, giving hope that open source and standards would win out in the end. But we dwindled, lulled by the sweet promises of Chrome and their open core.

    True true. Will has been lost. Chromium is remarkably accessible, there are remarkably good hooks still in place to go build our own sync systems or what not. Few have chased up, have tried to really amplify & enhance Chromium into an open browser. That's unfortunate.

    In general I'd say the real frontier for advancement is on https://wicg.io . This has been a very compelling case for how the web really needed to advance all along. An extremely low barrier to entry to start proposing ideas, where other standards folks & standards-adjacent folk can chime in & help steer, help sheppard young web ideas into desireable, promising standards that stand a fair chance of being adopted.

    I definitely wish there were more alternatives out there, more efforts. I have hope we'll see some new arisals show up. But at the same time, I don't see Chrome as bad or scary or problematic. There's very few cases people have made against it that seem, well, real. Emotion & fear & doubt run rampant. Even when the team makes decisions I truly detest (e.g. squandering awesome HTTP Push potential then abandoning the capability) I generally understand & can see where folks are coming from. We're not accelerating to where I'd wish to go, but it's incredibly rare that I see Chrome/Chromium as going in actively bad directions, building "bad" web platform. Very few have made a case that I can really see or grasp, that's worth agreeing or disagreeing with about Chrome or Android, about how Google invests & shapes these forwards. I continue to see this more as a patronage system, as investment in the necessary & worthy ecosystem, that supports the existence of a separate, more corporate entity. And I don't see the anti-competitive practices taking root in this web or android space, generally.

    [1] https://pluralistic.net/2021/02/06/calera/#fuck-bork

    [2] https://pluralistic.net/2022/05/09/rest-in-piss-robert-bork/...

    [3] https://news.ycombinator.com/item?id=31628094

  • Ask HN: Why aren't there any real alternatives to Electron?
    11 projects | news.ycombinator.com | 26 Mar 2022
    > This means that software development is a failing discipline. All we can do is to come up with ever more ridiculous layers of complexity on top of mindboggling complexity, recursively. All of this is totally self-inflicted. The problem domains that our software needs to deal with are complex enough. But we keep piling on shit of our own making.

    Awwhhh why so glum? This sounds so alarmist, so fraught & bleak!

    I don't see anyone as having a bead yet on what the final destination is, on what is right or perfect. I see change & innovation & exploration as necessary, ongoing, and this layering of platforms atop each other is part of that larger bigger quest for us all to learn what serves ourselves well, to figure out how we align.

    Overall these Adapter layers are quite performant, quite fast, and they isolate rather than leak complexity quite effectively. Electron's doesn't have to invent a ton of stuff to create this pleasant, familiar environment for developers or users- the operating system is simply not that relevant, is easily adapted, by a pretty boring regular programming language (Node.JS) and the world's most popular multimedia page/resource system (the browser).

    Right now, yes, we have the web platform as a layer above native in many cases, but I'm not sure that that is so alarming. Maybe it's transitional? The early smartphones were both enormously web first, decided to use something great rather than reinvent: the Palm Pre and original iPhone (which was webapps only). In modern times, there's ChromeOS, and Palm's webOS continues under new stewartship, mainly on TVs. If the complaint is layers of complexity, maybe we just need to get rid of proprietary & legacy platforms, & embrace the common, shared medium that all computing has. Or find new unifying better platforms!

    In general, I see these new platforms as being extremely liberating, as helping reduce the complexity developers have to mess with, by offering a set of well-defined standards & well known constraints & behaviors. Rather than a complicated, particular OS tied to some specific devices, with it's own quirks, with ever evolving platform capabilities & changing toolchain

    > If this is what software development has become, then there's no way it won't end in total and utter disaster when people start to recognize the already all too common piss poor products that barely manage to do the absolute minimum and rebel against them. It may not be marketing department of the Sirius Cybernetic Corporation who'll be lined up against the wall first, but software developers when the revolution comes.

    Again I think moderation is good council here, but I also agree in principle that there is some awareness software can be a bit of a disaster, and it's visible that sometimes updates & "improvements" serve external interests not the users.

    Where I differ is I see Electron as a fairly hopeful, possible open future for computing, that does embrace users, more so than most software. Most software is not malleable, not adaptable. Electron, on the other hand, offers the very slick, open ended DevTools Protocol for most every app, which allows users control & automation & expansion of software. We can write some userscript & change the behavior of webplatform & electron systems, which is hugely powerful, is a far fairer shake & far more liberty than most computing platforms, where apps are usually compiled down, fixed in form & nature.

    This second paragraph really brings me back to where we started: I don't think we have a bead yet, as a larger world. It feels like there's so much discovery, so much understanding to develop. What makes me hopeful is groups like https://wicg.io , which try to understand & consider how we might do better, which work to build open standards for the internet, for our shared multimedia platform, as a community, securely. There's so much further for all computing to go, so much we need to do to better serve users. I don't see anyone has having a strong lock on that, it feels like there's more to learn & become than there is that we've locked down, by far, so I am hopeful & excited & happy to see us staying malleable, working to unblock innovation at all levels, in all computing. Electron is a great & positive force here, albiet I look forward to other projects listed in the comments such as Tau providing similar-ideas with slightly-different execution.

  • Start Self Hosting
    30 projects | news.ycombinator.com | 23 Mar 2022
    The problem is certificates and WAN access, and lack of MDNS on Android. There's basically no way to do anything that doesn't involve some manual setup, aside from developing a new purpose built app, and maintaining it in addition to the product, probably on two platforms.

    If Mozilla still had FlyWeb things could be plug and play.

    I have a set of proposals here to bring some of that back: https://github.com/WICG/proposals/issues/43

    And some are considering the Tox protocol, but in general, we have not solved the most basic issue of self hosting. How do I connect to my device in a way that just works, LAN or WAN, without manually serting up the client or registering for a service?

  • Ask HN: Is it time for a home network TLD with TLS?
    2 projects | news.ycombinator.com | 19 Jan 2022
    Yes, it is 100% time fot that.

    Mozilla FlyWeb was close, but didn't handle remote access. It could have been extended to, but they dropped it.

    I wrote a proposal here for how this could be done with Bluetooth-like pairing, using URLs that embed a certificate hash, a random sequence as an extra security layer, and a lookup URL that one can ask where to find the host for a service, for access over the WAN.

    By using a URL instead of normal non-HTTP DNS, the lookup URL can be another web service self hosted using the same TLD, or a Data URI if one is hosting from a static IP.

    No part of the URL besides the key is used to determine the origin for CORS and local storage, so you can change discovery methods and the random string freely.

    Initial connection is by directly sending a link, or by LAN discovery.

    Unless discovery is enabled and you are on the same network, it should be impossible to connect without already knowing the URL, so even if your home automation hub is very badly coded, they can't even start hacking it till they find your URL, which can't be found just by sniffing(Because of that random string).

    Clients track the "last seen" address of servers, so even if lookup goes down, access still works until your home IP changes.

    When nodes connect over LAN, the server sends it's "Find me on the WAN at" IP. So even with no discovery server at all and no static IP, it creates a very convincing illusion of "just working" 99% of the time.

    Which means that if you buy a device that uses a cloud lookup service, and they drop that service, your device will still be remote accessible, most of the time. Which might be good enough, or at least good enough to get by until you can find a more permanent solution.

    Proposal:

    https://github.com/WICG/proposals/issues/43

    And a partial implementation of a very close version(Lookups always use OpenDHT in this), plus a notetaking app based on it.

    https://github.com/EternityForest/hardlinep2p

    I really think this is one of those critical missing technologies that would really enable a lot of amazing things.

  • Web3 Can’t Fix the Internet
    3 projects | /r/programming | 11 Jan 2022
  • Should you use Let's Encrypt for internal hostnames?
    8 projects | news.ycombinator.com | 5 Jan 2022
    I just finished writing a long proposal: https://github.com/WICG/proposals/issues/43

    PKI is fairly awful and bad for internal anything, unless you have a full IT team and infrastructure.

    A much simpler solution would be URLs with embedded public keys, with an optional discover and pair mechanism.

    Browsers already have managed profiles. Just set them up with a trusted set of "paired" servers and labels, push the configs with ansible(It's just like an old school hosts file!), and don't let them pair with anything new.

    If you have a small company of people you trust(probably a bad plan!), or are a home user, just use discovery. No more downloading an app to set up a smart device.

    The protocol as I sketched it out(and actually prototyped a version of) provides some extra layers of security, you can't connect unless you already know the URL, or discovery is on and you see it on the same LAN.

    We could finally stop talking to our routers and printers via plaintext on the LAN and encrypt everywhere.

    We already use exactly this kind of scheme to secure our keyboards and mice, with discovery in open air not even requiring being on the same LAN.

    We type our sensitive info into Google docs shared with an "anyone with this URL" feature.

    It seems we already trust opaque random URLs and pairing quite a bit. So why not trust them more than the terrible plaintext LAN services we use now?

  • Apple, FedEx and the Cookie Apocalypse
    4 projects | news.ycombinator.com | 1 Jun 2021
    Chrome's FLoC and TURTLEDOVE proposals are nascent web standards under the Web Incubator Community Group (https://wicg.io). My understanding is that Chrome is hoping to come up with something that other browsers also like?

    Other browsers are working on this general project ("how do you do ads without cookies") too: Edge has https://github.com/WICG/privacy-preserving-ads/blob/main/Par... and Safari has https://webkit.org/blog/8943/privacy-preserving-ad-click-att...

  • Cohort IDs can be collected over time to create cross-site tracking IDs
    6 projects | news.ycombinator.com | 15 Apr 2021
    What am I looking at? https://wicg.io/

    Jesus christ what a mess. This web browsing looks like navigating across a minefield.

OpenWifiPass

Posts with mentions or reviews of OpenWifiPass. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-02-05.

What are some alternatives?

When comparing proposals and OpenWifiPass you can also consider the following projects:

AppleNeuralHash2ONNX - Convert Apple NeuralHash model for CSAM Detection to ONNX.

vodon-pro - Vodon Pro is a video player designed for esports coaches to review footage of players.

floc - This proposal has been replaced by the Topics API.

Godello - Trello inspired kanban board made with the Godot Engine and GDScript, with a real-time collaborative backend (Elixir and Phoenix Channels) and a local backend for offline usage (Godot Custom Resources)

FISSURE - The RF and reverse engineering framework for everyone. Follow and ★ to show your support!

wifi-password - Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect

core - Midori Web Browser - a lightweight, fast and free web browser using WebKit and GTK+

boulder - An ACME-based certificate authority, written in Go.

MarkdownSite - Create a website from a git repository in one click

turtledove - TURTLEDOVE

howmanypeoplearearound - Count the number of people around you :family_man_man_boy: by monitoring wifi signals :satellite:

hardlinep2p - Application-level P2P non-VPN for securely accessing personal servers without a VPN