That is awesome @mixmix, That lib seems to be mostly for local networks, but it is perfectly good pointer! The easiest way would be to broadcast something html-alike that has the QR code on the server-side (hub, patchwork, etc) of things like you said. from there it should broadcast up, start a good TLS, followed by auth, then ping details back and forth from there.

I'm a bit torn on the hub-side of things. I really like the idea and would love to get it to work, but signing things on the phone will mean that I need to be able to access a more comprehensive database, I'm trying to figure that out. In the spirit of getting the interface to show fancy stuff and having data to work with, I was looking in different directions. Patchwork -> phone seemed to be straight forward. But, yeah it's far from perfect and even further away from what I want to solve.

I'm reading through the code you guys wrote in my free time. Just to figure out some kind of good way to get things working - without compromising security. it's a tough pickle, even when doing the 0 hops stuff you suggested earlier. graphQL is a nice tool and i would love to use it. It is however a feature, not a solution by definition.

As soon as I get two main views running on the phone (index & detailed view) to a degree where I can show basic (dummy-) data, I will have to start diving into the server-side and sketch out some kind of architecture where private keys can stay client-side (without ever leaking them over the wire) while public-keys and/or the gossip-store are server-side (kinda funny, as it's often the other way around in "normal" computer systems).

Anyway... Huge thanks for the info/nudges in right directions you keep providing! I have been making architectures, apps and sites for news-systems & consulting clients for years, but all of this is a vast new ocean.