Building the Command Center: When Security Needs a Human Face
The Prettiest Protocol in the World Is Useless If Nobody Can Use It
I'll be honest I spent months obsessing over cipher suites, entropy profiles, and DPI evasion. I could talk about X25519 key exchange for hours. But here's what I learned the hard way: if the interface is confusing, people won't use it, and all that cryptographic beauty just sits there collecting dust.
Security tools have a long tradition of being ugly and hostile. Ever configured an IPsec tunnel by hand? Tried to set up V2Ray with the correct JSON config? Most anti-censorship tools assume their users are network engineers. Most of their users are journalists who just want to talk to their sources without getting arrested.
BPP needed a Command Center that a non-technical admin could actually operate. So we built one.
The Stack
| Layer | Technology |
|---|---|
| Frontend | Vue.js 3 with Composition API |
| Backend | Go HTTP server with WebSocket |
| Database | SQLite (modernc.org/sqlite pure Go) |
| Auth | JWT tokens + Argon2id password hashing |
| Real-time | WebSocket for chat, SSE for dashboard |
| Deployment | Docker multi-stage builds, Alpine Linux |
The frontend alone is over 60,000 lines. That's not a typo.
The Dashboard: Watching the Pulse
The first thing an admin sees after login is the Dashboard. It shows the system's vital signs in real time:
- Active connections how many clients are connected right now
- Message count total encrypted messages processed
- Traffic volume aggregate data flowing through the protocol
- Active rooms chat rooms currently in use
- Server health CPU, memory, uptime
All of this updates live via WebSocket. No polling, no refresh button. You watch the numbers move as things happen.
There's also an alert feed. Failed login attempts, unusual connection patterns, system errors they show up with severity levels (INFO, WARNING, ERROR, CRITICAL) and are filterable.
User Management: RBAC Done Right
BPP implements three-tier Role-Based Access Control:
| Role | Capabilities |
|---|---|
| User | Chat, send files, manage their own profile |
| Admin | Everything above + manage users, rooms, view logs |
| Root | Everything above + server config, protocol settings, emergency wipe |
The auth system uses Argon2id with the OWASP-recommended parameters: 64 MB memory, 3 iterations, 4 parallel threads. No bcrypt, no scrypt, no MD5 (yes, I've seen production systems using MD5 for passwords in 2025 please don't).
The Chat: Where It All Comes Together
This was the big one. 22,000+ lines of Vue.js for the chat interface alone.
The obvious stuff:
- Message bubbles with timestamps and read receipts
- Contact list with online/offline indicators
- Room management create, join, leave, public and private rooms
- Emoji selector (because even dissidents deserve emoji)
The less obvious stuff:
- Typing indicators you see when someone is composing a message, streamed in real time over WebSocket
- Infinite scroll message history loads progressively as you scroll up
- Encryption indicator a lock icon confirms end-to-end encryption is active. Not decorative it reflects the actual session state
The security stuff you don't see:
- All messages transit through BPP's encrypted protocol WebSocket for web, raw TCP for the desktop TUI
- The server never stores plaintext messages longer than necessary for delivery
- File transfers are chunked, encrypted, and reassembled via SmartLink
File Transfer: SmartLink Reassembly
Sending files through an encrypted tunnel with constant-size padding sounds simple until you realize each BPP packet is 1024 bytes. A 10 MB file becomes ~10,000 packets, each encrypted and obfuscated independently.
SmartLink handles the reassembly:
- The sender chunks the file and encrypts each chunk
- Each chunk gets a sequence number and integrity hash
- Chunks travel through the BPP tunnel as regular packets
- The receiver collects chunks, verifies integrity, and reassembles in order
- A progress bar shows completion percentage in real time
If Ghost Mode is active with -wipe-downloads, all received files are DoD 5220.22-M erased when
BPP exits.
The Desktop TUI: For Those Who Live in the Terminal
Not everyone wants a web browser. Some of our target users operate in environments where launching Chrome is itself suspicious, or where a lightweight binary is preferable.
The desktop client is a Terminal User Interface built on Go's color terminal libraries. It packs the same
functionality into a text-based interface: split-pane layout, ANSI colors, keyboard navigation, slash
commands for power users (/join, /leave, /send).
It compiles to a single static binary drop it on a USB drive, run it, communicate, pull the USB drive out. Ghost Mode cleans up the host. Nothing left.
The Hard Part: Making Security Invisible
When you type a message and hit Enter, here's what actually happens:
- The message is serialized
- It's encrypted with AES-256-GCM or XChaCha20 using the session key
- It's padded to 1024 bytes with crypto/rand noise
- It's wrapped in the current transport's obfuscation (say, XTLS-REALITY)
- It leaves your machine looking like a TLS Application Data record to Google Analytics
- The server unwraps, decrypts, routes to the recipient
- The process reverses on the other end
The user sees: message sent. That's it. Security should be a property of the system, not a burden on the user.
Sources
- Vue.js Team. "Vue.js The Progressive JavaScript Framework." vuejs.org
- OWASP Foundation. "Password Storage Cheat Sheet." cheatsheetseries.owasp.org
- Biryukov, A., Dinu, D., and Khovratovich, D. "Argon2: New Generation of Memory-Hard Functions." IEEE EuroS&P, 2016.
- Jones, M., Bradley, J., and Sakimura, N. "JSON Web Token (JWT)." RFC 7519, IETF, 2015.
- The Gorilla WebSocket Toolkit. github.com/gorilla/websocket
- Docker Inc. "Docker Overview." docs.docker.com
- Martin, R. C. "Clean Architecture: A Craftsman's Guide to Software Structure and Design." Prentice Hall, 2017.