Yes, it has been done. I am aware of http://www.remoteless.no & Co. I myself coded a Grooveshark Remote in a similar fashion for the Nodeknockout 2012.
What the difference is, is that I don't want to code another remote control that is capable of doing x and y for service z. I want a simple JS API to code new remote controls. The service is to provide a framework for that. And by "that", I mean future.
What are you doing to prevent government tampering, MITM attacks, or other dangers? You seem to have put a lot of thought into the security of the implementation, though it might help you spread it to the do-it-yourself-er culture if you explained what you were doing a bit to keep things secure.
Is the cipher completely encrypted all the way from the phone to the desktop, whilst being tunneled through your server?
And if it's as secure as you say it is, what stops people from proxying their own arbitrary payloads through your tunnel? (-- that is to suggest that you're being as honest as you are about not decrypting anything the entire way from the phone through your cloud to the desktop...)
If it's that secure, what would stop a botnet from theoretically leveraging this as misdirection?
And what is the purpose of the cloud server here? If someone had their own hosting, would they still need to rely on your server to route the commands?
All questions and criticisms aside, I've always wanted something that could do this for my house without having to rely on an external entity... I think paranoia has taken a rather large toll in our culture today, because anything with the word 'cloud' in it starts to give all programmers the chills unless it comes with some assurances of trust, longevity, and ultimately devotion.
I'd almost suggest selling a piece of hardware that people could install in their houses, simply because it's extensible for your purposes, users can maintain control over it, and it's far more difficult to isolate as a target, and ultimately it allows people to decide whether to "connect indefinitely to any company" for continued operation.
I mean, if you pick up any cloud-based mobile control software from any major manufacturer today, they all create this massive problem of a surrogate dependency on the cloud in their implementation.
These days you can't even set up an IR mobile control product without sending out your wifi password through a web-based silverlight UI hosted in the cloud just to get it to the product that's meant to use it! That's so far backwards security-wise that it's teaching people to send their login credentials the wrong damned way!
You picked up a nerf gun and expected an AR-15, this is just a little demo of something cool this person created, I doubt that making this water tight was a large goal, at least for now.
Minor nit: On my phone, the placeholder text for the verification code input box reads "five digits". My code was "9tlni". Only one of those is a digit.
Interesting stack. How is Firebase working out for you (since you want to replace it)? I only dipped my nose in one time and thought it could be helpful, also since there are JS implementations for the client.
The server that handles the routing between the devices is a simple socket.io server. No database at all for this demo. Pairings will be stored in memory. But yeah, it needs some sort of database later. Unless I want to restart the server every other week because it ran out of memory ;).
The data (commands) is en/decrypted on the client side and just passed through the server. The desktop first creates a connection and encryption key. These will be encrypted with the visual verification code and represented as the QR code (with a URL in front).
Once you follow the URL with your phone and enter the visual verification code, the keys are decrypted. The commands are then encrypted with the actual key generated by the desktop before it gets sent to the server.
That way the server should never get hold of the encryption key in any way. However, this increases attack vectors on the client side. I wouldn't control a power plant with it, but for clicking a button for a demo it should be enough :)
There's something funky with your QR code. My reader doesn't recognize it as a URL (it seems to be just the plain text type). There was also a space in the URL that I had to delete before my browser would recognize it as a valid URL. (fyi I'm running Cyanogenmod with their stock browser and the Obsqr QR scanner).
well this is the same hoby project that i am working on. The thing is this is not remote control for "browser". This is remote control for the api integrated web page. Mine project called "peegle" works with a chrome extension. So I can call it remote controller for browser. Just check it maybe we can do something together.
You are right, for this demo the title is a bit misleading. Haven't really thought about it. However, my plan is also to create something similar to you at a later stage. To control one website with the remote, which will control the browser via a extension.
Good catch. It's because I cheated. The command will be sent from the phone to the desktop, the phone on the other hand does not receive the state of the dim. Button text is just changed by click event. Gonna change soon.
In the QR code a URL with connection id and encryption key (generated by the desktop) is stored. The visual verification code encrypts these parameters to prevent them from showing up in the phones browser history in plain text.
As someone who is sitting at an extremely uncomfortable coffee-shop table right now, where the table is just too high. I would love something like this.
In fact, sometimes I am lying down in my sofa/bed while looking at my computer wishing I could control it somehow.
But not like a trackpad, those clients usually suck afaik.
I guess you could use the same system to control a screen behind a showwindow, or have limited control of a remote tab (the user lets you use his tab to do or show something specific to him).
It's a nice demo I think.
Thank you! Interesting applications. You could also do a multi device game with it. Or with the help of a browser extension control the entire tabs (eg. having one remote for multiple services).
Nice idea but does not work on my fully up-to-date iPhone 5s. After putting in the code and tapping "Pair" the pair button just flickers slightly and nothing else happens. Tried with two different codes, rescanning the QR code each time.
Thanks for testing. It's fresh of the shelf and I have not tested it with any other than Chromium/Firefox on Linux and Android/Chrome browser on a Android.
Assuming it would work cross device out of the box, because it _should_, was a idea I was comfortable with. I'll make it work.
I can pair the Youtube app on my phone with my TV the same way and search/play items from my phone.