86 comments

[ 0.22 ms ] story [ 137 ms ] thread
Since I needed brief intro myself, Wikipedia says:

"The initial target audience for Briar includes "activists, journalists and civil society" with plans to make the system "simple enough to help anyone keep their data safe." As the ability to function in the absence of internet infrastructure may also make the project valuable to disaster response and aid organisations, the developers are working with the Open Humanitarian Initiative and Taarifa. Ultimately, the developers aim to create a system which is "as simple to use as WhatsApp, as secure as PGP, and that keeps working if somebody breaks the Internet.""

Would personally love a blog review or two of Briar but found little thus far.

Who can guarantee me that this isn't built by some national security agency with some tiny, hidden backdoors?
No one can, but isn't that the case for all software?

At least it is Free Software with reproducible builds, so you can audit the shit out of it.

The person you can hire to audit the code ;)
is there already some compare available that shows differences with other messengers like Telegram or Signal?
It's been awhile since I used Briar, but unlike something like Signal, Briar is decentralized. So you can communicate with other Briar users in the absence of a central server. Briar at least used to be very strict about how you established contacts, so, for example, to add a contact you had to have them physically in your presence and exchange QR codes on your phone. You couldn't just add someone from your phone contacts, for example, or look up their phone number.

The downside to these things is that Briar tends to use up battery on mobile devices, because it's constantly running to handle the decentralized communications. Also, having to have someone physically in your presence makes it difficult to add someone casually like some other apps.

Some of these things might have changed, as they've been pretty consistent and active in developing the software, and it has evolved over time into offering more and more functionality. In general, Briar development tends to be very conservative about security, but also very encouraging of "robustness" development for lack of a better way of putting it (I think at one time they had an API so that it could be extended to general "off grid" communication protocols, or at least were discussing it).

I'm a little surprised it hasn't gotten more attention over the years, because I think it has been audited and seems very very secure. It also pops up on places like HN from time to time. On the other hand, that conservativism about security makes it sort of impractical for someone who, say, just wants to chat with friends and family.

I think the best comparison is probably with Matrix rather than Signal or Telegram, but Briar lacks the federated component at the moment.

This desktop release is interesting to me because in some ways it represents a major expansion of the software. As I said, they've tended to be very conservative and it's interesting to see it added. It also probably makes it more feasible to treat the desktop instance as a sort of "permanent on" server with access to a power supply instead of running off a battery (to be honest, starting with a desktop service kinda makes more sense to me given the power requirements).

Take this all with a grain of salt because, although I have it on my phone, I haven't actually used it in some time and haven't actively kept up with development in a couple of years.

> Briar at least used to be very strict about how you established contacts, so, for example, to add a contact you had to have them physically in your presence and exchange QR codes on your phone.

This has indeed changed, it is possible to exchange briar:// links over another channel and add contacts without physical presence.

> It also probably makes it more feasible to treat the desktop instance as a sort of "permanent on" server

I agree, and this might be one step towards solving the "using one briar key on two devices" problem by making the pc authoritative.

https://code.briarproject.org/briar/briar/-/wikis/FAQ#can-i-...

> although I have it on my phone, I haven't actually used it in some time

Me too. None of my friends/family would be interested in using Briar, but it's too cool for me to not keep it installed. I like reading the update notes and seeing it progress.

>"The initial target audience for Briar includes "activists, journalists and civil society"

Sounds exactly like a project an agency would help create/infiltrate to tap unto all of the above....

> as secure as PGP

Well, that doesn’t sound promising at all.

You can ask any cryptographer, they will tell you to not use PGP.

Because the usability sucks (supposedly leading you to shoot yourself in the foot), not because of any problems with the crypto or the implementation.
The crypto is also very questionable for any use case relevant to briar.
PGP _supports_ up-to-date, secure cryptographic algorithms, but it's usability falls short. these new algorithms are rarely made the PGP implementation's default algorithms.
Those algorithms are unsuitable for messaging as implemented in gpg.
I had no idea that Briar had a desktop version. I would have been using it waay sooner!
What does the YComb community think p2p apps like GNU Jami? I never hear much about it and think it's pretty decent unless someone has good reasons to think otherwise. Thanks
I haven't had a chance to try it as it won't connect through my firewall, yet Tox will.
how do devices find each other without an introductory server?
Using Tor onion services that get exchanges when adding a contact nearby via WiFi or Bluetooth. If adding over the internet, a rendezvous service will be created.
When you're close to someone you can make an initial exchange via QR+bluetooth. When you're distant you need to exchange your briar:// links on a different channel.
Do any of these "decentralized" and "end to end" encryption communication systems actually solve the fundamental problem which is that you have to trust the person you're communicating with to not give up the content of the messages they've sent and received. People's telegram and signal comms are always showing up in subpoenas because someone unlocks their phone for the feds. I guess what I'm thinking here is that there's nothing about this that is any better than pgp emails, and i'm not sure i understand why these forms of communication are flourishing when they seem to offer little real protection against a motivated state adversary who doesn't need to attack the system if they can just ask someone for the keys
At least for my family members, they switched to Signal because they don't trust Facebook and Google abandons their products after a few years.

iMessage isn't an option because half of the family is on Android.

If a motivated state actor wants pictures of my baby niece then I guess they're welcome to it.

> People's telegram and signal comms are always showing up in subpoenas because someone unlocks their phone for the feds.

If the counterpart can see something with their own eyes (or a screenshot) then how would you even expect to protect against this?

Signal’s primary defense against that is disappearing messages. Beyond that, what can you really do against what is essentially an untrusted endpoint? Education and awareness, and hope that it sticks.
> that you have to trust the person you're communicating with to not give up the content of the messages they've sent and received

This has always been the case for any form of communication, verbal or otherwise. You're always trusting that the people you're talking to don't share your conversation if you don't wish it to be shared. This is a inherent to communication, not anything technology can possibly fix.

(comment deleted)
The only reliable security you can implement here is not to send the message in the first place
Interesting I've been downvoted for that when others have posted the same comment since and not been downvoted. Further more I'd with no reply it's unclear how the person who reviewed that comment believes you could secure the message after someone has read it (clearly they think it's possible otherwise my comment wouldn't be "incorrect").

To expand on my previous post: what's to stop the recipient from taking a photo of the message using another device? Or transcribing it and republishing it manually? Or even just memorising it and telling someone else verbally?

Literally the only defence you have against the recipient abusing their trust is not to send the message to begin with. Everything else is just security theatre.

This is literally the same point others have made too. So why I was downvoted but others not I don't know.

This. Or, in other words: OFFLINE COMMUNICATION.

In today's world, offline communication is safer, because to tap it you need manpower ( = more resources, more money ), and that is not efficient for those who want to tap you.

There is a word for "You can't prove I said that", and even though English is my only language, I can't remember the word. It feels like "repudibility". I think I'm on the right track: https://en.wiktionary.org/wiki/repudiate

I think it is related to forward secrecy.

Maybe the E2EE apps should have a button for that, call it something snazzy like "The 5th Amendment button" and right next to that is a button for trivially forging texts and screenshots with the app's own UI, so that everyone knows that anything can be fake.

The Signal protocol already guarantees repudiation: https://en.wikipedia.org/wiki/Signal_Protocol#Properties

But this is just cryptographic repudiation, meaning that a receiver cannot prove that they didn't tamper with their Signal data to fake having received a message from a certain sender. OP is talking about something else: preventing any data the receiver might have received to be transferred to a 3rd-party, but that's impossible.

pgp is fussy to set up, and that matters.

But beyond that, good secure messaging protocols are designed so the recipient can verify you sent a message but not prove that to anyone else.

And they also make it so a compromise of your private key can't be used to decrypt old messages.

I love PGP, but let's be honest, it's not user friendly in the slightest. It's an esoteric bolt-on to email that requires both ends to want to use it and go through the trouble of setting it up, which basically means that it's really only useful to nerds and people with sufficient requirement for secrecy that they actually go through the trouble.

Services like Signal are great because they're E2EE by default and they're user friendly. We got my tech illiterate mother and stepfather on Signal so they could participate in family group chats. No way she would have been able to navigate GPG.

As for the issue you're bringing up about the endpoint getting compromised, the simple solution is a retention policy (disappearing messages), which Signal has supported for some time now. It doesn't help if the allegiance of owner of that endpoint is flipped (they can simply screenshot future messages), but it does prevent the adversary from getting a full text dump of previous conversations if they swipe the phone for example.

>Services like Signal are great because they're E2EE by default and they're user friendly.

Signal might be a bad example because it is not really that user friendly when it comes to the hard bit. That is: confirming that you are actually connected to who you think you are connected to and not some third party. In a usability study involving Signal[1], 21 out of 28 computer science students failed to establish and maintain a secure end to end encrypted connection.

We should not kid ourselves into thinking that the usability of end to end encrypted messaging has been solved. It is very much still an outstanding issue.

[1] https://www.ndss-symposium.org/wp-content/uploads/2018/03/09...

> actually solve the fundamental problem

If you consider this "the" fundamental problem you're (a) underestimating the severity of other problems and (b) wildly overestimating what technology can achieve for humanity.

Trusting other individuals in this world is not a problem that's solvable by messaging protocols. Even literal scifi solutions like Mission Impossible exploding sunglasses inherently trust the recipient of the message not to share data post-self-destruct. Recipient trust is a fundamentally implicit part of deciding to communicate at all, through any medium.

I think what they want is censorship resistant mesh network that wouldn't require first seeding from known addresses like I2P does and most of the others too.
There is a lot of misunderstandings around messaging systems.

End-to-end encryption is an extremely nice feature as it lets us make the assumption that messages cannot be read by a middle man even if 100% of the employees are corrupt and the messages pass right through FSB and NSAs networks twice.

But, as you point out: for most people this falls flat in most cases once you are up against the big guys and they have decided to get you.

That does not mean that it is useless though: most people won't get approached by these agencies, and E2E-encryption will keep it out of the hands of dragnet surveillance, snooping telecoms providers or FAANG companies and a number of other very realistic scenarios.

(That is unless you use a system that helpfully uploads unencrypted copies of everything you write to a certain large FAANG class company.)

Then there is federation, I guess that is what you mean by decentralized. This is another really sweet property of a messaging system. However, for security it has a number of problems - a little bit less or more depending on exact implementation.

On top of this there is technical execution: Everyones (including me) darling Signal for example has had some pretty nasty problems.

Alltogether it comes down to this if you want to avoid problems: stay out of what trouble you can stay out of and think opsec if you cannot.

And remember that US knew exactly when Soviet started working towards an atomic bomb, because after they started the flow of related research papers stopped ;-)

I.e. opsec is seriously hard if you are up against a powerful entity. Plausible deniability, blending in etc can be just as useful as bulletproof crypto.

> Then there is federation, I guess that is what you mean by decentralized.

I can't speak for GP's use of scare quotes around "decentralized", but it's worth noting in this case that Briar is fully decentralized, not federated. It is peer-to-peer messaging.

Signal has a "Disappearing Messages" feature that deletes conversations contents after a set amount of time. This is the only feature that I'm aware of on these major messenger services that works to solve the concern for your conversations on the recipients devices.
Conspiracies using Signal and similar services often fall apart because someone in the conversation is undercover or has a change of heart: someone thought he was signing up to a protest movement and then finds out that others want to kidnap a politician and hold her hostage (the governor of the state of Michigan, where this happened) and sends the messages to the cops, even though they were set to disappear.

Figuring out a solution for this would enable new kinds of horror, like when in 1984 Winston is shown a photo that implicates the party leader in a crime and his torturer then tosses it in the "memory hole" to burn it up. You can see evidence of something horrific but you cannot share it, cannot prove it and then it disappears.

The defense against that is 'disappearing messages' which is available in most popular E2E messaging apps nowadays, including Signal and WhatsApp.[1]

PGP emails doesn't even have forward secrecy. Emails are not messaging, it needs video/voice calls, stickers/gifs etc etc to have any hope of being adopted by non-techy folks.

The Signal blog has a number of articles on how they develop state-of-the-art privacy preserving features. [2][3][4][5][6].

Also the only info Signal has about you is "Unix timestamps for when each account was created and the date that each account last connected to the Signal service", which is what it provides to government requests [7].

[1] Disappearing messages

https://signal.org/blog/disappearing-by-default/

[2] How to build large-scale end-to-end encrypted group video calls:

https://signal.org/blog/how-to-build-encrypted-group-calls/

[3] Signal and GIFs

https://signal.org/blog/giphy-experiment/

https://signal.org/blog/signal-and-giphy-update/

[4] Signal groups,

https://signal.org/blog/signal-private-group-system/

[5] Sealed sender

https://signal.org/blog/sealed-sender/

[6] Private contact discovery

https://signal.org/blog/private-contact-discovery/

[7] Government requests

https://signal.org/bigbrother/

>PGP emails doesn't even have forward secrecy.

Yeah, that is a bit of a mystery. There is no technical reason. I think that email users just want to keep their old emails around, which of course makes forward secrecy pointless. Perhaps PGP users would prefer to use the greater security available for the private key material in an offline medium like email to make it so they don't get compromised in the first place.

> Do any of these "decentralized" and "end to end" encryption communication systems actually solve the fundamental problem which is that you have to trust the person you're communicating with to not give up the content of the messages they've sent and received.

That's a biology problem, not a digital one.

These systems can't solve that problem, so yeah, you have to trust that person.

As Ben Franklin said, "Three can keep a secret, if two of them are dead." There's no technical solution for that. End-to-end encryption will help if one person sends information to one competent, trustworthy journalist. It won't help much if large groups of people try using it to conspire to overthrow a government: someone will talk, someone will be an undercover double agent.
Never heard of Briar. Title made me think it was some new cool desktop environment for linux.

It took me longer than I care to admit before I realized Briar is just a messaging app.

A new environment with just a handful of apps comes every so often.

In that regard, what are other apps like Briar?

The premise is:

> Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn’t rely on a central server - messages are synchronized directly between the users' devices. If the internet’s down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the internet’s up, Briar can sync via the Tor network, protecting users and their relationships from surveillance

There's some overlap with P2P Matrix (which isn't yet done but is in the works).
Difference is P2P isnt matrix's main goal. Their approach to P2P is to just bundle an entire homeserver on your phone or desktop client.

Briar was built for P2P from the ground up, so presumably they planned this better.

This isn't a criticism of matrix. Matrix is great and I use it everyday but gotta give credit where its due.

A lightweight homeserver. If lightweight enough (which remains to be demonstrated in practice of course), I don't see a meaningful difference from a monolith design.

I see no reason to think P2P isn't a goal of Matrix either; the reason it's not P2P now is that federation was easier, but the long-term game certainly looks to be P2P with work on cryptographic, portable identities and Bluetooth mesh networking in the form of Pinecone. I've also seen arathorn confirm this on HN.

I'm very curios about p2p matrix as well because I hope it will bring privacy mainstream. The closest now is signal which is, at best, very far away from whatsapp.

I hope this will change with p2p matrix...

> what are other apps like Briar?

It sounds similar to Scuttlebutt https://scuttlebutt.nz/

The off-the-grid approach is indeed something that makes Briar and scuttlebutt somewhat similar.

What sets them apart is scuttlebutt's special concept of how it works as a social network, dissimilar to Briar.

I also assumed it was a window manager or a GUI or something of that nature. They could tweak a few works to make that clear, though. The project looks cool.
(comment deleted)
I don't feel comfortable trusting a new "secure" messaging platform or interested in doing the work to dig through the sources to see if it's legit or not combined with the fact that I don't even know if the source they provide generates the same binary they distribute to many.

Just use Matrix instead.

Briar is older than Matrix. It has been around since at least mid-2012, whereas Matrix is from 2014.

Disclosure: I was an intern for them in mid-2012.

Briar is p2p/offgridy/meshnety and Matrix is federated, always on internet connected.
So Briar messages are sent directly peer-to-peer? That's pretty cool. How does it work? There is a graphic on the website that suggests it uses Tor.
> combined with the fact that I don't even know if the source they provide generates the same binary they distribute to many.

builds are reproducible

> Just use Matrix instead.

No just don't. Matrix exposes metadata to every connected server.

no, Matrix exposes metadata to only the servers whose users are talking together.
My experience a few years ago just giving Briar a try for fun was that both parties had to be online at the same time to relay messages (since there's no normal servers) and that it drained my phone battery quickly when I was online. Not practical.

I was thinking it would be nice to be able to run some sort of node under my own control that could buffer those messages. I feel like there was even an option to do that for phones, where someone could help relay messages between two friends, but I could be remembering wrong. At any rate, it would be cool if the desktop app could play this role.

When I tested peer-to-peer messaging a couple of years ago, Briar was the only messenger that was able to sync messages and data without needing a common router. Was very happy to see.
What I found interesting about this was the bluetooth / offline communication part.
It's great that the messaging works over bluetooth and local wifi, but I really wish the phone app would be able to cache and relay encrypted messages to others.

Or does that somehow work through the posts and forums in the app?