[HN Gopher] Briar 1.4 - Offline sharing, message transfer via SD...
___________________________________________________________________
Briar 1.4 - Offline sharing, message transfer via SD cards and USB
sticks
Author : Sami_Lehtinen
Score : 180 points
Date : 2021-11-15 14:27 UTC (8 hours ago)
(HTM) web link (briarproject.org)
(TXT) w3m dump (briarproject.org)
| slim wrote:
| The best feature of Briar is still, the tutorial on how to build
| it from source. Complete with screenshots
|
| https://briarproject.org/building-the-source-code/
| BiteCode_dev wrote:
| Briar is really neat, and I hope it will land on Linux, Mac and
| Windows. Being able to send messages and files directly to
| anybody on a local network without any account just rocks.
| flaburgan wrote:
| Ubuntu 08.04 was already allowing this using empathy...
| sebkur wrote:
| since recently, there's a cross-platform desktop client in
| development using compose for desktop as its UI framework
| BiteCode_dev wrote:
| That's fantastic news.
| giphyman wrote:
| I found the code repository for Briar desktop port:
| https://code.briarproject.org/briar/briar-desktop
| ComodoHacker wrote:
| What I'd like to have is easy offline media files sharing across
| as many phone models as possible. Basically a free open-source
| alternative to ShareIt. Why it doesn't exist yet? Does ShareIt
| use some hidden and/or proprietary APIs?
| nanomonkey wrote:
| I do this with the Manyverse app, which uses the Secure
| Scuttlebutt p2p gossip protocol.
| urtrs wrote:
| TrebleShot was similar but it is deprecated now.
| sebkur wrote:
| if "on the local lan" is offline enough for you, take a look at
| kde connect, connects all your devices with file transfer,
| cross-device copy'n'paste etc.
| goodpoint wrote:
| Briar desperately needs a library for Linux and Windows that can
| be used to build all sort of applications.
|
| Discussion forums, group chat, IM, location-based messaging,
| email/mailing-list equivalents, blogs and offline websites and
| more. Not just one app.
| oggelato wrote:
| what do you think about this
| https://code.briarproject.org/briar/briar/-/wikis/FAQ#does-b... ?
| lucb1e wrote:
| It basically says what I would expect, but then I'm a tech-
| savvy privacy nerd who knows how this sort of tech works. Any
| particular reason you asked?
| rchaud wrote:
| Peer to Peer data transfer via computing devices is something I
| wish was be more mainstream. It's not, because the commercial
| cloud storage mafia has invested heavily in telling people that
| your data has to traverse their toll roads first.
|
| I recently discovered Syncthing Fork which was customizable in a
| way Google Drive or alternatives were not. And it's entirely P2P,
| transmitting files between my laptop and my phone, in either
| direction pretty seamlessly.
|
| I'm now interested in learning about Bluetooth transfer as well
| as it works without Internet access. I've heard transfer speeds
| are slow though.
| oreilles wrote:
| Why Bluetooth when WiFi is a hundred times faster?
| ChuckNorris89 wrote:
| AFAIK there's still no standardized, non-proprietary, easy,
| out of the box way to share files between different phones
| brands/OS and/or PCs using WiFi as Android/Samsung/Apple each
| do their own thing here.
|
| You have to resort to setting up an ftp server and/or
| download extra apps on your phone for this, whereas Bluetooth
| file sharing is standardized and should work out of the box
| on any phone brand or OS (not sure on iPhones though) and
| anyone should know how to use it without needing any third
| party apps.
| [deleted]
| earthscienceman wrote:
| KDE connect is actually _really_ fantastic at this.
| jqpabc123 wrote:
| Just about every OS has built in ftp support _except_
| Android.
|
| Material Files is an Android file manager that adds the
| missing ftp support.
|
| Start/stop the ftp server with a single click. I have yet
| to find anything easier.
| ChuckNorris89 wrote:
| I'm pretty sure my parents would have no idea how to
| setup an ftp service on their phones but they do know how
| to use Bluetooth.
|
| Plus, non-iOS/Android feature phones don't have ftp
| support but they do have bluetooth so this cross-
| compatibility out of the box is another advantage.
| jqpabc123 wrote:
| I know how to use Bluetooth --- and I generally find it
| harder to setup than the 1 click ftp server in Material
| Files.
| ChuckNorris89 wrote:
| And I know how to do things from the command line faster
| than some people using a GUI, but this elitist way of
| thinking needs to stop. Consumer devices and their
| features should be easily accessible to everyone
| regardless of their tech skills.
|
| That's why Apple is a multi-trillion dollar company.
| Because people want the easy way. If things require extra
| apps, extra steps and reading tutorials/instructions to
| use, you can bet most people will stop right there.
|
| I'm not disagreeing with you, I'm just saying how things
| work for the masses.
| ly wrote:
| It can be done using WebRTC with something like
| snapdrop.net. Still requires both devices being able to
| connect to their signaling server, but at least it works on
| every device, doesn't require you to install something,
| it's peer to peer, and open source.
| ChuckNorris89 wrote:
| Sure, but take care as I said "easy, out of the box way"
| that any user can do, not the way that requires 5 years
| of sys-admin experience and 3 dev-ops certifications to
| pull off.
|
| I call it the (grand)parents test. If they can't figure
| it out on their own then it's not user friendly enough.
| ly wrote:
| Yeah I get what you mean, I didn't actually mean
| implementing it yourself, but just going to snapdrop.net.
| That should doable for most people I assume.
| sneak wrote:
| Assuming they're already on the same wireless network.
| tannhaeuser wrote:
| VLC and possibly other apps on iOS can act as web server
| allowing file up-/download.
| lloydatkinson wrote:
| > Bluetooth transfer
|
| There was a brief period while I was at school where people
| would share mp3 files with each other this way. This was before
| 2010.
| microtherion wrote:
| In some areas of the world, this method seems to have
| persisted longer. Sahel Sounds released two compilations
| "Music from Saharan Cellphones" of tracks that they
| originally discovered on such bluetooth sharing networks:
| https://sahelsoundscompilations.bandcamp.com/album/music-
| fro...
|
| (Though I'm pretty sure that they then went back and
| established traditional contractual relationships with the
| artists before releasing the compilations).
| dendrite9 wrote:
| Man I remember drifting around the internet and finding the
| blog post about purchasing song .MP3s in a market and
| transferring them over bluetooth. At the time that seemed
| like such a cool and unexpected alternate evolution of
| purchasing songs from itunes.
| MonaroVXR wrote:
| Reporting in with a Samsung E900 with 1GB Micro SD card.
| ChuckNorris89 wrote:
| OMG yes, being able to share jpgs, mp3s and even java apps
| from one phone to another via Irda then Bluetooth felt mind
| blowing in the early to mid 00's, considering that most
| people didn't have internet on their phones (2G/3G data plans
| were eye-watering at the time, hell, even texts were
| expensive) but their phones had this short range wireless
| sort-of-WiFi-ish capability on their phones for sending and
| receiving files from other phones or even desktop computers.
| _For FREE!_
|
| I remember I would spend hours after school in Photoshop to
| turn an image I like into the perfect wallpaper for my phone,
| tuning the resolution and color gradient until it looked
| perfect on the phone's low resolution display, and using
| bluetooth to upload them.
|
| Same with mp3s. Due to the low amount of storage on the early
| phones amounting to only a few MB, I spent a lot of time
| experimenting with aggressive compression to make sure I
| could fit as many songs on my phone as possible. Therefore
| they sounded pretty bad on the cheapo wired hands-free
| earphones that came in the box, but I didn't care or didn't
| bother to notice as I now had my favorite bands always with
| me in my pocket before MP3 players became affordable and I
| would just get lost in the lyrics on the bus to school.
|
| On an old Symbian Nokia I had, once you paired it to your PC
| via Bluetooth, you could send and read SMS texts off it
| directly from windows just like I can now use
| Signal/Telegram/Whatsapp desktop clients. I didn't think this
| would be so mind blowing until I found that Android had no
| similar functionality built in at the time for SMS on desktop
| via Bluetooth (and still doesn't AFAIK) which really bummed
| me out that such a powerful OS with such powerful HW was so
| lacking in features compared to the dying Symbian.
|
| Another fun anecdote, digging around my parents house this
| year, I found my ancient 2003 vintage NEC phone which had
| some VGA photos I took with it of me and my old school mates
| on it. When I saw that I could pull the photos off it in a
| pinch to my modern Android phone using Bluetooth, and
| immediately share them online with my former schoolmates from
| the photos, it was pretty mind blowing to say the least.
| Bluetooth gets a lot of hate today for connectivity issues
| some people face, but seeing it work reliably between vastly
| different devices almost 20 years apart is an amazing feat in
| my book and should at least deserve some praise.
| rchaud wrote:
| Meanwhile, I couldn't change my 2006 phone's wallpaper
| without paying Verizon to enable the USB connection with a
| PC. I ended up taking a picture of the wallpaper using the
| phone, and then setting that image as the wallpaper. It was
| a 2-inch screen so it didn't look too bad.
| ziml77 wrote:
| Was there no way to flash it with a less restricted
| firmware? I remember running Alltel firmware on my
| Verizon Razr. And I was able to do similar things to the
| Rizr I got as my next phone.
| rchaud wrote:
| Back then I had no idea about the homebrew firmware
| community. It was years later that I got Windows Mobile
| and discovered XDA Developers.
| ChuckNorris89 wrote:
| Yeah I heard US telecoms were insanely draconic (why were
| they allowed to act like that though? lobbying?)
|
| In Europe they weren't saints either but they weren't as
| bad when locking down your phone and mostly just resorted
| to SIM-lock, instead of locking other features as well.
| Y_Y wrote:
| People outside Europe still pay their network operator to
| "allow" things like tethering.
| rchaud wrote:
| From what I remember, Verizon did this with dumbphones,
| which I think ran similar OSes. So if you wanted to
| change the ringtone, you had to buy it from the crappy
| e-storefront on the phone. Same for wallpapers, and
| moving phone pictures to a computer via USB.
|
| In 2008 I picked up a Windows Mobile 6.1 phone (Samsung
| Blackjack) that didn't have any such restriction. USB
| worked and it had a microSD slot for me to add in movies
| and music. I could crop an MP3 and simply transfer it to
| the Ringtones folder via USB mass storage.
| meibo wrote:
| Also, small java feature phone games! Was always a highlight
| when someone was "traded" a brand new feature phone game from
| another school, and it spread through ours within a day.
| rchaud wrote:
| I believe that's how the "share song" feature of Zune MP3
| players worked.
| dashundchen wrote:
| The Zune actually shared songs via WiFi. Microsoft
| unfortunately dubbed this feature "squirting" and initially
| had some silly DRM limits of three plays before the shared
| song expired. Nonetheless the Zune was an excellent music
| player.
| rchaud wrote:
| I didn't realize it was using Wifi. I do remember that
| unfortunate name though.
| jqpabc123 wrote:
| https://github.com/zhanghai/MaterialFiles
|
| Open source Android file manager with built-in ftp server.
|
| Windows file manager also has built-in ftp.
|
| Linux has built-in ftp.
|
| Transfer files fast and easy over WiFi.
| Ruthalas wrote:
| I use MaterialFiles daily, and had not realized it had that
| functionality.
|
| Thank you for mentioning it!
| throw8932894 wrote:
| With termux it is pretty simple to run sshd and rsync on
| android phone.
| sliken wrote:
| Or just adb push/pull, which is a nice way to transfer files
| (like music) over a USB cable. Even charges the phone at the
| same time ;-).
| iszomer wrote:
| Prior to all this cloud madness, I used to rely on a WiFi
| Direct app called HitcherNet and later, Superbeam. But when it
| came to actually syncing across a network, I've settled on
| Syncthing.
| dna_polymerase wrote:
| > Peer to Peer data transfer via computing devices is something
| I wish was be more mainstream. It's not, because the commercial
| cloud storage mafia has invested heavily in telling people that
| your data has to traverse their toll roads first.
|
| Been in software half my life never heard anyone saying
| anything like this. It's most of the time easier and more
| efficient to use cloud storage than to spin up and bootstrap a
| p2p system. Also, thanks to encryption I don't really care if
| data hits the cloud.
| outworlder wrote:
| > It's most of the time easier and more efficient to use
| cloud storage than to spin up and bootstrap a p2p system
|
| Is it though? I've found that non technical family members
| will happily use Apple's airdrop to share things.
| goodpoint wrote:
| This is absurd. Try synchronizing a GB of data between two
| devices in the same room on an ADSL. If they (stupidly)
| bounce through an external server it might take an hour.
|
| Not to mention if you are on a mobile connection.
|
| Very people on this planet have fast + symmetric + unlimited
| bandwith available 24/7.
| chaxor wrote:
| I have seen many concerns of quantum computing and its
| ability to blow through most of our encryption standards with
| ease. So that trust in the cloud via encryption will likely
| soon fade
| ziml77 wrote:
| I haven't heard anything about symmetric encryption being
| easier to break with quantum computers.
| shawn-butler wrote:
| Cloud providers going through your photos and data for
| incriminating evidence in an automated way is a fairly new
| thing though.
|
| The more intrusive it gets the more likely the pendulum will
| swing.
|
| Not many consumers will encrypt unless it's at a product
| level. It's too difficult.
| a-b wrote:
| Reminded me about FTN, FIDO, and Golded
| thekid314 wrote:
| This sounds like a hobby project. Except Sudan has had its
| internet cut for 2 weeks. A widely used mesh network app would
| really change the balance of power between the people and the
| military coup.
| ajsnigrutin wrote:
| Ok.. I installed this... what now?
|
| Is there anything to follow? A list of public accounts/blogs? Or
| is the only option to get real-life friends to join, and follow
| only them?
| sebkur wrote:
| you can also add contacts remotely, you need to exchange your
| briar links on a different channel. It's safe to post your link
| publicly. Only if both parties add each other's links within
| the app, you will be able to communicate. Post you own link
| here and add mine:
| briar://aagcagf7vews5wtz4kpzzy76vpv2r65mlwqlm6a627tvr6bkf75em
| imwillofficial wrote:
| Anyone remember the Bump app to share contact details? That was
| so cool.
| marcodiego wrote:
| How does it compares to Secure Scuttlebutt
| https://en.wikipedia.org/wiki/Secure_Scuttlebutt ?
| [deleted]
| lucb1e wrote:
| That seems to be a protocol rather than an implementation.
|
| From the project's download page, the only Android application
| is manyverse. How does that compare to Briar?
| jjbinx007 wrote:
| Presumably sd cards are safer to connect rather than unsolicited
| usb drives.
| ChuckNorris89 wrote:
| Safer how? On PC at least, SD card readers, both internal and
| external are attached via the USB protocol and are seen by the
| OS like mass storage devices, just like USB drives, including
| being bootable, so whatever malware you have for a specific PC
| target, the payload should basically work the same from SD
| cards as via USB drives.
| redundantly wrote:
| Nyet.
|
| An SD card in a card slot can only be accessed as a mass
| storage device.
|
| A USB drive can act as a mass storage device as well as a
| keyboard and mouse and even contain an entire OS on it that
| could be remotely accessible via WiFi.
| ChuckNorris89 wrote:
| You're right. My bad.
| cva wrote:
| fwiw, it is most definitely possible to build an sd card
| that can exfiltrate its own data over wifi. in fact, that
| was the entire point of the Eye-Fi[0] product (though not
| with any nefarious intent).
|
| though granted that's still a way smaller attack surface
| than what would be typically granted to a usb device.
|
| [0]: https://en.wikipedia.org/wiki/Eye-Fi
| redundantly wrote:
| I had forgotten entirely about Eye-Fi. Excellent point!
|
| When it comes to physical access, especially with shared
| physical devices, there's always going to be some type of
| attack vector, however small it may be.
| lou1306 wrote:
| Still, it's probably much easier for an USB drive to actually
| pack malicious _hardware_ in addition to software, like
| sensors (e.g., microphones) or an USB killer:
|
| https://en.wikipedia.org/wiki/USB_Killer
| LeifCarrotson wrote:
| A USB drive can operate fully within the USB spec, implementing
| a USB hub and USB keyboard, and enter malicious code.
|
| The SD interface does not implement a similar spec, so this
| somewhat safer. The bad news most PC card readers are based on
| USB, so a targeted attack (which is probably in scope for
| Briar's customers) may still be possible - you could attack the
| firmware of the card reader, as described in [1] by Adam
| Caudill of BadUSB fame. Without breaking that firmware,
| however, you can't connect USB network->Card reader->USB hub,
| and you also probably can't connect SDIO/SPI network->SDIO-
| based-card-reader->USB hub.
|
| There's also the possibility that the card itself can run
| untrusted code. Just like a USB drive, an SD card typically
| contains a small 8051 [2] or ARM [3] microcontroller. Running a
| compromised controller would give the attacker access to all
| the data that's ever sent to the SD card, but one would hope
| that Briar does not cache unencrypted data to the uSD card
| which the user is expected to write to an physically pass to a
| potential adversary.
|
| Also, be aware of products like the Toshiba FlashAir Wifi SD
| card, which implement a wireless adapter in an SD card form
| factor. Replacing the label would be trivial, and it could
| broadcast or connect to a hidden wifi network without your
| knowledge. But again, one would hope that Briar does not cache
| unencrypted data to the SD card where it could, with one of
| these cards, be exfiltrated wirelessly. I think this capability
| is only available as an SD card or an obvious uSD-to-
| protruding-SD-card adapter form factor, not as a microSD card
| which would typically be used in a mobile device.
|
| Of course, there's still the possibility that the host OS does
| something stupid, like autorun an executable on the external
| media...but that's more of a badly configured Windows PC
| problem, I expect that modern mobile devices do not do that.
|
| [1] https://security.stackexchange.com/a/109595
|
| [2] https://www.bunniestudios.com/blog/?p=3554
|
| [3] https://www.bunniestudios.com/blog/?page_id=1022
| dwb wrote:
| I generally lean more toward "i like that iOS is locked down",
| but this offline-app-sharing feature is one of the best arguments
| I've seen against that. That said, either I'd want peer-to-peer-
| shared apps to be signed by an entity I already highly trust, or
| that the sandbox containing the app was extremely solid (and
| preferably both of course).
| xfer wrote:
| Well, if you don't trust this person you are downloading your
| app from, can you expect them to keep your messages private and
| secure?
|
| It already says when you would use such functionality("might be
| useful during internet shutdowns or natural disasters").
| sneak wrote:
| Apple (or the military that controls them) can revoke the certs
| for any app at any time, rendering it unlaunchable.
| INTPenis wrote:
| Wow these features really emphasize how Briar is focused on an
| arab spring situation where the internet access is restricted.
|
| The most common gripe about Briar is that it's not on iOS, but
| clearly there is nothing like Briar anywhere. Just too bad about
| the bluetooth thing. I don't see why it should leak your BT ID.
| That should definitely be an opt-in feature.
| glitchc wrote:
| iOS already has a built in feature with AirDrop. Everything
| except apps can be shared through it and it uses a local
| connection whenever possible.
| INTPenis wrote:
| Yeah but Briar communicates over Onion routing, good luck
| finding that in iOS.
|
| The local communications are of course not onion routed, goes
| without saying. It's a whole little tookit of subversive
| communication, including some anonymous and some not.
| jqpabc123 wrote:
| Man can not live by Android alone.
|
| I wish it wasn't this way but a communication app that only
| serves Android is severely limited and won't make the cut on my
| Android phone.
| emptysongglass wrote:
| Yes I wouldn't touch it because even though I'm not into Apple
| and its ecosystem I do communicate with Apple users and I'd
| expect activists would want to too.
| rchaud wrote:
| The use cases described are niche enough that iOS users can buy
| a second Android phone to use it with.
| jqpabc123 wrote:
| Or they could just use a different solution that supports
| both Android and iOS.
|
| Most people won't carry a second device for just one app.
| xfer wrote:
| like what? Feel free to post your preferred messenger that
| works p2p without internet.
| nanomonkey wrote:
| Scuttlebutt works over wifi, tor, internet, sneakernets,
| etc. There is an android client called Manyverse; a
| desktop app, a cli client, libraries in Python, Java,
| NodeJS...
| rchaud wrote:
| I think activists and journalists will make the sacrifice
| considering the nature of what they do.
| georgyo wrote:
| iPhone makes much of these concepts either impossible or
| extremely difficult.
|
| Namely, things cannot operate easily as a background service.
| Forcing the user to jump though many hoops to make it work. And
| since it is not an apple service. There is a single button
| "reset settings" that breaks all the users changes for these
| apps.
|
| On one hand it is generally more secure for iPhone users, on
| the other hand it greatly inhibits some types of innovation.
| jqpabc123 wrote:
| I understand.
|
| But it doesn't change the fact that other tools are available
| which do serve both and are thus much more practical.
| georgyo wrote:
| There are no other tools that are as quite as paranoid as
| briar.
|
| There is a severe usability and practicality hit as a
| result. But if you have friends who interested and paranoid
| then it is quite worth it.
| jqpabc123 wrote:
| In other words, this is a very limited, niche market
| product.
| rcMgD2BwE72F wrote:
| But is it actually a _product_?
|
| Don't think so: https://briarproject.org/about-us/
| ajvs wrote:
| Well yes, being an activist or paranoid of the government
| isn't for everyone.
| [deleted]
| Heliosmaster wrote:
| I'm a bit doubting about this feature: "Share the app with people
| nearby without internet access"
|
| Hey fellow protester, here is a binary for you to install on your
| device. That doesn't sound dangerous, right?
| xori wrote:
| It's actually built into vanilla android
| https://support.google.com/googleplay/answer/9283534?hl=en
___________________________________________________________________
(page generated 2021-11-15 23:00 UTC)