[HN Gopher] Briar 1.4 - Offline sharing, message transfer via SD... ___________________________________________________________________ Briar 1.4 - Offline sharing, message transfer via SD cards and USB sticks Author : Sami_Lehtinen Score : 180 points Date : 2021-11-15 14:27 UTC (8 hours ago) (HTM) web link (briarproject.org) (TXT) w3m dump (briarproject.org) | slim wrote: | The best feature of Briar is still, the tutorial on how to build | it from source. Complete with screenshots | | https://briarproject.org/building-the-source-code/ | BiteCode_dev wrote: | Briar is really neat, and I hope it will land on Linux, Mac and | Windows. Being able to send messages and files directly to | anybody on a local network without any account just rocks. | flaburgan wrote: | Ubuntu 08.04 was already allowing this using empathy... | sebkur wrote: | since recently, there's a cross-platform desktop client in | development using compose for desktop as its UI framework | BiteCode_dev wrote: | That's fantastic news. | giphyman wrote: | I found the code repository for Briar desktop port: | https://code.briarproject.org/briar/briar-desktop | ComodoHacker wrote: | What I'd like to have is easy offline media files sharing across | as many phone models as possible. Basically a free open-source | alternative to ShareIt. Why it doesn't exist yet? Does ShareIt | use some hidden and/or proprietary APIs? | nanomonkey wrote: | I do this with the Manyverse app, which uses the Secure | Scuttlebutt p2p gossip protocol. | urtrs wrote: | TrebleShot was similar but it is deprecated now. | sebkur wrote: | if "on the local lan" is offline enough for you, take a look at | kde connect, connects all your devices with file transfer, | cross-device copy'n'paste etc. | goodpoint wrote: | Briar desperately needs a library for Linux and Windows that can | be used to build all sort of applications. | | Discussion forums, group chat, IM, location-based messaging, | email/mailing-list equivalents, blogs and offline websites and | more. Not just one app. | oggelato wrote: | what do you think about this | https://code.briarproject.org/briar/briar/-/wikis/FAQ#does-b... ? | lucb1e wrote: | It basically says what I would expect, but then I'm a tech- | savvy privacy nerd who knows how this sort of tech works. Any | particular reason you asked? | rchaud wrote: | Peer to Peer data transfer via computing devices is something I | wish was be more mainstream. It's not, because the commercial | cloud storage mafia has invested heavily in telling people that | your data has to traverse their toll roads first. | | I recently discovered Syncthing Fork which was customizable in a | way Google Drive or alternatives were not. And it's entirely P2P, | transmitting files between my laptop and my phone, in either | direction pretty seamlessly. | | I'm now interested in learning about Bluetooth transfer as well | as it works without Internet access. I've heard transfer speeds | are slow though. | oreilles wrote: | Why Bluetooth when WiFi is a hundred times faster? | ChuckNorris89 wrote: | AFAIK there's still no standardized, non-proprietary, easy, | out of the box way to share files between different phones | brands/OS and/or PCs using WiFi as Android/Samsung/Apple each | do their own thing here. | | You have to resort to setting up an ftp server and/or | download extra apps on your phone for this, whereas Bluetooth | file sharing is standardized and should work out of the box | on any phone brand or OS (not sure on iPhones though) and | anyone should know how to use it without needing any third | party apps. | [deleted] | earthscienceman wrote: | KDE connect is actually _really_ fantastic at this. | jqpabc123 wrote: | Just about every OS has built in ftp support _except_ | Android. | | Material Files is an Android file manager that adds the | missing ftp support. | | Start/stop the ftp server with a single click. I have yet | to find anything easier. | ChuckNorris89 wrote: | I'm pretty sure my parents would have no idea how to | setup an ftp service on their phones but they do know how | to use Bluetooth. | | Plus, non-iOS/Android feature phones don't have ftp | support but they do have bluetooth so this cross- | compatibility out of the box is another advantage. | jqpabc123 wrote: | I know how to use Bluetooth --- and I generally find it | harder to setup than the 1 click ftp server in Material | Files. | ChuckNorris89 wrote: | And I know how to do things from the command line faster | than some people using a GUI, but this elitist way of | thinking needs to stop. Consumer devices and their | features should be easily accessible to everyone | regardless of their tech skills. | | That's why Apple is a multi-trillion dollar company. | Because people want the easy way. If things require extra | apps, extra steps and reading tutorials/instructions to | use, you can bet most people will stop right there. | | I'm not disagreeing with you, I'm just saying how things | work for the masses. | ly wrote: | It can be done using WebRTC with something like | snapdrop.net. Still requires both devices being able to | connect to their signaling server, but at least it works on | every device, doesn't require you to install something, | it's peer to peer, and open source. | ChuckNorris89 wrote: | Sure, but take care as I said "easy, out of the box way" | that any user can do, not the way that requires 5 years | of sys-admin experience and 3 dev-ops certifications to | pull off. | | I call it the (grand)parents test. If they can't figure | it out on their own then it's not user friendly enough. | ly wrote: | Yeah I get what you mean, I didn't actually mean | implementing it yourself, but just going to snapdrop.net. | That should doable for most people I assume. | sneak wrote: | Assuming they're already on the same wireless network. | tannhaeuser wrote: | VLC and possibly other apps on iOS can act as web server | allowing file up-/download. | lloydatkinson wrote: | > Bluetooth transfer | | There was a brief period while I was at school where people | would share mp3 files with each other this way. This was before | 2010. | microtherion wrote: | In some areas of the world, this method seems to have | persisted longer. Sahel Sounds released two compilations | "Music from Saharan Cellphones" of tracks that they | originally discovered on such bluetooth sharing networks: | https://sahelsoundscompilations.bandcamp.com/album/music- | fro... | | (Though I'm pretty sure that they then went back and | established traditional contractual relationships with the | artists before releasing the compilations). | dendrite9 wrote: | Man I remember drifting around the internet and finding the | blog post about purchasing song .MP3s in a market and | transferring them over bluetooth. At the time that seemed | like such a cool and unexpected alternate evolution of | purchasing songs from itunes. | MonaroVXR wrote: | Reporting in with a Samsung E900 with 1GB Micro SD card. | ChuckNorris89 wrote: | OMG yes, being able to share jpgs, mp3s and even java apps | from one phone to another via Irda then Bluetooth felt mind | blowing in the early to mid 00's, considering that most | people didn't have internet on their phones (2G/3G data plans | were eye-watering at the time, hell, even texts were | expensive) but their phones had this short range wireless | sort-of-WiFi-ish capability on their phones for sending and | receiving files from other phones or even desktop computers. | _For FREE!_ | | I remember I would spend hours after school in Photoshop to | turn an image I like into the perfect wallpaper for my phone, | tuning the resolution and color gradient until it looked | perfect on the phone's low resolution display, and using | bluetooth to upload them. | | Same with mp3s. Due to the low amount of storage on the early | phones amounting to only a few MB, I spent a lot of time | experimenting with aggressive compression to make sure I | could fit as many songs on my phone as possible. Therefore | they sounded pretty bad on the cheapo wired hands-free | earphones that came in the box, but I didn't care or didn't | bother to notice as I now had my favorite bands always with | me in my pocket before MP3 players became affordable and I | would just get lost in the lyrics on the bus to school. | | On an old Symbian Nokia I had, once you paired it to your PC | via Bluetooth, you could send and read SMS texts off it | directly from windows just like I can now use | Signal/Telegram/Whatsapp desktop clients. I didn't think this | would be so mind blowing until I found that Android had no | similar functionality built in at the time for SMS on desktop | via Bluetooth (and still doesn't AFAIK) which really bummed | me out that such a powerful OS with such powerful HW was so | lacking in features compared to the dying Symbian. | | Another fun anecdote, digging around my parents house this | year, I found my ancient 2003 vintage NEC phone which had | some VGA photos I took with it of me and my old school mates | on it. When I saw that I could pull the photos off it in a | pinch to my modern Android phone using Bluetooth, and | immediately share them online with my former schoolmates from | the photos, it was pretty mind blowing to say the least. | Bluetooth gets a lot of hate today for connectivity issues | some people face, but seeing it work reliably between vastly | different devices almost 20 years apart is an amazing feat in | my book and should at least deserve some praise. | rchaud wrote: | Meanwhile, I couldn't change my 2006 phone's wallpaper | without paying Verizon to enable the USB connection with a | PC. I ended up taking a picture of the wallpaper using the | phone, and then setting that image as the wallpaper. It was | a 2-inch screen so it didn't look too bad. | ziml77 wrote: | Was there no way to flash it with a less restricted | firmware? I remember running Alltel firmware on my | Verizon Razr. And I was able to do similar things to the | Rizr I got as my next phone. | rchaud wrote: | Back then I had no idea about the homebrew firmware | community. It was years later that I got Windows Mobile | and discovered XDA Developers. | ChuckNorris89 wrote: | Yeah I heard US telecoms were insanely draconic (why were | they allowed to act like that though? lobbying?) | | In Europe they weren't saints either but they weren't as | bad when locking down your phone and mostly just resorted | to SIM-lock, instead of locking other features as well. | Y_Y wrote: | People outside Europe still pay their network operator to | "allow" things like tethering. | rchaud wrote: | From what I remember, Verizon did this with dumbphones, | which I think ran similar OSes. So if you wanted to | change the ringtone, you had to buy it from the crappy | e-storefront on the phone. Same for wallpapers, and | moving phone pictures to a computer via USB. | | In 2008 I picked up a Windows Mobile 6.1 phone (Samsung | Blackjack) that didn't have any such restriction. USB | worked and it had a microSD slot for me to add in movies | and music. I could crop an MP3 and simply transfer it to | the Ringtones folder via USB mass storage. | meibo wrote: | Also, small java feature phone games! Was always a highlight | when someone was "traded" a brand new feature phone game from | another school, and it spread through ours within a day. | rchaud wrote: | I believe that's how the "share song" feature of Zune MP3 | players worked. | dashundchen wrote: | The Zune actually shared songs via WiFi. Microsoft | unfortunately dubbed this feature "squirting" and initially | had some silly DRM limits of three plays before the shared | song expired. Nonetheless the Zune was an excellent music | player. | rchaud wrote: | I didn't realize it was using Wifi. I do remember that | unfortunate name though. | jqpabc123 wrote: | https://github.com/zhanghai/MaterialFiles | | Open source Android file manager with built-in ftp server. | | Windows file manager also has built-in ftp. | | Linux has built-in ftp. | | Transfer files fast and easy over WiFi. | Ruthalas wrote: | I use MaterialFiles daily, and had not realized it had that | functionality. | | Thank you for mentioning it! | throw8932894 wrote: | With termux it is pretty simple to run sshd and rsync on | android phone. | sliken wrote: | Or just adb push/pull, which is a nice way to transfer files | (like music) over a USB cable. Even charges the phone at the | same time ;-). | iszomer wrote: | Prior to all this cloud madness, I used to rely on a WiFi | Direct app called HitcherNet and later, Superbeam. But when it | came to actually syncing across a network, I've settled on | Syncthing. | dna_polymerase wrote: | > Peer to Peer data transfer via computing devices is something | I wish was be more mainstream. It's not, because the commercial | cloud storage mafia has invested heavily in telling people that | your data has to traverse their toll roads first. | | Been in software half my life never heard anyone saying | anything like this. It's most of the time easier and more | efficient to use cloud storage than to spin up and bootstrap a | p2p system. Also, thanks to encryption I don't really care if | data hits the cloud. | outworlder wrote: | > It's most of the time easier and more efficient to use | cloud storage than to spin up and bootstrap a p2p system | | Is it though? I've found that non technical family members | will happily use Apple's airdrop to share things. | goodpoint wrote: | This is absurd. Try synchronizing a GB of data between two | devices in the same room on an ADSL. If they (stupidly) | bounce through an external server it might take an hour. | | Not to mention if you are on a mobile connection. | | Very people on this planet have fast + symmetric + unlimited | bandwith available 24/7. | chaxor wrote: | I have seen many concerns of quantum computing and its | ability to blow through most of our encryption standards with | ease. So that trust in the cloud via encryption will likely | soon fade | ziml77 wrote: | I haven't heard anything about symmetric encryption being | easier to break with quantum computers. | shawn-butler wrote: | Cloud providers going through your photos and data for | incriminating evidence in an automated way is a fairly new | thing though. | | The more intrusive it gets the more likely the pendulum will | swing. | | Not many consumers will encrypt unless it's at a product | level. It's too difficult. | a-b wrote: | Reminded me about FTN, FIDO, and Golded | thekid314 wrote: | This sounds like a hobby project. Except Sudan has had its | internet cut for 2 weeks. A widely used mesh network app would | really change the balance of power between the people and the | military coup. | ajsnigrutin wrote: | Ok.. I installed this... what now? | | Is there anything to follow? A list of public accounts/blogs? Or | is the only option to get real-life friends to join, and follow | only them? | sebkur wrote: | you can also add contacts remotely, you need to exchange your | briar links on a different channel. It's safe to post your link | publicly. Only if both parties add each other's links within | the app, you will be able to communicate. Post you own link | here and add mine: | briar://aagcagf7vews5wtz4kpzzy76vpv2r65mlwqlm6a627tvr6bkf75em | imwillofficial wrote: | Anyone remember the Bump app to share contact details? That was | so cool. | marcodiego wrote: | How does it compares to Secure Scuttlebutt | https://en.wikipedia.org/wiki/Secure_Scuttlebutt ? | [deleted] | lucb1e wrote: | That seems to be a protocol rather than an implementation. | | From the project's download page, the only Android application | is manyverse. How does that compare to Briar? | jjbinx007 wrote: | Presumably sd cards are safer to connect rather than unsolicited | usb drives. | ChuckNorris89 wrote: | Safer how? On PC at least, SD card readers, both internal and | external are attached via the USB protocol and are seen by the | OS like mass storage devices, just like USB drives, including | being bootable, so whatever malware you have for a specific PC | target, the payload should basically work the same from SD | cards as via USB drives. | redundantly wrote: | Nyet. | | An SD card in a card slot can only be accessed as a mass | storage device. | | A USB drive can act as a mass storage device as well as a | keyboard and mouse and even contain an entire OS on it that | could be remotely accessible via WiFi. | ChuckNorris89 wrote: | You're right. My bad. | cva wrote: | fwiw, it is most definitely possible to build an sd card | that can exfiltrate its own data over wifi. in fact, that | was the entire point of the Eye-Fi[0] product (though not | with any nefarious intent). | | though granted that's still a way smaller attack surface | than what would be typically granted to a usb device. | | [0]: https://en.wikipedia.org/wiki/Eye-Fi | redundantly wrote: | I had forgotten entirely about Eye-Fi. Excellent point! | | When it comes to physical access, especially with shared | physical devices, there's always going to be some type of | attack vector, however small it may be. | lou1306 wrote: | Still, it's probably much easier for an USB drive to actually | pack malicious _hardware_ in addition to software, like | sensors (e.g., microphones) or an USB killer: | | https://en.wikipedia.org/wiki/USB_Killer | LeifCarrotson wrote: | A USB drive can operate fully within the USB spec, implementing | a USB hub and USB keyboard, and enter malicious code. | | The SD interface does not implement a similar spec, so this | somewhat safer. The bad news most PC card readers are based on | USB, so a targeted attack (which is probably in scope for | Briar's customers) may still be possible - you could attack the | firmware of the card reader, as described in [1] by Adam | Caudill of BadUSB fame. Without breaking that firmware, | however, you can't connect USB network->Card reader->USB hub, | and you also probably can't connect SDIO/SPI network->SDIO- | based-card-reader->USB hub. | | There's also the possibility that the card itself can run | untrusted code. Just like a USB drive, an SD card typically | contains a small 8051 [2] or ARM [3] microcontroller. Running a | compromised controller would give the attacker access to all | the data that's ever sent to the SD card, but one would hope | that Briar does not cache unencrypted data to the uSD card | which the user is expected to write to an physically pass to a | potential adversary. | | Also, be aware of products like the Toshiba FlashAir Wifi SD | card, which implement a wireless adapter in an SD card form | factor. Replacing the label would be trivial, and it could | broadcast or connect to a hidden wifi network without your | knowledge. But again, one would hope that Briar does not cache | unencrypted data to the SD card where it could, with one of | these cards, be exfiltrated wirelessly. I think this capability | is only available as an SD card or an obvious uSD-to- | protruding-SD-card adapter form factor, not as a microSD card | which would typically be used in a mobile device. | | Of course, there's still the possibility that the host OS does | something stupid, like autorun an executable on the external | media...but that's more of a badly configured Windows PC | problem, I expect that modern mobile devices do not do that. | | [1] https://security.stackexchange.com/a/109595 | | [2] https://www.bunniestudios.com/blog/?p=3554 | | [3] https://www.bunniestudios.com/blog/?page_id=1022 | dwb wrote: | I generally lean more toward "i like that iOS is locked down", | but this offline-app-sharing feature is one of the best arguments | I've seen against that. That said, either I'd want peer-to-peer- | shared apps to be signed by an entity I already highly trust, or | that the sandbox containing the app was extremely solid (and | preferably both of course). | xfer wrote: | Well, if you don't trust this person you are downloading your | app from, can you expect them to keep your messages private and | secure? | | It already says when you would use such functionality("might be | useful during internet shutdowns or natural disasters"). | sneak wrote: | Apple (or the military that controls them) can revoke the certs | for any app at any time, rendering it unlaunchable. | INTPenis wrote: | Wow these features really emphasize how Briar is focused on an | arab spring situation where the internet access is restricted. | | The most common gripe about Briar is that it's not on iOS, but | clearly there is nothing like Briar anywhere. Just too bad about | the bluetooth thing. I don't see why it should leak your BT ID. | That should definitely be an opt-in feature. | glitchc wrote: | iOS already has a built in feature with AirDrop. Everything | except apps can be shared through it and it uses a local | connection whenever possible. | INTPenis wrote: | Yeah but Briar communicates over Onion routing, good luck | finding that in iOS. | | The local communications are of course not onion routed, goes | without saying. It's a whole little tookit of subversive | communication, including some anonymous and some not. | jqpabc123 wrote: | Man can not live by Android alone. | | I wish it wasn't this way but a communication app that only | serves Android is severely limited and won't make the cut on my | Android phone. | emptysongglass wrote: | Yes I wouldn't touch it because even though I'm not into Apple | and its ecosystem I do communicate with Apple users and I'd | expect activists would want to too. | rchaud wrote: | The use cases described are niche enough that iOS users can buy | a second Android phone to use it with. | jqpabc123 wrote: | Or they could just use a different solution that supports | both Android and iOS. | | Most people won't carry a second device for just one app. | xfer wrote: | like what? Feel free to post your preferred messenger that | works p2p without internet. | nanomonkey wrote: | Scuttlebutt works over wifi, tor, internet, sneakernets, | etc. There is an android client called Manyverse; a | desktop app, a cli client, libraries in Python, Java, | NodeJS... | rchaud wrote: | I think activists and journalists will make the sacrifice | considering the nature of what they do. | georgyo wrote: | iPhone makes much of these concepts either impossible or | extremely difficult. | | Namely, things cannot operate easily as a background service. | Forcing the user to jump though many hoops to make it work. And | since it is not an apple service. There is a single button | "reset settings" that breaks all the users changes for these | apps. | | On one hand it is generally more secure for iPhone users, on | the other hand it greatly inhibits some types of innovation. | jqpabc123 wrote: | I understand. | | But it doesn't change the fact that other tools are available | which do serve both and are thus much more practical. | georgyo wrote: | There are no other tools that are as quite as paranoid as | briar. | | There is a severe usability and practicality hit as a | result. But if you have friends who interested and paranoid | then it is quite worth it. | jqpabc123 wrote: | In other words, this is a very limited, niche market | product. | rcMgD2BwE72F wrote: | But is it actually a _product_? | | Don't think so: https://briarproject.org/about-us/ | ajvs wrote: | Well yes, being an activist or paranoid of the government | isn't for everyone. | [deleted] | Heliosmaster wrote: | I'm a bit doubting about this feature: "Share the app with people | nearby without internet access" | | Hey fellow protester, here is a binary for you to install on your | device. That doesn't sound dangerous, right? | xori wrote: | It's actually built into vanilla android | https://support.google.com/googleplay/answer/9283534?hl=en ___________________________________________________________________ (page generated 2021-11-15 23:00 UTC)