[HN Gopher] Briar: Peer-to-Peer Encrypted Messaging ___________________________________________________________________ Briar: Peer-to-Peer Encrypted Messaging Author : matthewmorgan Score : 28 points Date : 2022-11-20 22:21 UTC (38 minutes ago) (HTM) web link (briarproject.org) (TXT) w3m dump (briarproject.org) | bawolff wrote: | > The adversary has a limited ability to monitor short-range | communication channels (Bluetooth, WiFi, etc). | | That seems like a pretty big assumption. From what i understand | there already exists deployment of wifi hot spots to track people | (both for advertising purposes and for spying purposes) to the | extent that phone providers started radomizing MAC addresses. | lsh123 wrote: | Building a completely p2p (no servers) e2ee messaging app is not | hard except one big problem: contacts discovery. I looked through | briar website and it seems the solution is to constantly ping all | contacts and hope that everyone is online plus at least one of | IPs stays the same between pings. Did I miss something more | interesting? | jmspring wrote: | And for mobile, network connectivity. | Ptchd wrote: | Briar is nice, too bad they don't have a Linux app (only an | Android app)... Also, it chews through battery in no time. | maqp wrote: | Briar is one of the most important secure messaging projects | currently. Not only does it remove the need to trust the vendor | about content (like with all E2EE messaging apps), you also get | to keep the metadata about communication to yourself as data | transits from one Tor Onion Service to another. | | The downside is of course, you need to keep the endpoint powered | on when you want to be reachable so it will increase the battery | drain on your phone. | | Note: There's also a desktop client if that's easier to keep | online https://briarproject.org/download-briar-desktop/ | | One extremely important thing Briar is doing, is it's using the | P2P as means to host alternative social interaction formats, like | forums and blogs. Similar to Signal/WhatsApp stories (which is | somewhat similar to microblogs/FB wall), it's a way to indirectly | share information. You could pretty much emulate any social media | platform on top of E2EE protocol with ~zero infrastructure cost | and without having to worry about data mining. I'd argue what | Briar's innovating on here is one of the most important aspects | in what's left for secure messaging. | | Finally a small caveat: Briar will share your Bluetooth MAC | address with all peers so it can automatically use that when | you're in close proximity with your peer. Thus sharing your Briar | ID publicly is not a good idea for two reasons: | | 1) major global adversaries may have access to that information | (e.g. if Google aggregates it) which can deanonymize your | account. This also allows slightly technical person to confirm | identity of briar account if they suspect it's you (a bit wonky | threat model but still). | | 2) it ties everything you do across your accounts on same device | together, so there's strong linkability even if you rotate the | identity key by reinstalling the app. | | Briar is pretty clear about this in it's FAQ, but it's still not | very well known although it definitely should be. | | --- | | That being said, if you want similar Onion Service based | communication with no such linkability, there's https://cwtch.im/ | which is a fantastic project. | | There's also https://www.ricochetrefresh.net/ | | Both are spiritual successors to John Brooks' `Ricochet` | application. | | You can also chat and share files (among other things) with | https://onionshare.org/ | | (And finally, you can get remote exfiltration security for | keys/plaintexts with TFC https://github.com/maqp/tfc (my personal | work), at the cost of losing some features like message | forwarding etc that the architecture prevents you from doing.) | dang wrote: | Related: | | _Briar Project - Secure messaging, everywhere_ - | https://news.ycombinator.com/item?id=33412171 - Oct 2022 (7 | comments) | | _Briar has been removed from Google Play_ - | https://news.ycombinator.com/item?id=30498924 - Feb 2022 (85 | comments) | | _Briar Desktop for Linux_ - | https://news.ycombinator.com/item?id=30023169 - Jan 2022 (84 | comments) | | _Briar 1.4 - Offline sharing, message transfer via SD cards and | USB sticks_ - https://news.ycombinator.com/item?id=29227754 - Nov | 2021 (110 comments) | | _Secure Messaging, Anywhere_ - | https://news.ycombinator.com/item?id=27649123 - June 2021 (63 | comments) | | _Briar Project_ - https://news.ycombinator.com/item?id=24031885 | - Aug 2020 (185 comments) | | _Briar and Bramble: A Vision for Decentralized Infrastructure_ - | https://news.ycombinator.com/item?id=18027949 - Sept 2018 (11 | comments) | | _Briar Project_ - https://news.ycombinator.com/item?id=17888920 | - Aug 2018 (10 comments) | | _Briar: Peer-to-peer encrypted messaging and forums_ - | https://news.ycombinator.com/item?id=16948438 - April 2018 (1 | comment) | | _Darknet Messenger Briar Releases Beta, Passes Security Audit_ - | https://news.ycombinator.com/item?id=14825019 - July 2017 (85 | comments) ___________________________________________________________________ (page generated 2022-11-20 23:00 UTC)