[HN Gopher] Briar: Peer-to-Peer Encrypted Messaging
___________________________________________________________________
Briar: Peer-to-Peer Encrypted Messaging
Author : matthewmorgan
Score : 28 points
Date : 2022-11-20 22:21 UTC (38 minutes ago)
(HTM) web link (briarproject.org)
(TXT) w3m dump (briarproject.org)
| bawolff wrote:
| > The adversary has a limited ability to monitor short-range
| communication channels (Bluetooth, WiFi, etc).
|
| That seems like a pretty big assumption. From what i understand
| there already exists deployment of wifi hot spots to track people
| (both for advertising purposes and for spying purposes) to the
| extent that phone providers started radomizing MAC addresses.
| lsh123 wrote:
| Building a completely p2p (no servers) e2ee messaging app is not
| hard except one big problem: contacts discovery. I looked through
| briar website and it seems the solution is to constantly ping all
| contacts and hope that everyone is online plus at least one of
| IPs stays the same between pings. Did I miss something more
| interesting?
| jmspring wrote:
| And for mobile, network connectivity.
| Ptchd wrote:
| Briar is nice, too bad they don't have a Linux app (only an
| Android app)... Also, it chews through battery in no time.
| maqp wrote:
| Briar is one of the most important secure messaging projects
| currently. Not only does it remove the need to trust the vendor
| about content (like with all E2EE messaging apps), you also get
| to keep the metadata about communication to yourself as data
| transits from one Tor Onion Service to another.
|
| The downside is of course, you need to keep the endpoint powered
| on when you want to be reachable so it will increase the battery
| drain on your phone.
|
| Note: There's also a desktop client if that's easier to keep
| online https://briarproject.org/download-briar-desktop/
|
| One extremely important thing Briar is doing, is it's using the
| P2P as means to host alternative social interaction formats, like
| forums and blogs. Similar to Signal/WhatsApp stories (which is
| somewhat similar to microblogs/FB wall), it's a way to indirectly
| share information. You could pretty much emulate any social media
| platform on top of E2EE protocol with ~zero infrastructure cost
| and without having to worry about data mining. I'd argue what
| Briar's innovating on here is one of the most important aspects
| in what's left for secure messaging.
|
| Finally a small caveat: Briar will share your Bluetooth MAC
| address with all peers so it can automatically use that when
| you're in close proximity with your peer. Thus sharing your Briar
| ID publicly is not a good idea for two reasons:
|
| 1) major global adversaries may have access to that information
| (e.g. if Google aggregates it) which can deanonymize your
| account. This also allows slightly technical person to confirm
| identity of briar account if they suspect it's you (a bit wonky
| threat model but still).
|
| 2) it ties everything you do across your accounts on same device
| together, so there's strong linkability even if you rotate the
| identity key by reinstalling the app.
|
| Briar is pretty clear about this in it's FAQ, but it's still not
| very well known although it definitely should be.
|
| ---
|
| That being said, if you want similar Onion Service based
| communication with no such linkability, there's https://cwtch.im/
| which is a fantastic project.
|
| There's also https://www.ricochetrefresh.net/
|
| Both are spiritual successors to John Brooks' `Ricochet`
| application.
|
| You can also chat and share files (among other things) with
| https://onionshare.org/
|
| (And finally, you can get remote exfiltration security for
| keys/plaintexts with TFC https://github.com/maqp/tfc (my personal
| work), at the cost of losing some features like message
| forwarding etc that the architecture prevents you from doing.)
| dang wrote:
| Related:
|
| _Briar Project - Secure messaging, everywhere_ -
| https://news.ycombinator.com/item?id=33412171 - Oct 2022 (7
| comments)
|
| _Briar has been removed from Google Play_ -
| https://news.ycombinator.com/item?id=30498924 - Feb 2022 (85
| comments)
|
| _Briar Desktop for Linux_ -
| https://news.ycombinator.com/item?id=30023169 - Jan 2022 (84
| comments)
|
| _Briar 1.4 - Offline sharing, message transfer via SD cards and
| USB sticks_ - https://news.ycombinator.com/item?id=29227754 - Nov
| 2021 (110 comments)
|
| _Secure Messaging, Anywhere_ -
| https://news.ycombinator.com/item?id=27649123 - June 2021 (63
| comments)
|
| _Briar Project_ - https://news.ycombinator.com/item?id=24031885
| - Aug 2020 (185 comments)
|
| _Briar and Bramble: A Vision for Decentralized Infrastructure_ -
| https://news.ycombinator.com/item?id=18027949 - Sept 2018 (11
| comments)
|
| _Briar Project_ - https://news.ycombinator.com/item?id=17888920
| - Aug 2018 (10 comments)
|
| _Briar: Peer-to-peer encrypted messaging and forums_ -
| https://news.ycombinator.com/item?id=16948438 - April 2018 (1
| comment)
|
| _Darknet Messenger Briar Releases Beta, Passes Security Audit_ -
| https://news.ycombinator.com/item?id=14825019 - July 2017 (85
| comments)
___________________________________________________________________
(page generated 2022-11-20 23:00 UTC)