
Briar Project - fishmaster
https://briarproject.org/how-it-works.html
======
placebo
In an authoritarian regime with large masses of human and technological
resources determined to have control over its population, nothing is really
secure. Sending a message that can't be read by a third party? You're suspect.
Have an illegal app installed on your registered "report to big brother"
phone? Expect an unfriendly visit by big brother police. Don't have a "big
brother" phone? There are various ways of sniffing you out. The bottom line is
that while technology can help in the process, technology can't bring freedom
from oppressing regimes. That is only achieved when a synchronised, large
enough collection of people feel that they are willing to change things even
at great personal risk. Authoritarian regimes know this, and thus put a lot of
effort into using fear of consequences to suppress any hint of such
development.

~~~
giancarlostoro
If only Google and Apple would make a fully end to end encrypted chatting
platform to take place of SMS that is fully federated and not controlled by a
single entity, something the likes of Signal could support / join in on and
other chat apps. When you turn crypto into something the masses use seamlessly
it gets a little more complicated to figure out who the suspects are. Also
default to not synching to the cloud, and explain why syncing to the cloud
could be compromised.

~~~
andrepd
If spying on you is their business model, why would they build an app to
prevent you from being spied?

~~~
LeoPanthera
Spying on you is not Apple's business model.

~~~
shaniamama
Oh indeed it is. I spent years reading apple reports and my conclusion was
that they want the data for themselves so they can sell it. Devices don't make
much profit when you factor in how much is spent buying up almost all old
devices that hit the market.

~~~
p1necone
Do you have any evidence of Apple selling user data?

~~~
slivanes
It's right in Apple's privacy policy, see Disclosure to Third Parties section:
[https://www.apple.com/legal/privacy/en-
ww/](https://www.apple.com/legal/privacy/en-ww/)

They obviously sell user data in aggregate - not at a personal level, but
which of the big tech companies sell personal data (maybe FB / Cambridge
Analytica?)

Also, Apple has Google as the default search engine which Google pays billions
for. Is that selling your personal data?

~~~
p1necone
You mean the disclosure to third parties section that explicitly says "Apple
does not sell personal information"?

I can't see anything in that section that says that they sell information to
third parties, personally identifiable _or_ aggregate (I would consider the
latter to be "personal" data as well fwiw). Is there a specific sentence
you're thinking of?

It seems to be talking about the necessary sharing of data that happens when
Apple contracts with third party services to run their own business. E.g. when
they ship you a product they need to provide your address to the courier
company. Or when they pay an advertising company to run ads for Apple products
targeting certain markets/their own existing customers (not the same thing as
selling personal data to an advertiser so that they can run ads for other
products using said data - that _would_ be selling personal data)

As far as I can tell you're either using a definition of "sell" that is
different to mine, or you're claiming Apple is using weaselly language to make
it sound like they don't when they do (which is not unheard of of course). But
you haven't provided enough information for me to really know what you're
talking about - which is it, and why?

Also no, making the default search engine google is not selling personal data.

~~~
slivanes
They target ads to your interests, default on:

"Ads that are delivered by Apple’s advertising platform may appear in Apple
News and in the App Store. If you do not wish to receive ads _targeted to your
interests_ from Apple's advertising platform, you can choose to enable Limit
Ad Tracking, which will opt your Apple ID out of receiving such ads regardless
of what device you are using. If you enable Limit Ad Tracking on your mobile
device, third-party apps cannot use the Advertising Identifier, a non-personal
device identifier, to serve you targeted ads. You may still see ads in the App
Store or News based on context like your search query or the channel you are
reading. In third-party apps, you may see ads based on other information."

~~~
p1necone
A third party being able to list ads on _apples_ ad platform that target some
collection of desired user data is _not_ the same thing as said third party
obtaining user data.

Third parties are buying ad listings, not user data. They have no way to
extract user data from the ad platform, unless there's some kind of data leak.

If you think Apple is harvesting data off of bought back phones to improve
their ad targeting that would also be a scandal (that I would expect some
evidence of - otherwise it's just baseless speculation), but referring to it
as "selling user data" is just obscuring what you're actually trying to
communicate.

~~~
zelphirkalt
Unless those ads contain anything, that is loaded from the ad creating
company, whichis then loaded in the user browser. Of course, no platform would
allow requests to a third party …

------
dunefox
I've been looking for secure messengers during the last few weeks. I use
WhatsApp, Signal, and Telegram. Telegram isn't very secure, WhatsApp is owned
by Facebook and even Signal - while very secure - requires a cell phone
number... Briar seems great in this regard but isn't available on iPhone and
has no support for images, calls, voice messages, etc. Apparently they're
going to support images and a desktop client, though.

In short, I just don't know what to use.

Edit: Session looks great but is not fully released yet:
[https://getsession.org/](https://getsession.org/) This might be what I'm
looking for in the future.

~~~
dijit
Have you looked at 'threema'? I recently installed it and I'm actually
pleasantly surprised.

However, all of these bloody messengers mean that my contacts list is spread
across a multitude of programs: we need the iOS/Android equivalent of pidgin.

~~~
dunefox
Threema is closed source which is something I don't really like when it comes
to security as there are no independent audits.

Edit: Generally, Threema seems interesting feature-wise, but I think the price
(4€) will prevent my contacts from using it...

~~~
dijit
Interesting thought experiment though; if you’re not paying for the
development and hosting- who is?

------
timeout_in_5
Briar Project (and other projects like Signal and Tor) are funded by Open
Technology Fund.

OTF is being killed by the current US government and this will affect all
projects!

[https://en.wikipedia.org/wiki/Open_Technology_Fund](https://en.wikipedia.org/wiki/Open_Technology_Fund)

[https://saveinternetfreedom.tech/](https://saveinternetfreedom.tech/)

[https://saveinternetfreedom.tech/updates/](https://saveinternetfreedom.tech/updates/)

------
askxnakjsn
Now that I think about it, why aren't most messaging apps peer to peer?
Shouldn't that be the standard? I mean it's literally the point of messages:
sending from one person to another.

~~~
crazygringo
Because:

a) Often the intended recipient isn't online when the message is sent, and it
may happen that there is never a time when both sender and recipient are
online simultaneously (e.g. sender's device only turns on to send the
occasional message, receiver's device is usually off but turns on occasionally
to check if there are messages)

b) Often one or both devices can only _connect_ to, but can't be _connected_
to (because behind a NAT, a mobile device, firewall, etc.)

c) Communication is often desired between accounts rather than devices -- I
may want to send/receive on my work computer, home computer, phone, and watch

~~~
davidzweig
Is IPv6 likely to be a practical solution to the router/NAT issue? Are routers
assigning globally-routable IPs to their clients, is that already a thing?

~~~
untog
IPv6 solves _one_ of the reasons to use NAT. One more intractable reason is
that many players (cellphone network operators, corporate networks) consider
it a positive thing that individual devices are not globally accessible.

~~~
namibj
For cellphone networks it's not just a provider-side incentive, as inbound
traffic will drain battery and you'd have no good way to stop it. But this
only requires some sort of spam filter to be in front of the cellular link,
like with a friends-based system where you keep connections to some friend's
online nodes when you lock your phone, and just exchange IP+port info on both
sides to just send a UDP packet to each other's IP+port from your own IP+port,
punching your firewall. Theoretically you might even actively control your
firewall to allow closing it off and also maintaining some permanent open
entries for your friends to reach you with no indirection from their usual
network(s). A provider could make money by selling (quota for) provider-side
user-controlled firewall entries, and you could have your OS give out quota to
apps.

It's feasible once you reach the point where it's worth the effort of
implementing.

------
dzink
I don’t have an answer, but a slightly different perspective. Many different
segments have a deep interest in using highly secure encrypted communications:
politicians working on deals within/between governments (that should be
auditable, but many try to avoid that), whistleblowers, organizers operating
in adverse governments, dissidents, terrorists, pedophiles with a lot to lose
(similar to Epstein’s network), healthcare professionals trying to talk to
patients or other doctors in a hippa world, illegal transaction networks,
attorneys with clients, VCs trying to debate the future of the world,
companies trying to preserve trade secrets, you name it. It takes one of the
egregious bad actors using the system to commit a crime worthy of public
attention before the entire system is justifiably unpacked, banned, or
considered a signal of bad intentions.

How can a system be made decentralized, but able to self-police against
legitimately, publicly agreed upon bad behavior? If the system is able agree
upon and exclude legitimately bad behavior automatically, the governments
would not have a claim upon needing to police it and regular users would
probably find it beneficial as well.

How could the self policing possibly happen?

Maybe you have a blockchain of anonymized encrypted messages that is read by
open source scanning bots - if enough independent bots flag a message, then a
group of anonymous judges can adjudicate to ban those user accounts?

Encryption is one challenge, but if you want true ubiquitous privacy, you need
to deliver internal safety to prevent the need for external policing of
activity. Social creatures of any species from dolphins to macaques have
evolved some kind of internal behavior policing mechanism or trust is lost,
and as such the system of value exchange grinds to a halt.

~~~
zelphirkalt
This is the same way of thinking many politicians subscribe to: "There has
been one terrorist attack, which killed 20 people, quickly now, surveilance
everyone and everything! Think of the dangers!"

Throwing out the baby with the bathing water (does this proverb exist in
English?) is not going to do society much good. Just because there some bad
actors, one does not need to discard the whole idea of encryption.

Also the dehumanized way of checking for bad content will not help. Bad actors
can pre-encrypt or disguise content, whatever you do. Furthermore when the
bots have the key to decryption, then the backdoor is built into the system.
Bad actors and politicians will try to make use of that.

~~~
keithlfrost
The English idiom is precisely "throwing out the baby with the bath water."
So, as they say, you "hit the nail on the head."

------
ris
What I don't understand about Briar is how it can _scale_. Surely it can't
know ahead of time _which_ users are going to "travel to another part of town"
and should therefore have messages pre-loaded onto their devices. Therefore to
me this _seems_ like it must use some kind of broadcast delivery model and so
would be vulnerable to flooding attacks.

Edit: seems there are _some_ thoughts about this already
[https://code.briarproject.org/briar/briar/-/issues/511](https://code.briarproject.org/briar/briar/-/issues/511)

------
foresto
Earlier this year, I finally took the time to revisit the state of instant
messaging services. My requirements:

\- open source

\- cross-platform (linux, mac, windows, ios, android)

\- group chats

\- end-to-end encryption

\- well-understood crypto ciphers & protocols

\- mature enough for a reasonable expectation of security & privacy

\- easy enough for most computer users

\- some way to protect metadata (e.g. self-hosting)

\- signup without real-world ID

\- offline message delivery

I ended up choosing the Matrix network. The reference client is called
Element[1] (formerly Riot). There are things I dislike about the client, but
they're pretty minor compared to the benefits of the underlying protocol, and
lots of alternative clients are in development[2][3].

On top of meeting my requirements, all signs indicate that development is both
active and moving in the right directions. Reading the team's weekly reports
and issue tracker convinced me that they are making very sound decisions.

[1]: [https://element.io/](https://element.io/)

[2]: [https://matrix.org/clients-matrix/](https://matrix.org/clients-matrix/)

[3]: [https://matrix.org/clients/](https://matrix.org/clients/)

Here's what I didn't like about the others:

Briar: Lacked cross-platform support and (iirc) offline messaging. Tor brings
baggage that not everyone is ready to accept.

Cwtch: Not mature yet.

Jami: Very fragile code base in my experience, which was also true when was
called Ring, and when it was called SFLphone. Only about 25% of the builds
I've tried over the years actually worked. I was unable to determine whether
it had offline messaging.

Keybase: Now owned by Zoom, which is a privacy nightmare.

Ricochet: Same problems as Briar.

RocketChat: Crypto is not mature yet.

Session: Not mature yet. Small limit on number of group chat participants.

Signal: Required phone number for signup. Required Google Play Services (aka
spyware) for quite a long time. Weak cross-platform support. Some of that is
finally changing, but Moxie will surely make more intolerable design
decisions, and refuse to fix them for years, again.

Telegram: Homebrew crypto.

XMPP: Most clients are hard to use (or to teach others to use). Good servers
are hard to find. Protocol standards are a mess. I couldn't find a real-world
e2ee group chat implementation.

Everything else: Failed to meet my requirements even before I looked closely,
mostly due to closed code and/or problematic corporate interests. (For
example, I will not use an app from Facebook or any of its subsidiaries.)

~~~
michaelsbradley
Did you look into Status?

[https://status.im/](https://status.im/)

[https://github.com/status-im/status-react](https://github.com/status-
im/status-react)

[https://github.com/status-im/nim-status-client](https://github.com/status-
im/nim-status-client)

~~~
foresto
I didn't, but since you linked to it, I took a peek. I couldn't find any
linux, macos, or windows support within a couple minutes of visiting the site,
so it fails my "cross-platform" and "easy enough" requirements.

It seems to be married to Ethereum. That's mildly interesting. It raises
questions about its relationship to cryptocurrency and blockchain tech, but
until it meets my requirements, I'm not inclined to spend time investigating
the answers.

~~~
michaelsbradley
The desktop client (linux, macos, windows) is a work in progress; alpha builds
are available. See the third link in my comment to which you replied. I could
have been more clear on that point — I replied on my phone just before going
to bed.

The wallet functionality is tied to Ethereum, but the chat functionality works
separately.

Originally Status used the Whisper protocol, which used to ship with some
Ethereum clients but never gained real traction. Status has switched to a
protocol named Waku that's in development but progressing nicely.

If at some point you're interested and have questions, let us know! (I'm on
the team developing the desktop client)

------
gorgoiler
Support for a TEMPEST mode of communication would be a killer feature. Perhaps
vibrate mode on one phone being picked up by the accelerometer of another?

In our hypothetical dystopian future _The Regime_ will probably jam 2Ghz to
5Ghz in public spaces. TEMPEST mode would also force them to install vibrators
into all coffee shop tables.

~~~
eeZah7Ux
> Support for a TEMPEST mode of communication would be a killer feature.

You are misusing the term. TEMPEST is an attack.

> Perhaps vibrate mode on one phone being picked up by the accelerometer of
> another?

At very close distance vibrating our vocal cords and eardrums would be much
easier and works without battery.

~~~
Forbo
I can't exactly modulate my vocal chords to send a file. But I think you're
right, using some sort of high-frequency beacon tone like what they use for
the creeping tracking identifiers might be an option.

------
szundi
Since they are on their phones via factory rootkit, good luck.

------
ergwwrt
Use of wifi during blackout? Wifi does not work during wifi. Only over the air
comms are secure. Any wired connaction is tapped

~~~
maqp
>Any wired connaction is tapped

Thats what encryption[1] is for.

[1]
[https://en.wikipedia.org/wiki/Encryption](https://en.wikipedia.org/wiki/Encryption)

------
lostgame
Oh; wow. Not all heroes wear capes. Install _now_!

------
xwdv
What the fuck ever happened to communicating through plain old radios?
Impractical for someone to track you, trivial to speak in codes.

~~~
nichos
Distance is an issue. And it's unlawful in the United States to encrypt ham
radio traffic. No one's really monitoring CB much anymore though.

~~~
xwdv
It’s unlawful to protest violently as well, I don’t see the point in obeying
ham radio laws there.

------
r41nbowdash
many of my friends are activists, and i'm hesitant to disclose to them which
technologies they could use. 95% chance they're going to use it for getting
drugs, or avoid monitoring to organize gatherings, which, without law
enforcement protection always have potential to turn violent. i just don't
want to take responsibility for these actions.

then you have heavy stuff, people trafficking, bomb threats, suicide threats,
organ trade, child abuse, and crypto seriously limits the options for a
response. as long as we're talking about functioning democracies, it does more
bad than good.

------
User23
Criminal conspiracy as a service. I don’t think I’d invest my money.

Edit: to clarify their marketing is transparently targeting organizers of
street violence. I have no problem with encryption and don’t think government
forbidding it is a good idea.

~~~
p1necone
You're going to need to be more specific. People are downvoting you because
it's not really clear what you're talking about, and I'm getting serious alt-
right conspiracy vibes.

~~~
User23
I can assure you that you cannot in fact read minds and any "vibes" you are
experiencing are autogenerated.

Also, please remember "Please don't comment about the voting on comments. It
never does any good, and it makes boring reading"[1].

[1]
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

