[HN Gopher] Briar Desktop for Linux
___________________________________________________________________
Briar Desktop for Linux
Author : Sami_Lehtinen
Score : 156 points
Date : 2022-01-21 13:27 UTC (9 hours ago)
(HTM) web link (briarproject.org)
(TXT) w3m dump (briarproject.org)
| l30n4da5 wrote:
| Never heard of Briar. Title made me think it was some new cool
| desktop environment for linux.
|
| It took me longer than I care to admit before I realized Briar is
| just a messaging app.
| [deleted]
| dmitryminkovsky wrote:
| I also assumed it was a window manager or a GUI or something of
| that nature. They could tweak a few works to make that clear,
| though. The project looks cool.
| forgetfulness wrote:
| A new environment with just a handful of apps comes every so
| often.
|
| In that regard, what are other apps like Briar?
|
| The premise is:
|
| > Briar is a messaging app designed for activists, journalists,
| and anyone else who needs a safe, easy and robust way to
| communicate. Unlike traditional messaging apps, Briar doesn't
| rely on a central server - messages are synchronized directly
| between the users' devices. If the internet's down, Briar can
| sync via Bluetooth or Wi-Fi, keeping the information flowing in
| a crisis. If the internet's up, Briar can sync via the Tor
| network, protecting users and their relationships from
| surveillance
| leni536 wrote:
| Jami comes to mind.
|
| https://jami.net/
| balena wrote:
| > what are other apps like Briar?
|
| It sounds similar to Scuttlebutt https://scuttlebutt.nz/
| maverick74 wrote:
| There is also https://Berty.tech
| feanaro wrote:
| There's some overlap with P2P Matrix (which isn't yet done
| but is in the works).
| IceWreck wrote:
| Difference is P2P isnt matrix's main goal. Their approach
| to P2P is to just bundle an entire homeserver on your phone
| or desktop client.
|
| Briar was built for P2P from the ground up, so presumably
| they planned this better.
|
| This isn't a criticism of matrix. Matrix is great and I use
| it everyday but gotta give credit where its due.
| feanaro wrote:
| A _lightweight_ homeserver. If lightweight enough (which
| remains to be demonstrated in practice of course), I don
| 't see a meaningful difference from a monolith design.
|
| I see no reason to think P2P isn't a goal of Matrix
| either; the reason it's not P2P now is that federation
| was easier, but the long-term game certainly looks to be
| P2P with work on cryptographic, portable identities and
| Bluetooth mesh networking in the form of Pinecone. I've
| also seen arathorn confirm this on HN.
| maverick74 wrote:
| I'm very curios about p2p matrix as well because I hope it
| will bring privacy mainstream. The closest now is signal
| which is, at best, very far away from whatsapp.
|
| I hope this will change with p2p matrix...
| orblivion wrote:
| My experience a few years ago just giving Briar a try for fun was
| that both parties had to be online at the same time to relay
| messages (since there's no normal servers) and that it drained my
| phone battery quickly when I was online. Not practical.
|
| I was thinking it would be nice to be able to run some sort of
| node under my own control that could buffer those messages. I
| feel like there was even an option to do that for phones, where
| someone could help relay messages between two friends, but I
| could be remembering wrong. At any rate, it would be cool if the
| desktop app could play this role.
| giphyman wrote:
| it looks like briar is already working on that buffer node
| concept: https://code.briarproject.org/briar/briar-mailbox
| orblivion wrote:
| Thanks, I'll keep my eye on it!
| dingdingdang wrote:
| Since I needed brief intro myself, Wikipedia says:
|
| "The initial target audience for Briar includes "activists,
| journalists and civil society" with plans to make the system
| "simple enough to help anyone keep their data safe." As the
| ability to function in the absence of internet infrastructure may
| also make the project valuable to disaster response and aid
| organisations, the developers are working with the Open
| Humanitarian Initiative and Taarifa. Ultimately, the developers
| aim to create a system which is "as simple to use as WhatsApp, as
| secure as PGP, and that keeps working if somebody breaks the
| Internet.""
|
| Would personally love a blog review or two of Briar but found
| little thus far.
| pulse7 wrote:
| Who can guarantee me that this isn't built by some national
| security agency with some tiny, hidden backdoors?
| grote wrote:
| No one can, but isn't that the case for all software?
|
| At least it is Free Software with reproducible builds, so you
| can audit the shit out of it.
| mburee wrote:
| I totally agree, but no one ever pays the money to have it
| properly audited
| vorpalhex wrote:
| It's you. You can pay to have it audited right now.
|
| You can also audit it, if you have the skillset.
| sodality2 wrote:
| It has been audited. https://code.briarproject.org/briar/
| briar/-/wikis/FAQ#has-br...
| Iolaum wrote:
| The person you can hire to audit the code ;)
| sodality2 wrote:
| https://code.briarproject.org/briar/briar/-/wikis/FAQ#has-
| br...
| mobilemidget wrote:
| is there already some compare available that shows differences
| with other messengers like Telegram or Signal?
| derbOac wrote:
| It's been awhile since I used Briar, but unlike something
| like Signal, Briar is decentralized. So you can communicate
| with other Briar users in the absence of a central server.
| Briar at least used to be very strict about how you
| established contacts, so, for example, to add a contact you
| had to have them physically in your presence and exchange QR
| codes on your phone. You couldn't just add someone from your
| phone contacts, for example, or look up their phone number.
|
| The downside to these things is that Briar tends to use up
| battery on mobile devices, because it's constantly running to
| handle the decentralized communications. Also, having to have
| someone physically in your presence makes it difficult to add
| someone casually like some other apps.
|
| Some of these things might have changed, as they've been
| pretty consistent and active in developing the software, and
| it has evolved over time into offering more and more
| functionality. In general, Briar development tends to be very
| conservative about security, but also very encouraging of
| "robustness" development for lack of a better way of putting
| it (I think at one time they had an API so that it could be
| extended to general "off grid" communication protocols, or at
| least were discussing it).
|
| I'm a little surprised it hasn't gotten more attention over
| the years, because I think it has been audited and seems very
| very secure. It also pops up on places like HN from time to
| time. On the other hand, that conservativism about security
| makes it sort of impractical for someone who, say, just wants
| to chat with friends and family.
|
| I think the best comparison is probably with Matrix rather
| than Signal or Telegram, but Briar lacks the federated
| component at the moment.
|
| This desktop release is interesting to me because in some
| ways it represents a major expansion of the software. As I
| said, they've tended to be very conservative and it's
| interesting to see it added. It also probably makes it more
| feasible to treat the desktop instance as a sort of
| "permanent on" server with access to a power supply instead
| of running off a battery (to be honest, starting with a
| desktop service kinda makes more sense to me given the power
| requirements).
|
| Take this all with a grain of salt because, although I have
| it on my phone, I haven't actually used it in some time and
| haven't actively kept up with development in a couple of
| years.
| voussoir wrote:
| > Briar at least used to be very strict about how you
| established contacts, so, for example, to add a contact you
| had to have them physically in your presence and exchange
| QR codes on your phone.
|
| This has indeed changed, it is possible to exchange
| briar:// links over another channel and add contacts
| without physical presence.
|
| > It also probably makes it more feasible to treat the
| desktop instance as a sort of "permanent on" server
|
| I agree, and this might be one step towards solving the
| "using one briar key on two devices" problem by making the
| pc authoritative.
|
| https://code.briarproject.org/briar/briar/-/wikis/FAQ#can-i
| -...
|
| > although I have it on my phone, I haven't actually used
| it in some time
|
| Me too. None of my friends/family would be interested in
| using Briar, but it's too cool for me to not keep it
| installed. I like reading the update notes and seeing it
| progress.
| leonry wrote:
| If you understand German, then I recommend the review by Mike
| Kuketz (https://www.kuketz-blog.de/briar-anonymitaet-und-
| sicherheit-...). Maybe you get a decent translation with Deepl,
| though I stay wary.
|
| There is also a comparison to other messenger systems on
| https://www.freie-messenger.de/systemvergleich/. They have a
| PDF in English available, but it doesn't really tell much.
| giphyman wrote:
| Their website has a press page with some reviews and
| presentations: https://briarproject.org/press/
| rogers18445 wrote:
| There is another project which I'm keeping an eye on:
| https://cwtch.im/
|
| source code: https://git.openprivacy.ca/cwtch.im
| throwawayair557 wrote:
| Me too. They seem to be in need of funding to be sustainable.
|
| https://www.patreon.com/openprivacy
| maverick74 wrote:
| Berty is also interesting
| bubersson wrote:
| It's great that the messaging works over bluetooth and local
| wifi, but I really wish the phone app would be able to cache and
| relay encrypted messages to others.
|
| Or does that somehow work through the posts and forums in the
| app?
| tekknolagi wrote:
| Apparently being worked on:
| https://news.ycombinator.com/item?id=30025858
| bubersson wrote:
| It requires someone running a server device. I don't think
| that's a good direction to take unless it's really easy to
| enable that within the mobile app :(
| only4here wrote:
| I had no idea that Briar had a desktop version. I would have been
| using it waay sooner!
| jedahan wrote:
| When I tested peer-to-peer messaging a couple of years ago, Briar
| was the _only_ messenger that was able to sync messages and data
| without needing a common router. Was very happy to see.
| l-albertovich wrote:
| What I found interesting about this was the bluetooth / offline
| communication part.
| irfwashere wrote:
| What does the YComb community think p2p apps like GNU Jami? I
| never hear much about it and think it's pretty decent unless
| someone has good reasons to think otherwise. Thanks
| timbit42 wrote:
| I haven't had a chance to try it as it won't connect through my
| firewall, yet Tox will.
| PhilKunz wrote:
| how do devices find each other without an introductory server?
| sebkur wrote:
| When you're close to someone you can make an initial exchange
| via QR+bluetooth. When you're distant you need to exchange your
| briar:// links on a different channel.
| sebkur wrote:
| It's also safe to post your briar:// link online
| (https://code.briarproject.org/briar/briar/-/wikis/FAQ#is-
| it-...)
|
| So if anyone wants to try the app but doesn't want to
| convince somebody else to do so too, just add my link and
| post yours below:
|
| briar://acyeao3gd3sqldlljx6etcjyxdr4ux6m6s3ge3r4z6st7ju2ac5xg
| grote wrote:
| Using Tor onion services that get exchanges when adding a
| contact nearby via WiFi or Bluetooth. If adding over the
| internet, a rendezvous service will be created.
| efficax wrote:
| Do any of these "decentralized" and "end to end" encryption
| communication systems actually solve the fundamental problem
| which is that you have to trust the person you're communicating
| with to not give up the content of the messages _they 've_ sent
| and received. People's telegram and signal comms are always
| showing up in subpoenas because someone unlocks their phone for
| the feds. I guess what I'm thinking here is that there's nothing
| about this that is any better than pgp emails, and i'm not sure i
| understand why these forms of communication are flourishing when
| they seem to offer little real protection against a motivated
| state adversary who doesn't need to attack the system if they can
| just ask someone for the keys
| Sanzig wrote:
| I love PGP, but let's be honest, it's not user friendly in the
| slightest. It's an esoteric bolt-on to email that requires both
| ends to want to use it and go through the trouble of setting it
| up, which basically means that it's really only useful to nerds
| and people with sufficient requirement for secrecy that they
| actually go through the trouble.
|
| Services like Signal are great because they're E2EE by default
| _and_ they 're user friendly. We got my tech illiterate mother
| and stepfather on Signal so they could participate in family
| group chats. No way she would have been able to navigate GPG.
|
| As for the issue you're bringing up about the endpoint getting
| compromised, the simple solution is a retention policy
| (disappearing messages), which Signal has supported for some
| time now. It doesn't help if the allegiance of owner of that
| endpoint is flipped (they can simply screenshot future
| messages), but it does prevent the adversary from getting a
| full text dump of previous conversations if they swipe the
| phone for example.
| upofadown wrote:
| >Services like Signal are great because they're E2EE by
| default and they're user friendly.
|
| Signal might be a bad example because it is not really that
| user friendly when it comes to the hard bit. That is:
| confirming that you are actually connected to who you think
| you are connected to and not some third party. In a usability
| study involving Signal[1], 21 out of 28 computer science
| students failed to establish and maintain a secure end to end
| encrypted connection.
|
| We should not kid ourselves into thinking that the usability
| of end to end encrypted messaging has been solved. It is very
| much still an outstanding issue.
|
| [1] https://www.ndss-symposium.org/wp-
| content/uploads/2018/03/09...
| tapoxi wrote:
| At least for my family members, they switched to Signal because
| they don't trust Facebook and Google abandons their products
| after a few years.
|
| iMessage isn't an option because half of the family is on
| Android.
|
| If a motivated state actor wants pictures of my baby niece then
| I guess they're welcome to it.
| ElevenFingers wrote:
| Signal has a "Disappearing Messages" feature that deletes
| conversations contents after a set amount of time. This is the
| only feature that I'm aware of on these major messenger
| services that works to solve the concern for your conversations
| on the recipients devices.
| not2b wrote:
| Conspiracies using Signal and similar services often fall
| apart because someone in the conversation is undercover or
| has a change of heart: someone thought he was signing up to a
| protest movement and then finds out that others want to
| kidnap a politician and hold her hostage (the governor of the
| state of Michigan, where this happened) and sends the
| messages to the cops, even though they were set to disappear.
|
| Figuring out a solution for this would enable new kinds of
| horror, like when in 1984 Winston is shown a photo that
| implicates the party leader in a crime and his torturer then
| tosses it in the "memory hole" to burn it up. You can see
| evidence of something horrific but you cannot share it,
| cannot prove it and then it disappears.
| not2b wrote:
| As Ben Franklin said, "Three can keep a secret, if two of them
| are dead." There's no technical solution for that. End-to-end
| encryption will help if one person sends information to one
| competent, trustworthy journalist. It won't help much if large
| groups of people try using it to conspire to overthrow a
| government: someone will talk, someone will be an undercover
| double agent.
| throwawayair557 wrote:
| The defense against that is 'disappearing messages' which is
| available in most popular E2E messaging apps nowadays,
| including Signal and WhatsApp.[1]
|
| PGP emails doesn't even have forward secrecy. Emails are not
| messaging, it needs video/voice calls, stickers/gifs etc etc to
| have any hope of being adopted by non-techy folks.
|
| The Signal blog has a number of articles on how they develop
| state-of-the-art privacy preserving features. [2][3][4][5][6].
|
| Also the only info Signal has about you is "Unix timestamps for
| when each account was created and the date that each account
| last connected to the Signal service", which is what it
| provides to government requests [7].
|
| [1] Disappearing messages
|
| https://signal.org/blog/disappearing-by-default/
|
| [2] How to build large-scale end-to-end encrypted group video
| calls:
|
| https://signal.org/blog/how-to-build-encrypted-group-calls/
|
| [3] Signal and GIFs
|
| https://signal.org/blog/giphy-experiment/
|
| https://signal.org/blog/signal-and-giphy-update/
|
| [4] Signal groups,
|
| https://signal.org/blog/signal-private-group-system/
|
| [5] Sealed sender
|
| https://signal.org/blog/sealed-sender/
|
| [6] Private contact discovery
|
| https://signal.org/blog/private-contact-discovery/
|
| [7] Government requests
|
| https://signal.org/bigbrother/
| upofadown wrote:
| >PGP emails doesn't even have forward secrecy.
|
| Yeah, that is a bit of a mystery. There is no technical
| reason. I think that email users just want to keep their old
| emails around, which of course makes forward secrecy
| pointless. Perhaps PGP users would prefer to use the greater
| security available for the private key material in an offline
| medium like email to make it so they don't get compromised in
| the first place.
| lucideer wrote:
| > _actually solve the fundamental problem_
|
| If you consider this "the" fundamental problem you're (a)
| underestimating the severity of other problems and (b) wildly
| overestimating what technology can achieve for humanity.
|
| Trusting other individuals in this world is not a problem
| that's solvable by messaging protocols. Even literal scifi
| solutions like Mission Impossible exploding sunglasses
| inherently trust the recipient of the message not to share data
| post-self-destruct. Recipient trust is a fundamentally implicit
| part of deciding to communicate at all, through any medium.
| p2t2p wrote:
| I think what they want is censorship resistant mesh network
| that wouldn't require first seeding from known addresses like
| I2P does and most of the others too.
| PragmaticPulp wrote:
| > People's telegram and signal comms are always showing up in
| subpoenas because someone unlocks their phone for the feds.
|
| If the counterpart can see something with their own eyes (or a
| screenshot) then how would you even expect to protect against
| this?
| cassianoleal wrote:
| With a Neuralyzer [0], I guess. /s
|
| [0] https://meninblack.fandom.com/wiki/Neuralyzer
| anjbe wrote:
| Signal's primary defense against that is disappearing messages.
| Beyond that, what can you really do against what is essentially
| an untrusted endpoint? Education and awareness, and hope that
| it sticks.
| ben-schaaf wrote:
| > that you have to trust the person you're communicating with
| to not give up the content of the messages they've sent and
| received
|
| This has always been the case for any form of communication,
| verbal or otherwise. You're always trusting that the people
| you're talking to don't share your conversation if you don't
| wish it to be shared. This is a inherent to communication, not
| anything technology can possibly fix.
| [deleted]
| skinkestek wrote:
| There is a lot of misunderstandings around messaging systems.
|
| End-to-end encryption is an extremely nice feature as it lets
| us make the assumption that messages cannot be read by a middle
| man even if 100% of the employees are corrupt and the messages
| pass right through FSB and NSAs networks twice.
|
| But, as you point out: for most people this falls flat in most
| cases once you are up against the big guys and they have
| decided to get you.
|
| _That does not mean that it is useless though_ : most people
| won't get approached by these agencies, and E2E-encryption will
| keep it out of the hands of dragnet surveillance, snooping
| telecoms providers or FAANG companies and a number of other
| very realistic scenarios.
|
| (That is unless you use a system that helpfully uploads
| unencrypted copies of everything you write to a certain large
| FAANG class company.)
|
| Then there is federation, I guess that is what you mean by
| decentralized. This is another really sweet property of a
| messaging system. However, for security it has a number of
| problems - a little bit less or more depending on exact
| implementation.
|
| On top of this there is technical execution: Everyones
| (including me) darling Signal for example has had some pretty
| nasty problems.
|
| Alltogether it comes down to this if you want to avoid
| problems: stay out of what trouble you can stay out of and
| think opsec if you cannot.
|
| And remember that US knew exactly when Soviet started working
| towards an atomic bomb, because after they started the flow of
| related research papers stopped ;-)
|
| I.e. opsec is seriously hard if you are up against a powerful
| entity. Plausible deniability, blending in etc can be just as
| useful as bulletproof crypto.
| voussoir wrote:
| > Then there is federation, I guess that is what you mean by
| decentralized.
|
| I can't speak for GP's use of scare quotes around
| "decentralized", but it's worth noting in this case that
| Briar is fully decentralized, not federated. It is peer-to-
| peer messaging.
| hnlmorg wrote:
| The only reliable security you can implement here is not to
| send the message in the first place
| lkxijlewlf wrote:
| > Do any of these "decentralized" and "end to end" encryption
| communication systems actually solve the fundamental problem
| which is that you have to trust the person you're communicating
| with to not give up the content of the messages they've sent
| and received.
|
| That's a biology problem, not a digital one.
|
| These systems can't solve that problem, so yeah, you have to
| trust that person.
| Dylan16807 wrote:
| pgp is fussy to set up, and that matters.
|
| But beyond that, good secure messaging protocols are designed
| so the recipient can verify you sent a message but not prove
| that to anyone else.
|
| And they also make it so a compromise of your private key can't
| be used to decrypt old messages.
| ReactiveJelly wrote:
| There is a word for "You can't prove I said that", and even
| though English is my only language, I can't remember the word.
| It feels like "repudibility". I think I'm on the right track:
| https://en.wiktionary.org/wiki/repudiate
|
| I think it is related to forward secrecy.
|
| Maybe the E2EE apps should have a button for that, call it
| something snazzy like "The 5th Amendment button" and right next
| to that is a button for trivially forging texts and screenshots
| with the app's own UI, so that everyone knows that anything can
| be fake.
| Tomte wrote:
| Repudiation
| hiq wrote:
| The Signal protocol already guarantees repudiation:
| https://en.wikipedia.org/wiki/Signal_Protocol#Properties
|
| But this is just cryptographic repudiation, meaning that a
| receiver cannot prove that they didn't tamper with their
| Signal data to fake having received a message from a certain
| sender. OP is talking about something else: preventing any
| data the receiver might have received to be transferred to a
| 3rd-party, but that's impossible.
| ddtaylor wrote:
| I don't feel comfortable trusting a new "secure" messaging
| platform or interested in doing the work to dig through the
| sources to see if it's legit or not combined with the fact that I
| don't even know if the source they provide generates the same
| binary they distribute to many.
|
| Just use Matrix instead.
| mab122 wrote:
| Briar is p2p/offgridy/meshnety and Matrix is federated, always
| on internet connected.
| nerdponx wrote:
| So Briar messages are sent directly peer-to-peer? That's
| pretty cool. How does it work? There is a graphic on the
| website that suggests it uses Tor.
| sprash wrote:
| > Just use Matrix instead.
|
| No just don't. Matrix exposes metadata to every connected
| server.
| rubyist5eva wrote:
| > combined with the fact that I don't even know if the source
| they provide generates the same binary they distribute to many.
|
| builds are reproducible
| joshuaissac wrote:
| Briar is older than Matrix. It has been around since at least
| mid-2012, whereas Matrix is from 2014.
|
| Disclosure: I was an intern for them in mid-2012.
| ddtaylor wrote:
| Thanks that's really interesting. Does Briar have multiple
| client implementations like a documented protocol or
| something too?
| giphyman wrote:
| briar is built on a p2p syncing protocol called bramble,
| you can read more here:
| https://code.briarproject.org/briar/briar/-/wikis/A-Quick-
| Ov...
___________________________________________________________________
(page generated 2022-01-21 23:01 UTC)