These days end-to-end encrypted messaging apps are ubiquitous, but it's nearly impossible to find one that doesn't rely on a central server that can not only be blocked to block the service, but can also aid in collecting metadata about its user. Apart from that, if the government decides to "turn off" the internet, there is no way to communicate with those apps and your smartphone basically becomes a paper weight.
Yesterday I heard from Briar which tries to solve these problem by using peer-to-peer communication over the Tor network while the Internet is up, but can resort to communication via Bluetooth and WiFi if it's not. The app is currently only available as FOSS for Android, but has already been audited by Cure53 and is considered secure with good code quality.
Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices. If the internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.
PS: I saw that there is a post on the Lounge by @Freaksmacker but I wanted to give it its own thread, since it didn't seem to get any attraction. I posted it here in the news category partly because I don't know any other category that fits it better, and partly so @wendell and @ryan might see it for their news show tomorrow
Seems like briar wants to do a whole lot more than just be a messenger. But the how it works page says What it wants to do rather than how it really works.
Briar provides private messaging, public forums and blogs that are protected against the following surveillance and censorship threats:
What would interest me how it differs from TOX and how it is better than tox. I personally don't want to be using 3 different apps to communicate with people; it's annoying as hell. So any new messenger should have some significant advantage. right ??
Only casually gone through the material but it is on my hit list of something to play with more once they expand compatibility. I think starting out on google play store is a misnomer.
I remember back when everyone was using WhatsApp (without any encryption that was) and people were like "you should use Telegram instead". I remember their resistance of having to install two messengers on their phone quite well. They would only want to use one messenger where all of their contacts should be. Today it seems completely fine to have multiple messengers on your phone.
I'll be honest I think this will get ripped up pretty fast. The est technologies to use for this sort of thing could be bit torrent or blockchain. Something where everything can be verified. I like the idea of decentralization, but creating a new technology to have it then thrust to the shredder is pretty stupid in my opinion.
What's funny is that the "Blockchain" part of bitcoin is entirely uninteresting. It's just a signed database with incredible inefficiencies at scale unless you have proof of work and p2p distribution.
Literally the only unique thing about bitcoin, altcoins is proof of work, which is the element of "blockchain technology" that is most railed against by corporate buzzword compliance speakers.
Under the current definition pushed by corporate speakers and thought leaders, Microsoft Excel, MariaDB and Twitter are all blockchains.
By their definition, we're currently transacting on a sidechain of the Level1Chain ForumChain™.
What's even funnier is that @FaunCB proposed that a public ledger with uniquely identifying signing keys would somehow be good for private communication.
The only tangentially applicable system is the GUID hashing method for address creation in p2p networks, something thoroughly explored by bitmessage already:
We've already established you have a very poor understanding of Blockchain and Proof-of-work, no need to keep repeating it.
What advantage would this convey over public key cryptography? By design, only the holder of the private key can be corresponded with, so why in the world would you need to verify that with a group of other third parties? This only serves to erode the privacy and anonymity of the encrypted communication.
Proof of work was originally conceptualized as a spam prevention mechanism. What makes it useful is that it makes a high volume of transactions expensive. It only makes sense in scenarios where you either need to convert energy into value, secure a P2P financial system, or make your network expensive to DDoS. That's pretty much all it's good for. Bitmessage leverages a side effect of the cryptography elements in PoW to make a spam resistant private messaging system, but it could not, and would not be private nor would it be scalable or deployable on devices with limited resources with a full blockchain implementation.
Back to the original topic, I've been interested in using a program like this for a while. I frequently use Teamspeak for voice communications on a private server, however I'm not sure how much I trust that my private server isn't "listening" to my conversation anyway since the software is closed source.
I've been using Apple's iMessage service on my iphone, which is encrypted and convenient because it works and communicates with other SMS clients seamlessly. I also appreciate that it attempts to encrypt my communications. But again, I must trust Apple, and the system in't fullproof as its possible to spoof clients although much more difficult with 2 factor authentication enabled. Finally, I must stay within Apple's ecosystem to get all its benefits and I don't use MacOS as frequently as I used to.
I really like the mesh type fail over this program attempts to provide. iMessage will use wifi, but not bluetooth and not P2P style. This is a feature I think I really want.
I've seen several attempts at similar things, but none of them had much polish back when I looked at it a few years back. I haven't yet looked at qTox or Bitmessage. Do either of those also offer the ability to mesh with peers when the main connection to the internet is broken?
Bluetooth is probably a no, unless the android network stack has matured since i've last looked at it. Wifi, yes. Bitmessage uses a broadcast model, so theoretically it offers superior throughput on an ad-hoc LAN. Tox can also work via Ad-Hoc just fine. (not having bluetooth isn't a huge deal anyway, as it's less secure and only really works within earshot in the first place)
These also come with the advantage of a more mature codebase, distribution that doesn't rely on the play store, and in the case of Tox, dozens of client implementations on different version control systems and package stores.
It probably seems like I'm dumping on Briar. I'm not. I was just pointing out that there are plenty of alternatives and this kind of technology is not new.
