The how it works page is shallow. Explain how the device knows that it is getting the right public encryption key for the person you are communicating with.
I am trying out the Briar project at the moment. It is peer-to-peer encrypted and messages are stored securely on your device, not in the cloud.
Does anyone has experience with this?
Keep an eye on Briar project, recently released to public beta. End to end encryption and designed to never connect via clearnet: https://briarproject.org/news/2017-beta-released-security-audit.html
>Kommt das nicht aufs Gleiche raus, da du jedweden E-Mail-Provider nutzen kannst, inklusive eigener?
Das stimmt. Ich glaube aber nicht, dass es viele Leute gibt, die einen EMail-Server betreiben. Fakt ist, dass es kein P2P ist, wenn Server genutzt werden, selbst wenn der Mail-Server im eigenen LAN sitzt.
​
>Weniger sicher in welcher Hinsicht? Was wäre ein konkreter Fall, wo Signals Vorgehensweise sicherer ist?
EMails sind unverschlüsselt, weswegen es ja PGP gibt. Wie da die Integration bei DeltaChat aussieht, weiß ich nicht. Wenn ich nun Betreiber X benutze, läuft die EMail-Kommunikation ja erstmal über die Mail-Server des Betreiber X. Sende ich nun an meinen Kumpel eine Nachricht, der Betreiber Y nutzt, können theoretisch beide Betreiber die Nachricht einsehen. Betreiber X kann ich vermeiden, indem ich mich für einen sicheren Betreiber entscheide, oder meinen eigenen Server nutze. Betreiber Y von meinem Kumpel liegt jedoch nicht in meiner Macht.
Hier ist das Prinzip von Signal einfach sicherer. Signal stellt die Kommunikations-Server, auf die jeder Client zugreift. Da sowohl Client als auch Server quelloffen sind und bereits mehrere Security-Audits durchgemacht haben, ist die Sicherheit garantiert. Ich habe bei DeltaChat bisher keinen Audit gefunden. Korrigiere mich gerne :)
​
>Das ist ja bei DeltaChat quasi unmöglich, weil es eben keinen bestimmten Server vorschreibt.
Da gebe ich dir recht. Signal ist eine amerikalische Firma, die von den amerikanischen Behörden theoretisch platt gestampft werden kann.
Btw. wenn du einen echten P2P-Messenger nutzen möchtest, gibt es Briar. Hier wird Hole Punching eingesetzt, damit einzelne (mobile) Clients überhaupt miteinander kommunizieren können.
This app can't be blocked/banned right? https://briarproject.org/how-it-works.html It would be more work than blocking stuff like signal at least.
Even if the website gets blocked you could share the app to other phones via F-droid.
Check Briar project that works without Internet by using Bluetooth or WiFi.
P2P (aka Briar) and decentralized (aka Matrix) are an exception. Law enforcement can't monitor direct conversations (unless by monitoring the internet traffic itself), and won't go after personally hosted servers that aren't run by a company.
Really, the biggest issue here is all of us relying on these centralized services run by companies, which only gives law enforcement more power over them than by bugging individual people for surrendering their own chats.
Briar is Peer to Peer (P2P), which means contacts connect directly to each other without requiring a server.
With Briar, you can communicate with your contacts via Wi-Fi, Bluetooth, or Tor. You can read how it works here: https://briarproject.org/how-it-works/
However, I wouldn't call Briar an alternative to Discord
Sorry to hear about your mum...
Anyways, if you want to offer her the tool she is expecting to use when "the internet goes down" (and providing you all have android devices), tell her she needs to download Briar. It's p2p and relays communications through your Bluetooth and LAN network - not through the internet.
Briar is available for Android (w/ and w/o Google Play) this could be handy in Congo.
> * Peer-to-peer encrypted messaging and forums > * Messages are stored securely on your device, not in the cloud > * Connect directly with nearby contacts - no Internet access required > * Free and open source software
It does help if your adversary has no or limited access to your local networks. Check out https://briarproject.org/how-it-works.html for a sketch of their threat model. Hiding metadata is one of the design goals of Briar.
Anyone who reads WiTBD and thinks the main lesson is "start a newspaper" missed the point, which is that robust, countrywide communications operating beyond the reach of the state are essential to a resistance movement/revolution, and that Iskra would necessarily promote the development of these.
The modern day equivalent is establishing and regularly testing secure meshnet comms lines as backups, because Trump could claim the authority to activate an internet kill switch right now - how would you respond to that?
Can't exactly Google the problem when Google is down, or worse, tattling the locations of anyone conducting "suspicious" searches to Trump/Putin's mercs for "enhanced interrogation".
My personal recommendations are Scuttlebutt (specifically the Manyverse app) and Briar, both of which use a store/forward model so that updates can be communicated over sneakernet, bluetooth and plain old internet while it's still up.
Does Briar help you?
it says >riar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging apps, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices. If the internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.
and also says
>Tip: All messages in Briar are end-to-end encrypted, so nobody else can read them
>Thinking of going to Signal or Ricochet.
There's no reason to not use both, depending on your threat model. Signal is an easy way to send end-to-end encrypted messages and make end-to-end encrypted audio/video calls to people who you would otherwise contact unencrypted via SMS/MMS or a phone call. Ricochet is good for communicating with people who you wouldn't normally share your phone number with. Another one is Briar, but that's currently in beta and you'd have to start your social graph from scratch after the beta expires on 21 October.
>Telegram doesn't commit the cardinal sin of sharing its data like Facebook or Gmail does?
Telegram does something that is arguably worse: Their default settings let anyone who can intercept SMS messages have full access to everything that is stored on their servers. No warrants needed.
Brair seems like it has potential: https://briarproject.org/
A presentation on it can be found at https://youtu.be/Dr42vZIoGqM
I don't have the security expertise to review the code but I can say that it compiles cleanly and in my limited testing seems to do what it advertises.
It would be great if those with expertise in the area could critique it.
It is important to note that end-to-end encryption is not the same thing as a peer-to-peer connection. Signal works very similarly to WhatsApp, where messages are exchanged between users by way of a central server. The server cannot discern what the users are talking about (or, in many cases, who the sender of a message is) thanks to that end-to-end encryption. In short, Signal cannot access your messages, attachments, calls, etc.
Unlike WhatsApp, Signal is open-source, and they do not store any logs or metadata about who you talk to or when you talk to them.
If you want a solution that is peer-to-peer (meaning no central server, and both clients must be online at the same time to communicate), you may be interested in Briar.
Right, I should have said "need" rather than "want".
You don't need an entire data center to run communications for a medium sized org, that's half of the point of sticking to what's worked for a long time. Plenty of things can run on a Raspberry Pi if you don't need a bajillion features. Mumble comes to mind.
If you want something that's relatively easy to use but has decent security properties and is decentralized I recommend giving Briar a look. It's quite resistant to the metadata problem. You could in theory run it via floppies+sneakernet.
Die Vorratsdatenspeicherung betrifft erstmal nur Netzbetreiber. Und die sehen weder bei Hangouts noch bei Signal wem du schreibst (und auch den Inhalt nicht).
Der Unterschied ist, dass Signal end-to-end verschlüsselt ist, daher kann Signal auch nicht sehen, was du schreibst, nur wem. Bei Hangouts weiß Google beides.
Wenn du auch deine Gesprächspartner geheim halten musst, brauchst du eher sowas wie Briar, wo Nachrichten ohne zentralen Server über Tor gerooted werden. Allerdings hat das System massive Performance-Nachteile (Akkuverbrauch!).
No.
Email is just another selector, as is a username. It's a unique identifier the server can use to correlate communications with other users. Also apps like Wire still leak your IP address to the server so they are not noticeably better. There is nuance between IP address and phone number -- perhaps mobile IP is behind TelCo NAT and it's not unique, but there's no way to check if you're not the only subscriber using the service behind that IP at some point in time.
Seriously, unless the app by default routes everything through Tor, it does not protect your metadata. Only Briar and Ricochet do that at the moment.
I'm pretty sure you can't name one situation where you need end-to-end encryption to deal with some state-level threat, but don't want to hand out contact details like phone numbers that are necessary to authenticate the key exchange and make sure the end-to-end encryption actually works.
For Signal, there are plenty of situations where it's protections, i.e., state of the art E2EE protocol that protects content from all sorts of adversaries is enough. Especially considering how much they are already doing for metadata from p2p calls to domain fronting to sealed senders, not collecting metadata (there's even evidence of that).
It would be nice if Signal could register and route everything via Tor but then you'd lose
a) automatic contact management which is a huge dealbreaker for 99% of average users
b) the possibility for (video) calls that require low latency.
You'd have text only communication and if you need just that, Briar is the way to go. Wire is good alternative for Signal, but it's not fixing anything major with it's usernames.
Nope. If you don't have Google Play on your Android device, you can install the app via F-Droid or direct download and it should work fine.
Read about Briar, Session, Status, Berty...then compare with Signal.
Session/Status are anonymous and using their own networks (important if Tor is a problem/blocked).
Berty is not available, but a good read on what they are working on.
Briar is Android only, but offers anonymity with Tor, P2P, Bluetooth, WiFi...similar to Berty. Not sure if/how Briar handles offline messaging.
Signal might be good enough, I just have concerns about a centralized server that can be blocked/disabled (e.g. Iran), though you can use a proxy. Plus I assume it is not anonymous, with plausible deniability, if IP address is known between clients and server. For me, I'd prefer a product that offers a better solution.
I was a contributor to a mesh communication app called Briar. Briar has no central server, messages are synced only between users. All metadata and content are end-to-end encrypted. Briar doesn't rely on an internet connection, it can work over Wi-Fi and Bluetooth.
Since I am a member of the Guardians of Hong Kong group, I know that it's been used among Hong Kong protesters and it proved useful. Check it out for more info, if you will: https://briarproject.org
Take heart! God bless🙏🏻
I totally agree that projects like Briar (the website is here for anyone interested https://briarproject.org/) are really cool and necessary, and that community mesh networks are great projects and might become truly necessary if we get to the point of internet shutdowns or failing centralized ISPs.
second this, while it's no panacea, at least briar is established and had passed independent security audit (can check the report): https://briarproject.org/news/2017-beta-released-security-audit/
more on how it works here: https://briarproject.org/how-it-works/
If you need to have an encrypted chat with someone, the chances are you already know them so you already have their phone number and they have yours.
If you don't know them, you can't really trust them so proper anonymity is your only effective security measure for you. You don't necessarily need to keep the messages encrypted at that point although it doesn't hurt. See https://briarproject.org/ for anonymous messaging with E2EE.
For the in-betweeners like colleagues who know you but to whom you don't want to share your phone number, Signal is working on usernames as we speak, so it'll take a while.
In the unlikely event that Signal sells out to Google or others, you can try Briar. https://briarproject.org/
Unfortunately, getting your social network on to Briar is much harder than getting them on Signal. At present you pretty much have to exchange keys in person.
FB messenger provides more secure end-to-end encryption and like Telegram it's opt-in. But neither are good nor worth recommending. Signal is defacto for everything that doesn't require metadata removal. For that you want Briar or Ricochet. My opinion does not spawn from any kind of fan-boyism, but from the cryptographic properties of these applications, and the openness of their source code.
But there are free and open-source alternatives? And they don't track their users, which can be life threatening difference in this case.
Let's not pretend open-source alternatives don't exist, because they do in fact exist. People shouldn't use closed apps if free (libre) access is required.
Especially if said proprietary app collects data about it's users. Not even mentioning the fact, that the app is only available via Google play store and Google already blocked it because AT&T said they want it blocked.
Also look into briar messaging app, it was designed exactly for situations like these where telco infrastructure can possibly be taken offline. Briar Project
note: not affiliated in any way, just a user that has relied on it in the past while I was working during a conflict (Egypt, Arab spring).
As other said, Signal doesn't have those features what you heard was clearly misinformation. However, Briar does have the ability to send messages without access to the Internet. It claims to be able to use Bluetooth and local WiFi to relay messages. I've never used it so I don't know if it's any good.
Signal is pretty good, I use it to chat with my family. Pretty easy to set up.
Then there's Molly. Worth checking out. It's a fork of Signal fork, but you can still message Signal users. Has some security benefits and will soon accept payments between users with Monero.
There's also Briar. Doesn't require a phone number and all traffic goes through Tor, but its user interface is not very polished.
> it surely is the safest chat app
Sad signal.org & https://briarproject.org/ noises
> Durov has openly said many times that he hates Russian government so why would he help them to spy on Russian citizens
https://www.rferl.org/a/telegram-navalny-smart-voting/31466263.html
https://lenta.ru/news/2020/07/09/igo_joke/ (pro Kremlin site)
> If Briar is sound and could be scaled to replace signal while also serving its current purpose, I think I’d get behind it (or some form or fork of it).
I don't think it can replace it. The main thing that prevents it is how you add contacts, it used to be a case that you physically had to meet but they've improved the flow a little bit, so if we are contacts on briar, I can introduce you to my contacts
edit: forgot about the adding of contacts via a link - https://briarproject.org/manual/
Your question is a bit vague. Your main ask was to have
> people where they can chat via an app
Which doesn't typically require a "mesh network", "internet", or "intranet".
A generic chat app can be accomplished using a normal client-server system. Your mobile apps would contact a server / database which stores the chat messages. You would reach this server using the Internet via Wi-Fi or cellular data.
However, you may be asking about making a chat app that does not rely on traditional ISPs or cellular data. In this case users could continue using the app even in a natural disaster to communicate with each other in the same local area. The most popular app in this category was FireChat. A modern example is Briar.
To build this app you wouldn't need a raspberry pi, just peoples' phones (that's the whole point). On iOS the perfect API for this use case is Multipeer Connectivity, which uses peer-to-peer WiFi technology and Bluetooth.
If you don't have much experience building apps, I would recommend starting with the traditional client-server based app that relies on the Internet. After that it would be possible to turn it into an app using Multipeer Connectivity.
So you're essentially trying to recreate Briar (briarproject.org)?
This is no hate, but there's really a boom with private messengers, which are not audited.
Also i suggest using ChaCha20-Poly1305 for your cryptography..
Увы...
> c привязкой к номеру телефона.
...опять заложена генетическая уязвимость в конструкции.
"Бриар" таки лучше.
https://briarproject.org/manual/ru/
И, да, он работает "из коробки" между Китаем и остальным миром. Словом, хорошая штука.
thank you,
I was thinking about such solution- it is good as 'dropbox' for files and chat, but invite link could be easily compromised if chat is up for a long time and some people probably will store it not in secure way.
Ideally, I would like to have PC version for Briar https://briarproject.org/ - with manual keys exchange.
I also considering running a small private irc server - but connections itself and authentication seems problematic.
They're not wrong to know normal phone calls come with mandatory eavesdropping capability for LEAs. In that respect old-school isn't a solution. They're not smart enough however to understand the most security you can get is open source software on a smartphone. An up-to-date Android phone with anonymous, open source messaging software, e.g. Briar, is extremely secure compared to a proprietary solution like Anom.
just to let you know, i am not myself in myanmar. i'm hoping to give some helpful software or information to anyone who needs it over there. this is definitely something to consider, and it seems the intranet of devices is the real solution here, as QR codes probably would be too large to store the necessary amount of pure text, and i'm not sure a QR reader offline would even be able to interpret it, which requires developing something new. Another commenter posted about BriarProject.org which is your idea but implemented into a mesh messaging protocol.
Matrix.org for Discord style messaging, although some servers aren't encrypted. Briar is fully encrypted and peer-to-peer, without any central servers at all, however that means it can only send messages when both devices are online.
Make sure all your neighbors have Briar Project BEFORE the internet dies. It is an app that downloads to your phone which functions with OR WITHOUT internet for messaging, blogging, etc. In the event of total loss of internet your cell phone, with this app, acts as a radio to link you with nearby neighbors - a meshnet. This is also a good security mechanism if you are stuck indoors and trying to reach out to your trusted neighbor network as part of the process to keep your area safe, or if you need help / update.
Bridgefy posted about security updates it did October 2020 here. I don't know of any independent reviews, so I can't say if it is practically secure.
​
Briar has been reviewed, and should be sure. As I understand it, it only uses bluetooth to share Forums and Blogs (here), and then only using other users that have already subscribed to that Forum/Blog. This makes it more secure in some ways, but also limits its functionality (getting a message out to all members of a protest would require them all joining the same forum, and be contacts with a nearby user).
Best of luck, and be safe.
Yeah, keep the apk and share it with anyone you know!
Briar is peer-to-peer, so the more users, the better the communication for everyone.
You might also wanna keep an offline copy of the Briar-Manual. Just in case/so you know how to use it.
Briar works without internet, doesn't it? But their friend would have to ask tons of people to install it for communication. Still, having a network of people on Briar that stretches outside the country could let people share news with those whose internet access has been cut off.
Your friend could potentially look into Briar, a messaging software that is secure and allow him to communicate without internet if enough people in the vicinity have Briar installed.
This looks interesting for the simplicity. You might want to ask here for more informed comment:
Other than the advantage of simplicity, how does it compare to this?
And the data on the servers is encrypted. I think Briar needs more time to mature and more people to know that it exists. That's my personal opinion. This is the security audit of Briar and this is the one for Signal.
Unfortunately I can't find anything newer than these, but Briar had several vulnerabilities found in their audit.
Sowas wie Briar?
Hier gibt's noch mehr: https://prism-break.org/de/all/#instant-messaging
Element ist da allerdings nicht gelistet, wuesste eigentlich nicht, was es daran auszusetzen gibt.
Kashmir Hill is pathetic? That's one I wasn't expecting to hear.
The whole point of using end-to-end encryption is that you don't have to trust the servers hosting the data. Sure, it would be great if giant corporations didn't literally control the internet, but reality is different.
If you really want to get away from servers owned/controlled by Big Tech, then as others have pointed out you should also stop using Reddit and GitHub. In the meantime, you can look into using Briar.
Journalist sets up a hidden service -> User connects over Tor
The journalist could just send the link to the chat room by email encrypted with perhaps GPG.
But to be honest this seems a bit overkill. A more simple and probably more secure way of communicating would be using something like Briar.
Also as a side note, there already are chat room hidden services but I doubt that's wise OPSEC-wise.
> Briar doesn't require a phone number, but requires physical presence to add contacts, so people aren't happy.
Not anymore. See their latest release. You can add contacts by exchanging links now in Briar.
Briar is cool, more people should use it. For those who don't know: it's p2p, meaning no central server controlled by a US subject (Moxie). It doesn't require a phone# or even a phone if you use the terminal or GTK clients. It can also run over Bluetooth and WiFi Direct if the internet is down. Check it out: briarproject.org.
It's a cliche by now but perfect is the enemy of good.
People shit on telegram but frankly if it's working, then great. Yeah in a perfect world we'd all be using something like briar but this is the real world.
(Android only)
For messaging and coordination without Internet and WiFi, you can download Briar at https://briarproject.org or on Play Store.
When in online mode, it uses Tor. When offline, it relies on Bluetooth for mesh networking (no server, phone to phone range limited by devices' BT).
There is no message self-destruct option, but you can force clear a chat for you and your correspondent.
There are a few more options and the app itself has a layer of encryption prior to opening.
I saw someone recommending Bridgefy, so give that a try as well.
Пераклад:
(толькі для Android)
Для абмену паведамленнямі і каардынацыі без Інтэрнэту і Wi-Fi вы можаце загрузіць Briar на https://briarproject.org або ў Play Store.
У рэжыме анлайн ён выкарыстоўвае Tor. У аўтаномным рэжыме яна абапіраецца на Bluetooth для Мэш сеткі (адсутнічае сервер, дыяпазон тэлефонаў і тэлефонаў, абмежаваны BT прылад).
Тут няма магчымасці самазнішчэння паведамлення, але вы можаце прымусова ачысціць чат для вас і вашага карэспандэнта.
Ёсць яшчэ некалькі варыянтаў, і само прыкладанне мае пласт шыфравання перад адкрыццём.
Я бачыў, як хтосьці рэкамендуе Bridgefy, таму паспрабуйце таксама.
Get Briar or Bridgefy for your phone to create a mesh network using WIFI or Bluetooth. This will let you communicate with people in your area even if the internet is shutdown. Also consider getting a cheap ham radio like a Baofang UV-5R for longer distance communication.
Note: always assume your communications are being listened to! Briar uses encryption, but there are ways for the government to plant spyware apps on your phone that can get around this. Talk in code when discussing anything sensitive.
Matrix would be a better choice because it supports group discussions and can be used privately without giving up a phone number. XMPP would also be an OK choice and would be good for people to have as a backup.
Briar is also an option, but it's decentralised in a much different manner, and is intended to aid local organising, not online organising. It considers a much different threat model, and is far more secure than something like Signal if you need that security.
Briar looks to be promising. Internet communication through Tor, and allows for communication through local network and Bluetooth if there is no internet. Basically a mesh network and peer to peer. And of course end to end encrypted.
I always urge people to Telegram if they want to contact me about senzitive topics (and I start to see more and more of my contacts starting to use it, although none of my closest friends). True, it does have more features and although the server part is closed source, they seem pretty content to keep governmental actors at bay, and they claim that
> To protect the data that is not covered by end-to-end encryption [...] Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data.
However I see many privacy advocates recommending Signal over Telegram so if you can, just use that.
Another option for better privacy is to use Briar which uses Tor or avoids the internet alltogether and uses bluetooth and wifi.
you may wanna look into this project, it's more established and had passed independent security audit (can check the report): https://briarproject.org/news/2017-beta-released-security-audit/
this is the latest release log: https://briarproject.org/news/2019-briar-1.2-released-remote-contacts/
more on how it works here: https://briarproject.org/how-it-works/
a comment to answer the other posters: most of the suggested solutions rely on existing infrastructure (cellular network) regardless of whether they are encrypted or not, such as telegram, signal, WhatsApp, etc... so if the network is taken down, you can't communicate.
Additionally, some of the suggested solutions are closed source, eg. telegram clients are open source but their servers are proprietary and closed source.
There are also a few different aspects to software being used for this purpose: anonymity, privacy, authentication, and resiliency from current infrastructures (or lack thereof).
For example, you can have anonymity but if a client cannot authenticate who its trusted peers are, other clients can spoof their identities and spam or DOS with false information. Likewise, some clients privacy (or end to end encryption) may not have been vetted/audited. Or some leaks metadata or information about a client's network/contact list (eg WhatsApp).
Even if some cover all the first 3 points, they may not have been designed to not rely on existing cell or wifi networks.
Whatever you do, don't use apps like firechat or bridgefy, they're a joke.
>There would be no central database. There would be the contacts info on each phone, but that is it.
Sounds like what briar claims to do
https://briarproject.org/how-it-works/
the question is how do you check for consensus with this setup. If i'm in bluetooth range with C and want to share a message with them, but that requires consensus from B, thenm i would need to go to blue tooth range with B to acquire consensus first. or what
if you dont use bluetooth, then your connecting via the internet, which mean using a server, even if only to setup the peer 2 peer connection
Unlike most real-time messaging apps there are no servers involved, it sends fully encrypted data directly from one person to another. By default it uses Tor over the internet but can also use Wi-fi and Bluetooth if in range, without the need for internet access.
A good explanation was given at the Chaos Communications Congress in 2017.
Considering they audited their software and fixed all issues, it seems pretty good.
2017 Audit:
https://briarproject.org/news/2017-beta-released-security-audit/
I don't think I've heard anything about Snowden himself recommending any other messaging apps.
Personally, I still think Signal is the best right now, but there are some interesting newer projects which I've been keeping an eye on.
Briar is a messenger that which implements a bluetooth mesh network. Useful in unstable locations (politically or otherwise), it can route messages through the network independent of internet outages.
Session is a Signal fork which removes the need to use your phone number and employs a decentralised message-routing system. It uses their blockchain in the background (you don't need to know about it to use the app) to route messages through "nodes" similar to the tor network.
Offline maps! Probably the most useful thing that you can download in advance. It means you can still get around in minor events where the cell network is completely congested. GPS will continue to work unless there is a massive space event that takes out most of the satellites.
Many phones have FM radio receivers in them though in the US the carriers block that feature so you can use more data. The feature can't be blocked in Europe though. Very power efficient way to get live news.
There are also mesh network communication tools like Briar.
El megathread de protestas está más muerto que la chucha así que les comparto esta info acá, para quienes vayan a pasar el Año Nuevo a Plaza Dignidad [papiro warning]:
Es muy probable vaya mucha gente a plaza dignidad, probablemente más personas que este mes al menos, por lo que las comunicaciones van a ser muy complejas y probablemente internet colapse a ratos. Para mantenerse comunicados y no perder la ubicación de tus amigos que también estarán en la plaza, recomentamos que utilicen el sistema de Mensajería Briar.
La diferencia con Telegram o incluso signal es que Briar puede funcionar sin internet; si activas tu bluetooth puedes comunicarte con personas cercanas en la misma plaza ya estan colapsado internet. Además, cada persona conectada hace de "Puente" de los demás: de esta forma, si tu estás en el GAM y tienes otros amigos en la torre telefónica, pueden haber personas intermedias que hagan de puente para que llegue el mensaje.
Para descargar la aplicación diriganse a su página oficial y descargan la APK: https://briarproject.org/download-briar/ Pueden ver los manuales de uso en su misma página. [Es normal que su smartphone les diga que es una aplicación "No segura", por que claro, nada que no venga de grandes empresas es no-seguro para ellos; le permiten que se instale y listo]
Mientras más personas usen briar más segura será nuestra comunicación dentro de las mismas manifestaciones. Invitamos a que todxs quienes vayan habitualmente a minifestaciones compartan este mensaje, se junten con sus amigos a compartirse los contactos y tengan mejores medidas para comunicarse de manera segura antes de llegar a plaza dignidad al año nuevo o al lugar donde hayan celebraciones/manifestaciones.
It is my understanding that the range issues and long wait times with sending messages is a shortcoming none of the available message hopping apps can circumvent, as it arises from the limited range of Bluetooth and other hardware available—in the absence of an internet connection—to send data.
These apps still work, quite admirably in internet blackouts imo, with the Bluetooth networks and the odd WiFi networks available to them to send our messages, this diagram from the Briar Project illustrates that; in fact it says that Briar would work in the exact way you described. I can't speak from personal experience, tho I'm sure Briar's developers would offer you help if you can't get it set up that way or are having bugs.
The range you can get with these mesh messaging apps (in internet blackouts) can be maximised when everyone's using them; and that really is the best anyone can do.
Interesting...
>users (can) add each other securely by exchanging links... ...it instead uses the Tor network to connect directly and securely to the person you’re adding
>
>
>
>Briar doesn’t rely on a central server - messages are synchronised directly between the users’ devices. If the internet’s down, Briar can sync via Bluetooth or Wi-Fi. If the internet’s up, Briar can sync via the Tor network.
-https://briarproject.org/news/2019-briar-1.2-released-remote-contacts/
A peer-to-peer system such as Briar would help with internal communications. It allows you to communicate via Bluetooth and Wi-Fi Direct (i.e. connecting directly to other phones without needing a router). As people move around between towns and cities, data is passed around. If it's passed to someone who has an internet connection, all of the data that person has picked up from other people can be sent over the internet.
There is no way to verify SeeCrypt as trustworthy since it is proprietary/closed source. So it’s potentially unsafe.
If you want verifiable Security & Privacy, go with Signal. https://signal.org/
If you need Security, Privacy, & Anonymity, then go with Briar instead. https://briarproject.org/
Keep in mind, Smart Phone’s can be compromised in a number of ways to reveal messages. So using the “Disappearing Messages” feature on either Signal or Briar can help limit your attack surface.
If you are worried about being targeted for attack, I’d recommend switching to a security hardened mobile OS, like GrapheneOS.
u/Lugh and u/Ourari, would Briar's blog entry be a better source for this news? I think it's new features are newsworthy. It's a FLOSS Android Chat App that has credible security and anonymity features.
I have a some knowledge in decentralized networking.
I recommend you install and distribute Briar. It's an open-source Android app that allows you to chat with nearby people without internet over WiFi and Bluetooth. (Including Forums/Blogs/Groups)
Purely between smartphones, not connected to the public network(WIFI or 3G/4G/5G), only in the device-to-device encrypted communication, is currently the safest, in the scene of the maximum connection distance <500 meters. In addition to fire chat, three companies have such product solutions:
Bridgefy.com (BLE,commercial,charged)
Briarproject.org (HOTSPOT Only, free)
Bcm.social (HOTSPOT & BLE,free)
That's the point. I've been traveling in other countries, when I talked about Signal with friends or acquaintances, they were even afraid to install Signal because of the phone registration despite it's end-to-end encrypted. Now that I'm Europe, when my friends travel, they delete Signal as they don't want to be inspected for no real reason and suspected of something only because they have certain apps.
Sometimes people fantasize about how the west is so advanced in their technology and forgetting about real life scenarios that can happen. I always remember the incident about a journalist where he was briefly detained, where they also took his laptop and phone; the police had primitive "quantum computing brute-force capabilities" and cracked the password in no time.
Convenience is something and apps that are end-to-end encrypted may very well suit their needs but people should define their threat model. I think sometimes people forget that phones have their inherent flaws when talking about "higher level" of threat model. Hence where I think it's best to communicate with people through desktop with applications that are privacy oriented and decentralized than communicating with people through phone as you can use plausible deniability, though that's where I think my threat model lies. That's why I also think Briar has potentials and I hope one day that decentralized apps will mature more than those centralized one's.
Hmm.. odd.. You mean, you don't get messages directly? I don't have problems with Signal on GrapheneOS that doesn't have GCM.
Some alternatives:
Yeah it's ridiculous.
They should be using something that's made with adversaries like China in mind. Like Briar (preferably over Tor) or if they need p2p VOIP then Meshenger.
There's also XMPP, but I haven't seen it being used as a peer to peer protocol, and it isn't made for this situation like Briar is.
One thing that comes to mind is Briar, although not self hosted... Users must meet up IRL to scan QR codes in order to be friends, you can write a blog and chat directly, share photos and comment on things. But everything is stored on the device to my knowledge, also it runs over Tor if you're looking for privacy. Sorry for the jumble of text but I'm on mobile right now!
Email is not end-to-end encrypted in almost any case, it's much more dangerous than WA that is popular (and therefore inconspicuous), where the server is located in the US, and where the communication is end-to-end encrypted by default. If you need anonymous messaging on your phone there's only one secure alternative: https://briarproject.org
Allegedly, just like SSb and cjdns/Ygg, users on the same WiFi network can find each other via Multicast and exchange messages. Bluetooth sync allegedly also works. Never tested though...
> Briar, Ricochet and TFC do.
Briar: Never heard of this, seems like it's android only - https://briarproject.org
ricochet: Heard of, don't know much about it. Seems they consider themselves experimental though, and you can't send files - https://ricochet.im/
TFC: Another I haven't heard of. Looks like it requires multiple computers either end, and with tails and ubuntu.
I appreciate the info, but they defiantly wouldn't be considered mainstream or user friendly. And none of them have a feature set that'd be able to replace a casual users messager apps.
The fact matrix.org made it so easy for someone to break in concerns me. Sure, you can use another server, but due to the federated nature of the protocol any shared rooms/users are at risk. And the metadata is not secure either.
Right now, I don't think anyone has a proper secure platform that's "usable".
It does not seem to be an open source solution and they have a not so nice privacy policy:
https://sylo.io/privacy.html
You should other solutions. If you need a P2P chat app, try Briar: https://briarproject.org/
I don’t even know if Ricochet is actively maintained anymore since the last update was over a year ago based on their GitHub commit history.
I think the closest Android app to it would be Briar.
Hace unas semanas estaba buscando lo mismo, una app que encontre que me llamo bastante la atencion fue Briar. Es gratis, open-source y si no tienes internet, la app se sincroniza usando Bluethooth o Wifi. En su pagina oficial dicen que esta pensada especificamente para activistas y periodistas.
Get you and all the people you know to use a mesh service, they create a network with your phones and no cellular service is required, you can use Briar project or Firechat
They can't stop you this way!
Security audit was done: https://briarproject.org/news/2017-beta-released-security-audit.html
Also, FOSS so anyone can audit. Private key exchange is done via qr code, in person only. This particular post was written by a 3rd party not associated with briar. User base is low because it only went live in May. Protocol description on the wiki: https://code.briarproject.org/briar/briar/wikis/A-Quick-Overview-of-the-Protocol-Stack
For someone who did no research, seems like you would have no reason not to trust this.
>Why not simply use Signal, Wire or Matrix/Riot?
Decentralized. That means there's no company for the government to extort for info. It also means the government can't shut down their servers. Connects over tor by default. Metadata protected by onion routing encryption. Basically, requires attacker to compromise the device. So.... basically every reason.
Serval mesh network on f-droid.
Also check out briar https://briarproject.org/
It's aimed at a more secure offline/intermittent text messanger useful for large gatherings say protests or festivals etc but might do the trick for you.
The issue you will find is range limited to wifi signal output and distance between each nodes.
For long range your best bet is prob something like a gotenna but you need the hardware etc so there is a cost factor.
As a side note, start using whatever decentralized app you can now.
Even if the mobile network and all internet access gets cut off, you could still connect and sync with others via WiFi access points or even locally via Bluetooth NFC.
Here's to name a few:
FDroid - FOSS app store that can distribute any installed apps locally via Bluetooth or WiFi Direct.
Briar - P2P Encrypted and decentralized messaging and micro-blogging app, an alternative to Telegram.
Several Mesh - Local P2P mesh-network app that allows making phone calls, sending text massages and transferring files though any local networks or Bluetooth links.
Primeiro nenhum dos programas é federado (o serviço wire promote isso para breve). Segundo embora o contéudo das mensagens seja cifrada ponta-a-ponta, os metadados não o são.
O projecto briar pretende resolver todos esses problemas. Ver https://briarproject.org/how-it-works.html