Briar is a messaging app designed for high-security and censored environments. It uses peer-to-peer encryption, meaning messages are exchanged directly between devices rather than through a central server. This decentralized approach eliminates single points of failure and surveillance. Briar can connect directly via Bluetooth or Wi-Fi in proximity, or through the Tor network for more distant contacts, further enhancing privacy. Users add contacts by scanning a QR code or sharing a link. While Briar prioritizes security, it also supports blogs and forums, fostering community building in challenging situations.
Briar is a messaging app designed with a strong focus on security, privacy, and availability, especially in challenging environments where internet access is unreliable or censored. It achieves this by employing a peer-to-peer architecture, eschewing centralized servers that can be targeted for surveillance or shutdown. Instead of relying on a single server to relay messages, Briar leverages a distributed network formed by the users themselves. Each user's device acts as a node in this network, forwarding messages towards their intended recipients.
This peer-to-peer system enhances privacy in several key ways. Firstly, it eliminates the central point of vulnerability presented by a traditional server. There's no single entity that can be compelled to hand over data or manipulate communication. Secondly, messages are end-to-end encrypted, meaning they are scrambled at the sender's device and only decrypted at the recipient's device. This prevents eavesdropping, even by other nodes in the Briar network that may be relaying the message. Briar uses well-established cryptographic protocols to ensure the integrity and confidentiality of these messages.
To establish connections within the network, Briar offers multiple options. Users can add contacts directly by scanning each other's QR codes or by exchanging contact information via Bluetooth. Alternatively, if two users have mutual connections already within the Briar network, those shared connections can serve as a bridge, enabling indirect contact addition. This approach allows users to connect even if they are not physically proximate or able to directly exchange information.
Briar also facilitates the creation of forums, which are essentially group chats designed for secure and private discussions. Like direct messages, forums are decentralized and rely on the peer-to-peer network for message dissemination. This avoids the potential vulnerabilities of centralized forum servers.
In situations where internet connectivity is unavailable, Briar can still function by utilizing Bluetooth or Wi-Fi networks. Devices within Bluetooth range can communicate directly, while devices on the same local Wi-Fi network can also exchange messages, effectively creating a localized mesh network independent of the wider internet. This offline functionality is particularly crucial in areas experiencing internet shutdowns or natural disasters, ensuring lines of communication can remain open.
Furthermore, Briar is designed with security in mind, aiming to resist surveillance and censorship efforts. The peer-to-peer architecture and end-to-end encryption make it difficult for third parties to intercept or monitor communications. The decentralized nature of the network also makes it resilient against takedown attempts, as there is no single server to target. Briar is open-source software, allowing for independent auditing and verification of its security features. This transparency contributes to trust and ensures the community can scrutinize the code for potential vulnerabilities.
Summary of Comments ( 131 )
https://news.ycombinator.com/item?id=43363031
Hacker News users discussed Briar's reliance on Tor for peer discovery, expressing concerns about its speed and reliability. Some questioned the practicality of Bluetooth and Wi-Fi mesh networking as a fallback, doubting its range and usability. Others were interested in the technical details of Briar's implementation, particularly its use of SQLite and the lack of end-to-end encryption for blog posts. The closed-source nature of the Android app was also raised as a potential issue, despite the project being open source overall. Several commenters compared Briar to other secure messaging apps like Signal and Session, highlighting trade-offs between usability and security. Finally, there was some discussion of the project's funding and its potential use cases in high-risk environments.
The Hacker News post titled "Briar: Peer to Peer Encrypted Messaging" linking to Briar Project's "how it works" page generated a moderate amount of discussion, with several commenters expressing interest in the project and its technical aspects.
A recurring theme is Briar's unique approach to peer-to-peer communication, which avoids relying on central servers. Several comments delve into the specifics of this, comparing it to other messaging apps like Signal and Session. One commenter points out that Briar "uses Bluetooth and wifi-direct for local communication" when internet connectivity is unavailable, distinguishing it from apps that rely solely on internet access. Another commenter elaborates on this, explaining how this feature enables communication in "challenging network environments" like protests or areas with internet censorship.
The discussion also touches on the trade-offs of this decentralized approach. A commenter highlights the "higher barrier to entry" due to the need for direct connections or a trusted contact already on the network, contrasting it with the ease of joining centralized platforms. Another acknowledges the potential difficulty in discovering and adding contacts.
Security and privacy are also prominent in the discussion. Commenters discuss the encryption methods employed by Briar and its resistance to surveillance. One commenter inquires about metadata leaks, specifically regarding "Bluetooth broadcast device names," raising concerns about potential identification even with encrypted messages.
Furthermore, the conversation drifts towards the practical usability of Briar. Commenters discuss its interface and user experience, with some expressing a desire for a more polished design. The limited platform support (Android only at the time of the comments) is also mentioned. A commenter expresses interest in iOS and desktop support, indicating a demand for broader accessibility.
Finally, some comments provide additional context, mentioning related projects like Ricochet Refresh and the challenges of building truly decentralized and secure communication systems. One commenter mentions the historical precedent of "sneakernet" as a precursor to Briar's approach.
In summary, the comments section demonstrates a significant interest in Briar's decentralized approach to secure messaging, while also acknowledging the practical challenges and trade-offs involved. The discussion focuses heavily on the technical aspects, comparing Briar to existing solutions and exploring its potential use cases in situations where traditional communication channels are unavailable or compromised.