Stories with Tag messaging app

• Briar: Peer to Peer Encrypted Messaging

  permalink

  Posted: 2025-03-14 14:36:23

  Verbose tl;dr

  Briar is a messaging app designed for high-security and censored environments. It uses peer-to-peer encryption, meaning messages are exchanged directly between devices rather than through a central server. This decentralized approach eliminates single points of failure and surveillance. Briar can connect directly via Bluetooth or Wi-Fi in proximity, or through the Tor network for more distant contacts, further enhancing privacy. Users add contacts by scanning a QR code or sharing a link. While Briar prioritizes security, it also supports blogs and forums, fostering community building in challenging situations.

  Briar is a messaging app designed with a strong focus on security, privacy, and availability, especially in challenging environments where internet access is unreliable or censored. It achieves this by employing a peer-to-peer architecture, eschewing centralized servers that can be targeted for surveillance or shutdown. Instead of relying on a single server to relay messages, Briar leverages a distributed network formed by the users themselves. Each user's device acts as a node in this network, forwarding messages towards their intended recipients.

  This peer-to-peer system enhances privacy in several key ways. Firstly, it eliminates the central point of vulnerability presented by a traditional server. There's no single entity that can be compelled to hand over data or manipulate communication. Secondly, messages are end-to-end encrypted, meaning they are scrambled at the sender's device and only decrypted at the recipient's device. This prevents eavesdropping, even by other nodes in the Briar network that may be relaying the message. Briar uses well-established cryptographic protocols to ensure the integrity and confidentiality of these messages.

  To establish connections within the network, Briar offers multiple options. Users can add contacts directly by scanning each other's QR codes or by exchanging contact information via Bluetooth. Alternatively, if two users have mutual connections already within the Briar network, those shared connections can serve as a bridge, enabling indirect contact addition. This approach allows users to connect even if they are not physically proximate or able to directly exchange information.

  Briar also facilitates the creation of forums, which are essentially group chats designed for secure and private discussions. Like direct messages, forums are decentralized and rely on the peer-to-peer network for message dissemination. This avoids the potential vulnerabilities of centralized forum servers.

  In situations where internet connectivity is unavailable, Briar can still function by utilizing Bluetooth or Wi-Fi networks. Devices within Bluetooth range can communicate directly, while devices on the same local Wi-Fi network can also exchange messages, effectively creating a localized mesh network independent of the wider internet. This offline functionality is particularly crucial in areas experiencing internet shutdowns or natural disasters, ensuring lines of communication can remain open.

  Furthermore, Briar is designed with security in mind, aiming to resist surveillance and censorship efforts. The peer-to-peer architecture and end-to-end encryption make it difficult for third parties to intercept or monitor communications. The decentralized nature of the network also makes it resilient against takedown attempts, as there is no single server to target. Briar is open-source software, allowing for independent auditing and verification of its security features. This transparency contributes to trust and ensures the community can scrutinize the code for potential vulnerabilities.

  • peer-to-peer
  • p2p
  • Encrypted Messaging
  • Secure Messaging
  • privacy
  • Security
  • off-the-grid
  • censorship resistance
  • Briar
  • Briar Project
  • messaging app
  • Mobile App
  • Android
  • End-to-End Encryption
  • E2EE
  • Decentralized
  • internet freedom

  Summary of Comments ( 131 )
  https://news.ycombinator.com/item?id=43363031

  Verbose tl;dr

  Hacker News users discussed Briar's reliance on Tor for peer discovery, expressing concerns about its speed and reliability. Some questioned the practicality of Bluetooth and Wi-Fi mesh networking as a fallback, doubting its range and usability. Others were interested in the technical details of Briar's implementation, particularly its use of SQLite and the lack of end-to-end encryption for blog posts. The closed-source nature of the Android app was also raised as a potential issue, despite the project being open source overall. Several commenters compared Briar to other secure messaging apps like Signal and Session, highlighting trade-offs between usability and security. Finally, there was some discussion of the project's funding and its potential use cases in high-risk environments.

  The Hacker News post titled "Briar: Peer to Peer Encrypted Messaging" linking to Briar Project's "how it works" page generated a moderate amount of discussion, with several commenters expressing interest in the project and its technical aspects.

  A recurring theme is Briar's unique approach to peer-to-peer communication, which avoids relying on central servers. Several comments delve into the specifics of this, comparing it to other messaging apps like Signal and Session. One commenter points out that Briar "uses Bluetooth and wifi-direct for local communication" when internet connectivity is unavailable, distinguishing it from apps that rely solely on internet access. Another commenter elaborates on this, explaining how this feature enables communication in "challenging network environments" like protests or areas with internet censorship.

  The discussion also touches on the trade-offs of this decentralized approach. A commenter highlights the "higher barrier to entry" due to the need for direct connections or a trusted contact already on the network, contrasting it with the ease of joining centralized platforms. Another acknowledges the potential difficulty in discovering and adding contacts.

  Security and privacy are also prominent in the discussion. Commenters discuss the encryption methods employed by Briar and its resistance to surveillance. One commenter inquires about metadata leaks, specifically regarding "Bluetooth broadcast device names," raising concerns about potential identification even with encrypted messages.

  Furthermore, the conversation drifts towards the practical usability of Briar. Commenters discuss its interface and user experience, with some expressing a desire for a more polished design. The limited platform support (Android only at the time of the comments) is also mentioned. A commenter expresses interest in iOS and desktop support, indicating a demand for broader accessibility.

  Finally, some comments provide additional context, mentioning related projects like Ricochet Refresh and the challenges of building truly decentralized and secure communication systems. One commenter mentions the historical precedent of "sneakernet" as a precursor to Briar's approach.

  In summary, the comments section demonstrates a significant interest in Briar's decentralized approach to secure messaging, while also acknowledging the practical challenges and trade-offs involved. The discussion focuses heavily on the technical aspects, comparing Briar to existing solutions and exploring its potential use cases in situations where traditional communication channels are unavailable or compromised.

• Ricochet: Peer-to-peer instant messaging system built on Tor hidden services (2017)

  permalink

  Posted: 2025-02-14 08:34:31

  Verbose tl;dr

  Ricochet is a peer-to-peer encrypted instant messaging application that uses Tor hidden services for communication. Each user generates a unique hidden service address, eliminating the need for servers and providing strong anonymity. Contacts are added by sharing these addresses, and all messages are encrypted end-to-end. This decentralized architecture makes it resistant to surveillance and censorship, as there's no central point to monitor or control. Ricochet prioritizes privacy and security by minimizing metadata leakage and requiring no personal information for account creation. While the project is no longer actively maintained, its source code remains available.

  The GitHub repository for Ricochet describes a peer-to-peer encrypted instant messaging system designed for strong anonymity and privacy. Ricochet leverages the Tor hidden service protocol, eliminating the need for central servers and significantly reducing metadata leakage. Each user operates a Tor hidden service, essentially making their computer a server for their own messages. When a user wants to connect with another, their client establishes a direct connection to the recipient's hidden service. This architecture means that messages are never routed through intermediary servers, preventing potential eavesdropping or censorship by third parties.

  User discovery in Ricochet relies on "contact addresses" which are essentially the recipient's Tor hidden service address. To add a contact, users need to obtain and share this address. While this process requires out-of-band communication, it eliminates the need for centralized user directories or contact lists, further enhancing privacy.

  Ricochet prioritizes security through end-to-end encryption. All messages exchanged between users are encrypted using the OTR (Off-the-Record) protocol, ensuring confidentiality and integrity. OTR also provides perfect forward secrecy, meaning past messages remain secure even if encryption keys are compromised in the future. Additionally, the use of Tor hidden services provides a degree of anonymity by obscuring the IP addresses of both the sender and the recipient.

  The project aims to be user-friendly, offering a simple and intuitive interface for managing contacts and sending messages. However, the reliance on Tor hidden services introduces some limitations. Connection establishment can sometimes be slow due to the inherent latency of the Tor network. Additionally, as the project is no longer actively maintained (as indicated by its archived status on GitHub), users should be aware of potential security vulnerabilities that might not be addressed. Despite these limitations, Ricochet represents a novel approach to secure messaging by leveraging the decentralized nature of Tor to minimize metadata exposure and enhance user privacy. The project's focus on peer-to-peer communication and the absence of central servers significantly reduces the potential for data breaches and surveillance.

  • instant messaging
  • peer-to-peer
  • Tor
  • hidden services
  • anonymity
  • privacy
  • Security
  • RICOCHET
  • Open Source
  • Desktop Application
  • messaging app
  • End-to-End Encryption
  • metadata resistance

  Summary of Comments ( 12 )
  https://news.ycombinator.com/item?id=43046192

  Verbose tl;dr

  HN commenters discuss Ricochet's reliance on Tor hidden services for its peer-to-peer architecture. Several express concern over its discoverability, suggesting contact discovery is a significant hurdle for wider adoption. Some praised its strong privacy features, while others questioned its scalability and the potential for network congestion with increased usage. The single developer model and lack of recent updates also drew attention, raising questions about the project's long-term viability and security. A few commenters shared positive experiences using Ricochet, highlighting its ease of setup and reliable performance. Others compared it to other secure messaging platforms, debating the trade-offs between usability and anonymity. The discussion also touches on the inherent limitations of relying solely on Tor, including speed and potential vulnerabilities.

  The Hacker News post discussing Ricochet, a peer-to-peer instant messaging system built on Tor hidden services, has a moderate number of comments, offering a variety of perspectives on its functionality, security, and practicality.

  Several commenters discuss the inherent limitations and challenges of using Tor for real-time communication. Some point out the latency introduced by the Tor network can make voice and video chat impractical, while others mention the difficulties in achieving reliable connectivity and call quality. One commenter even suggests that the performance characteristics of Tor are fundamentally unsuitable for such applications.

  The discussion delves into the security aspects of Ricochet, with commenters raising questions about metadata leakage and the effectiveness of hidden services in protecting user anonymity. Some express concerns about the potential for traffic correlation attacks, while others acknowledge the improved privacy compared to traditional messaging platforms. There's a specific discussion thread regarding the feasibility of deanonymization through timing analysis and other sophisticated techniques.

  A few comments focus on the usability and features of Ricochet. Some users find the setup process complicated and the user interface less intuitive than mainstream messengers. Others appreciate its decentralized nature and the absence of central servers, highlighting the potential for increased resistance to censorship and surveillance.

  Several commenters mention alternative peer-to-peer messaging projects and compare their features and security models to Ricochet. These alternatives often utilize different underlying technologies, such as blockchain or distributed hash tables. This comparison prompts discussions about the trade-offs between different approaches to decentralized communication.

  Finally, some commenters express skepticism about the long-term viability of Ricochet, citing the challenges of maintaining and developing an open-source project with limited resources. Others remain optimistic about its potential and encourage further development and community involvement.