briar issueshttps://code.briarproject.org/briar/briar/-/issues2020-11-19T15:21:55Zhttps://code.briarproject.org/briar/briar/-/issues/942Compare Briar's Notification behaviour with other chat applications2020-11-19T15:21:55ZErnir ErlingssonCompare Briar's Notification behaviour with other chat applications> @ernir it would be great if you could look into the notification behaviour of other apps in detail (if i had to pick one, i guess it would be whatsapp) and see how they're handling all the corner cases. for example, if a conversation i...> @ernir it would be great if you could look into the notification behaviour of other apps in detail (if i had to pick one, i guess it would be whatsapp) and see how they're handling all the corner cases. for example, if a conversation is open and a message arrives, does it show a notification/vibrate/make a sound/blink the led? same question if the screen is off, same question if the list of conversations is open instead of the conversation itself, etchttps://code.briarproject.org/briar/briar/-/issues/1101Research whether NotificationCleanupService needs to be migrated to JobIntent...2020-11-19T13:24:10ZakwizgranResearch whether NotificationCleanupService needs to be migrated to JobIntentServiceNotificationCleanupService extends IntentService, which may not work properly on Android 8 [according to the docs](https://developer.android.com/about/versions/oreo/background.html). Find out whether the changes apply to us. If so, upgra...NotificationCleanupService extends IntentService, which may not work properly on Android 8 [according to the docs](https://developer.android.com/about/versions/oreo/background.html). Find out whether the changes apply to us. If so, upgrade the support library to version 26 and migrate NotificationCleanupService to JobIntentService.https://code.briarproject.org/briar/briar/-/issues/603Research stream isolation for hidden service connections2020-11-16T11:11:45ZakwizgranResearch stream isolation for hidden service connectionsTor supports stream isolation, meaning that streams used for separate purposes can be forced to use separate circuits, making it harder for observers to tell whether the streams belong to the same client. Clients can activate this featur...Tor supports stream isolation, meaning that streams used for separate purposes can be forced to use separate circuits, making it harder for observers to tell whether the streams belong to the same client. Clients can activate this feature by specifying a SOCKS username and password - streams with different SOCKS credentials will be isolated from each other.
Using stream isolation for our hidden service connections may help to prevent Tor relays from learning which hidden service addresses belong to contacts of the same user. That information could be used to help identify the user or her contacts. On a larger scale it might also be used to build an anonymised social graph of hidden service addresses, which could then be deanonymised by comparing it with other social graphs (https://33bits.org/).
However, it's not clear whether stream isolation would prevent this information leak, as Tor may re-use existing circuits for publishing and retrieving hidden service descriptors (see https://gitweb.torproject.org/torspec.git/plain/rend-spec.txt).
Find out:
* Whether stream isolation applies to publishing and retrieving HS descriptors
* Whether stream isolation has a bandwidth cost due to using more circuitshttps://code.briarproject.org/briar/briar/-/issues/28LAN peer discovery2022-09-08T12:24:41ZakwizgranLAN peer discoveryThere are three options:
1) Use Wi-Fi Direct peer discovery.
Advantages:
* Available on recent Android devices with very little effort
* Doesn't create a Briar-specific traffic fingerprint
* Doesn't reveal the number of contacts
Disad...There are three options:
1) Use Wi-Fi Direct peer discovery.
Advantages:
* Available on recent Android devices with very little effort
* Doesn't create a Briar-specific traffic fingerprint
* Doesn't reveal the number of contacts
Disadvantages:
* Not available on older Android devices
* May not be available on all platforms
2) Use BitTorrent's local peer discovery protocol. Advertise a single infohash for all contacts.
https://en.wikipedia.org/wiki/Local_Peer_Discovery
http://forum.utorrent.com/viewtopic.php?pid=433785#p433785
Advantages:
* Doesn't create a Briar-specific traffic fingerprint
* Doesn't reveal the number of contacts
Disadvantages:
* Direct use of multicast won't work on all Android devices
3) Use a custom protocol. Choose a pseudorandom multicast group, advertise it in transport properties. Join the group at startup and periodically send a UDP packet to the group. Join contacts' multicast groups, listen for UDP packets, and connect back via TCP.
Advantages:
* Won't trigger filter rules designed to catch P2P traffic
Disadvantages:
* Direct use of multicast won't work on all Android devices
* Will IGMP traffic reveal the number of contacts?https://code.briarproject.org/briar/briar/-/issues/454Research RSS article extraction libraries2020-11-21T18:55:04ZTorsten GroteResearch RSS article extraction librariesThere are two main problems with doing a RSS Import and republishing it as a Briar Blog:
1. **The feed may not include the full article, but only a teaser**
2. How would RSS feed of a traditional blog or news website fit with Briar's mor...There are two main problems with doing a RSS Import and republishing it as a Briar Blog:
1. **The feed may not include the full article, but only a teaser**
2. How would RSS feed of a traditional blog or news website fit with Briar's more tumblr-like blogs
This ticket is about solving the first problem. Once this is solved, we'll open a new ticket for the second one.
One solution could be to **fetch and reformat the full article** that is usually linked from the RSS feed. This is a difficult job that would require a lot of testing with real-world data. Fortunately, there are libraries out there that could solve this problem for us.
It is difficult to detect if an RSS feed provides the full content or not. In both cases, the `<description>` tag is used. So maybe we could show users a **preview** before importing the feed and allow them to **switch article extraction mode on manually** for when the feed only contains teasers.
An alternative is not to support teaser-only feeds at all and rely on users to provide full text feeds. There is even a [Free Software webservice](http://fivefilters.org/content-only/) to do this.
This is a sub-ticket of #135.
# Article Extraction Libraries
## [boilerpipe](https://github.com/kohlschutter/boilerpipe)
* seems to be the most popular library on the net, but last release was 5 years ago and last commit 2 years ago
* not on jcenter, only private maven repo or jars
* `ArticleExtractor#getText()` can take various arguments such as `Url`, `String`, `Reader`, etc. so we can fetch the document ourselves via Tor
* The built-in `HTMLFetcher` is very simple and does not seem to support proxies
* License: Apache License 2.0
* Dependencies:
* [nekohtml](http://nekohtml.sourceforge.net/)
* [xerces](https://xerces.apache.org/)
## [snacktory](https://github.com/karussell/snacktory)
* used by the RSS reader Torsten is using and works well, but also [no longer actively developed](https://github.com/karussell/snacktory/issues/42#issuecomment-71230546)
* good detection for none-english sites (German, Japanese, ...), snacktory does not depend on the word count in its text detection to support CJK languages
* not on jcenter, only private maven repo or jars (or one `.java` file)
* `ArticleTextExtractor#extractContent()` can take various arguments such as `JResult`, `String`, `Document`, etc. so we can fetch the document ourselves via Tor
* There is also a built-in `HtmlFetcher` that has a `setProxy()` method
* License: Apache License 2.0
* Dependencies:
* [jsoup](https://jsoup.org/)
* [log4j](https://logging.apache.org/log4j/)
* [slf4j-api](http://www.slf4j.org/)
## [goose](https://github.com/GravityLabs/goose)
* written in Scala which apparently can be used in Android projects
* Last release in Nov 2015
* License: Apache License 2.0https://code.briarproject.org/briar/briar/-/issues/439Compare TRVE Data with BSP2020-11-21T18:55:43Zstr4dCompare TRVE Data with BSPFrom the research team we are talking with about performance / battery life measurements (for #115). It sounds like it has a lot of overlap with BSP; it would be interesting to know in what ways the approaches differ.
http://www.cl.cam....From the research team we are talking with about performance / battery life measurements (for #115). It sounds like it has a lot of overlap with BSP; it would be interesting to know in what ways the approaches differ.
http://www.cl.cam.ac.uk/research/dtg/trve/
https://github.com/trvedatahttps://code.briarproject.org/briar/briar/-/issues/51Can we trigger the TRIM command on Android?2020-11-16T11:04:26ZakwizgranCan we trigger the TRIM command on Android?Android 4.3 uses the TRIM command to erase blocks of flash that are unused by the filesystem. This could improve our chances of securely deleting data on Android.
MountService issues the TRIM command once every 24 hours if the device is...Android 4.3 uses the TRIM command to erase blocks of flash that are unused by the filesystem. This could improve our chances of securely deleting data on Android.
MountService issues the TRIM command once every 24 hours if the device is idle and charged, as determined by `IdleMaintenanceService`:
https://android.googlesource.com/platform/frameworks/base/+/master/services/java/com/android/server/IdleMaintenanceService.java
Investigate whether we can broadcast any of the intents issued by `IdleMaintenanceService` to cause a TRIM on demand, e.g. in a panic button situation after deleting the database.
We can broadcast an intent with the action `"com.android.server.IdleMaintenanceService.action.FORCE_IDLE_MAINTENANCE"`, but it's not clear whether that has any effect - nothing shows up in the logs on a Galaxy Nexus with Android 4.3 when the intent is broadcast.
When `IdleMaintenanceService` decides (due to receiving the above intent or otherwise) that it's time to run idle maintenance tasks, it broadcasts an intent with the action `"android.intent.action.ACTION_IDLE_MAINTENANCE_START"`. According to the `Intent` javadoc, that intent "can only be sent by the system":
https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/content/Intent.java
Alternatively, we might be able to invoke `android.app.ActivityManagerNative.getDefault().performIdleMaintenance()` via reflection. The method in question was added in September 2013:
https://android.googlesource.com/platform/frameworks/base/+blame/master/core/java/android/app/ActivityManagerNative.java
It's included in the `kitkat-release` branch but not the `jb-release` branch, so we'd need a phone with 4.4 to test this.https://code.briarproject.org/briar/briar/-/issues/1675Investigate whether we can capture a photo from the camera without storing it...2020-11-15T17:00:31ZakwizgranInvestigate whether we can capture a photo from the camera without storing it on diskWhen sending an ACTION_IMAGE_CAPTURE intent it's possible to pass a content URI that represents a file where the camera app should store the image. (On Android 7+ the URI has to be obtained from a FileProvider.) In itself that's not much...When sending an ACTION_IMAGE_CAPTURE intent it's possible to pass a content URI that represents a file where the camera app should store the image. (On Android 7+ the URI has to be obtained from a FileProvider.) In itself that's not much use - it would allow us to specify a file in Briar's private data dir, which is better than using the shared media dir, but the file would still be unencrypted.
Investigate whether it's possible to pass a URI that represents a pipe rather than an ordinary file, in which case we could read the data from the pipe into the encrypted db (or an encrypted temporary file).https://code.briarproject.org/briar/briar/-/issues/1736Investigate whether library desugaring in Android Studio 4 allows us to upgra...2020-11-15T15:49:34ZakwizgranInvestigate whether library desugaring in Android Studio 4 allows us to upgrade any dependenciesAndroid Studio 4 adds support for certain Java 8+ APIs that aren't natively supported on older versions of Android, which has prevented us from upgrading certain dependencies (eg newer versions of H2 require ThreadLocalRandom). Find out ...Android Studio 4 adds support for certain Java 8+ APIs that aren't natively supported on older versions of Android, which has prevented us from upgrading certain dependencies (eg newer versions of H2 require ThreadLocalRandom). Find out whether upgrading to AS 4 would allow us to upgrade any dependencies.https://code.briarproject.org/briar/briar/-/issues/2010Investigate behaviour of recent apps list for various manufacturers2022-03-21T13:49:28ZakwizgranInvestigate behaviour of recent apps list for various manufacturersMany manufacturers have custom implementations of the recent apps list.
On Tecno phones, clearing the recent apps list [kills the Briar process](https://code.briarproject.org/briar/briar/-/issues/992#note_44605) unless the app is [locke...Many manufacturers have custom implementations of the recent apps list.
On Tecno phones, clearing the recent apps list [kills the Briar process](https://code.briarproject.org/briar/briar/-/issues/992#note_44605) unless the app is [locked to the recent apps list](https://code.briarproject.org/briar/briar/-/issues/1743#note_49393).
On Xiaomi/Redmi phones, [locking an app to the recent apps list](https://code.briarproject.org/briar/briar/-/issues/1743#note_49341) prevents it from being killed by the system's power manager, which would otherwise happen even without clearing the list.
For as many manufacturers as possible, find out:
1. whether clearing the recent apps list kills Briar
2. whether apps can be locked to the recent apps list
3. whether locking prevents Briar from being killed when clearing the list
4. whether locking provides any other protection (e.g. from the system's power manager)https://code.briarproject.org/briar/briar/-/issues/2282iOS feasibility study2022-03-03T17:03:06ZakwizgraniOS feasibility studyTo know whether Briar can be viable on iOS we need to answer the following questions.
Online:
* Can the app run a Tor hidden service on iOS? (Bearing in mind that this requires a wake lock on Android to prevent Tor's circuits from timin...To know whether Briar can be viable on iOS we need to answer the following questions.
Online:
* Can the app run a Tor hidden service on iOS? (Bearing in mind that this requires a wake lock on Android to prevent Tor's circuits from timing out when the CPU sleeps.)
* Can the hidden service keep running for a limited time when the app goes into the background?
* Can the app wake periodically while running in the background, connect to a mailbox via Tor and check for messages?
* If the app finds messages when checking the mailbox, can it (a) store the messages in the local database, (b) show a notification?
Offline:
* Can the app advertise a UUID/other info via BLE such that nearby iOS/Android devices can discover it?
* Can the app scan for UUIDs/other info advertised via BLE by nearby iOS/Android devices?
* Can the app make/receive GATT connections to/from iOS/Android devices?
* Can the app make/receive L2CAP-CoC connections to/from iOS/Android devices?
* Can the app provide a wifi hotspot (without internet access)? Can it make/receive TCP connections to/from devices connected to the hotspot?
* Can the app connect to a wifi hotspot (without internet access) provided by another device? Can it make/receive TCP connections to/from other devices connected to the hotspot?
For all of the above we need to know:
* Differences between foreground and background behaviour
* API limits such as rate limits, number of UUIDs that can be scanned for
* Any other circumstances that could affect the behaviour, such as screen being off, low battery, device reboot, user not bringing the app to the foreground for a long time
* Whether user interaction is neededhttps://code.briarproject.org/briar/briar/-/issues/2389Research how other apps handle read receipts2023-03-15T12:34:52ZakwizgranResearch how other apps handle read receiptsResearch how other messaging apps handle read receipts:
* Is a message displayed differently when sent to a contact who has disabled read receipts, versus a contact who has enabled read receipts but has not read the message?
* Does the u...Research how other messaging apps handle read receipts:
* Is a message displayed differently when sent to a contact who has disabled read receipts, versus a contact who has enabled read receipts but has not read the message?
* Does the user have to allow read receipts to be sent in order to request that contacts send read receipts?
* Is the user informed if a contact allows read receipts to be sent to the user?
* Is the user informed if a contact asks for read receipts to be sent to the contact?
* In a group chat, is it possible to see which users, or how many users, have read a message? What is the UI for this?Sponsor 6 usability improvementshttps://code.briarproject.org/briar/briar/-/issues/2394Research how Tumblr and Twitter handle comments/reblogs for previously seen p...2023-03-15T12:34:52ZakwizgranResearch how Tumblr and Twitter handle comments/reblogs for previously seen postsWhen a Briar blog post receives a comment or reblog from someone whose blog we subscribe to, a duplicate of the post is added to our combined feed. Research how Tumblr and Twitter handle this, specifically in the case where the comment c...When a Briar blog post receives a comment or reblog from someone whose blog we subscribe to, a duplicate of the post is added to our combined feed. Research how Tumblr and Twitter handle this, specifically in the case where the comment chain forks (for example, Alice comments on the original post and then Bob comments on the original post rather than replying to Alice's comment).Sponsor 6 usability improvements