briar issueshttps://code.briarproject.org/briar/briar/-/issues2021-02-16T23:06:44Zhttps://code.briarproject.org/briar/briar/-/issues/1923Mailing list migration2021-02-16T23:06:44ZsysterMailing list migrationMailing list migration:
For the reasons:
https://code.briarproject.org/briar/briar/-/issues/988
https://code.briarproject.org/briar/briar/-/issues/1741
"_sourceforge doesn't give us access to the subscriptions_"
migration is bet...Mailing list migration:
For the reasons:
https://code.briarproject.org/briar/briar/-/issues/988
https://code.briarproject.org/briar/briar/-/issues/1741
"_sourceforge doesn't give us access to the subscriptions_"
migration is better done soonish, then later.
-----------------------------------------------------------
**Solution 1:**
Creating new lists and announcing them. Letting the old lists run for 1 year or something and regular invite folks to join the new lists.
**Solution 2:**
There is access to subscribers email pre-2017. They can be migrated to new service and sending them an email asking for confirmation. Sending announcement via sourceforge to all, that there's a new email list. There is no option that pre-2017 subscribers won't receive that same email, even if they're already part of the new list. Potential legal issue: Do you have the consent, that allows you to switch the pre-2017 subscribers to new service?
**Solution 3:**
?
Concern:
- discussion in devel list will be split between 2 lists until everyone participating switched to the new one, or if this issue is mitigated by bridging the lists (could be as simple as coping the digest of the daily mails into the other list with a link to read them in the browser)https://code.briarproject.org/briar/briar/-/issues/1931Add new contact FAB labels not visible in landscape orientation2021-02-11T13:25:47ZIvanaAdd new contact FAB labels not visible in landscape orientationWth your device in landscape orientation
Tap on + to add a contact
The icons for adding contacts at a distance or nearby are visible, but labels are not so user doesn't know what to tap.
The workaround is: use phone in portrait orienta...Wth your device in landscape orientation
Tap on + to add a contact
The icons for adding contacts at a distance or nearby are visible, but labels are not so user doesn't know what to tap.
The workaround is: use phone in portrait orientation, where labels are clearly visible
(Mattermost conversation 11/2/21: perhaps solution is to stack icons vertically?)
Low priority as the contact creation is successful in both landscape and portrait, plus workaround super easy - it's jsut a matter of labels showing/not showing...https://code.briarproject.org/briar/briar/-/issues/265Fuzzing tests for message validators2021-02-10T15:10:26ZakwizgranFuzzing tests for message validatorsUse fuzzing to ensure the message validators reject invalid messages without crashing. Record any messages that trigger crashes.
We can either look for a suitable fuzzing library or write our own fuzzer, starting from valid messages and...Use fuzzing to ensure the message validators reject invalid messages without crashing. Record any messages that trigger crashes.
We can either look for a suitable fuzzing library or write our own fuzzer, starting from valid messages and applying random mutations (delete/replace/repeat).https://code.briarproject.org/briar/briar/-/issues/1929Scan QR codes from DigiSafeGuard encryption app2021-02-10T15:09:30ZRion OcerusScan QR codes from DigiSafeGuard encryption appThis app could be much more robust, if preparation was made to share, & have shared QR codes from DigiSafe Guard (DSG)from SecuryptoThis app could be much more robust, if preparation was made to share, & have shared QR codes from DigiSafe Guard (DSG)from Securyptohttps://code.briarproject.org/briar/briar/-/issues/1470Message Timestamps not localized for all languages2021-02-09T14:05:03ZJulian DehmMessage Timestamps not localized for all languagesWe are currently using `DateUtils` to create the timestamp strings for messages/posts/statuses. Unfortunately the languages supported by it varies greatly across APIs.
I wrote a test application which dumps the strings for all our lang...We are currently using `DateUtils` to create the timestamp strings for messages/posts/statuses. Unfortunately the languages supported by it varies greatly across APIs.
I wrote a test application which dumps the strings for all our languages (fallback means it's falling back to the system language):
| API | 15 - 16 | 17 - 19 | 21 - 22 | 23 | 24 - 25 | 26 - 28 |
|-----|--------|---|---|---|---|---|
| Failed | br (fallback) <br> eu (fallback) <br> gl (fallback) <br> ms (fallback) <br> oc (fallback) <br> sq (fallback)| br (fallback) <br> eu (fallback) <br> gl (fallback) <br> he (fallback) <br> ms (fallback) <br> oc (fallback) <br> sq (fallback) | ast (fallback) <br>br (fallback) <br>eu (fallback) <br>fa (fallback)<br>gl(fallback)<br>he (fallback)<br>ms (fallback)<br>oc (fallback)<br>sq (fallback)<br> | ast <br> br <br> oc | ast <br> oc | oc |Julian DehmJulian Dehmhttps://code.briarproject.org/briar/briar/-/issues/1927Make entire crash report/feedback exportable2021-02-08T17:30:19ZakwizgranMake entire crash report/feedback exportableThe crash report/feedback entries are selectable individually but not collectively. A tester asked for them to be selectable/exportable/shareable collectively for easier sending of reports via other means when Tor isn't available.The crash report/feedback entries are selectable individually but not collectively. A tester asked for them to be selectable/exportable/shareable collectively for easier sending of reports via other means when Tor isn't available.https://code.briarproject.org/briar/briar/-/issues/1631Offline import RSS2021-02-05T10:25:41ZVladislavOffline import RSSAllow to add RSS-feed when connection can't be established.
Sometimes, internet connection is slow, and connection with TOR can't be established. That cause impossibility to add RSS-feedAllow to add RSS-feed when connection can't be established.
Sometimes, internet connection is slow, and connection with TOR can't be established. That cause impossibility to add RSS-feedhttps://code.briarproject.org/briar/briar/-/issues/824Transition between key agreement fragments is broken2021-02-04T18:51:56ZakwizgranTransition between key agreement fragments is brokenThe transition from IntroFragment to ShowQrCodeFragment doesn't work as expected: instead of ShowQrCodeFragment sliding in from the right, the screen briefly goes black, then IntroFragment reappears, then ShowQrCodeFragment appears. The ...The transition from IntroFragment to ShowQrCodeFragment doesn't work as expected: instead of ShowQrCodeFragment sliding in from the right, the screen briefly goes black, then IntroFragment reappears, then ShowQrCodeFragment appears. The transition has been disabled as a workaround, but ideally we should fix it.
This may be fixed by the refactoring described on #288, or it may not.https://code.briarproject.org/briar/briar/-/issues/1741sourceforge not respecting privacy and using proprietary software2021-02-04T14:24:19Zsystersourceforge not respecting privacy and using proprietary softwaresourceforge not respecting privacy and using proprietary software
I assume this is known, so I continue starting a discourse for an alternative:
mattermost/matrix is already an alternative. It is used withing the briar development.
B...sourceforge not respecting privacy and using proprietary software
I assume this is known, so I continue starting a discourse for an alternative:
mattermost/matrix is already an alternative. It is used withing the briar development.
But many might prefer having an option to assign for updates via email.
Tails for example is using: https://lists.autistici.org/list/tails-project.en.html
One can read those messages within their email client of by opening the page in any browser.
The usage of Tor is respected. It is build on free softwarehttps://code.briarproject.org/briar/briar/-/issues/988WTF: Briar Mailing list is blocking net neutrality(or tor users)2021-02-04T14:24:18ZqywltgxwWTF: Briar Mailing list is blocking net neutrality(or tor users)Briar is a project that should allow people to be able to talk with each other by respecting their freedom. Thats great and thats why i liked to join the mailing list.
The mailing list itself is blocking me from registration. It tells me...Briar is a project that should allow people to be able to talk with each other by respecting their freedom. Thats great and thats why i liked to join the mailing list.
The mailing list itself is blocking me from registration. It tells me, that i cant register and my registration would have triggered some account blocking.
This is fully against the philosophy of the Briar project.
How to reproduce:
1. Open tor browser
2. Go to https://www.guerrillamail.com to get a free email
3. Go to https://sourceforge.net/projects/briar/lists/briar-devel/index and enter the email you got before and follow the steps. It then asks you to make the famous spam-check with choosing pictures probably every tor users knows from daily use.
At the end when you have successfully done this test, it reports on the top right corner that it have not created the account.
4. Confirm this bugreport with "same net neutrality or tor-blocking here".
Please fix this. Such blocking of anonymous people on a anonymous-supporting project is just crazy.https://code.briarproject.org/briar/briar/-/issues/1920Change Password 'Done' IME action button doesn't complete flow2021-02-03T14:09:31ZIvanaChange Password 'Done' IME action button doesn't complete flowThis is a very small issue in that when that user types up a new password, and taps Done on the keyboard, the keybaoard itself is dismissed, the the page remains disaplayed, as thought eh workflow is not complete. Only when the user tap...This is a very small issue in that when that user types up a new password, and taps Done on the keyboard, the keybaoard itself is dismissed, the the page remains disaplayed, as thought eh workflow is not complete. Only when the user taps on Change password button the screen is dismissed and the next one shows.
This is really only a very small annoyance to the user - so ... ti fix or not to fix will be a decision based on project priorities.![device-2021-02-03-142650](/uploads/ea69b203021c4b46419e86db1e156b78/device-2021-02-03-142650.mp4)https://code.briarproject.org/briar/briar/-/issues/1918Onion address collision when adding contact2021-02-03T12:37:49ZakwizgranOnion address collision when adding contact* Android version: 10
* Phone model: Samsung SM-A107F (a10sxx)
* Briar version: 1.2.13 (5fdc7e7)
* User feedback: "Unfortunately, I could not connect to my friend. It didn't work. I could not understand the problem."
Log snippet:
```
02...* Android version: 10
* Phone model: Samsung SM-A107F (a10sxx)
* Briar version: 1.2.13 (5fdc7e7)
* User feedback: "Unfortunately, I could not connect to my friend. It didn't work. I could not understand the problem."
Log snippet:
```
02-03 11:37:17.631 I/PluginManagerImpl: org.briarproject.bramble.tor changed from state ENABLING to ACTIVE
02-03 11:37:17.631 I/TorPlugin: First circuit built
02-03 11:37:17.631 I/PluginViewModel: TransportStateEvent: org.briarproject.bramble.tor is ACTIVE
02-03 11:37:17.640 I/AndroidTaskScheduler: Running 1 due tasks
02-03 11:37:17.640 I/AndroidTaskScheduler: Task is 0 ms overdue
02-03 11:37:17.642 I/PollerImpl: Polling plugin org.briarproject.bramble.tor
02-03 11:37:17.643 I/ConnectionRegistryImpl: 0 contacts connected or better: org.briarproject.bramble.tor
02-03 11:37:17.688 I/TorPlugin: WARN tor_bug_occurred_(): Bug: src/feature/hs/hs_service.c:3603: hs_servic
e_add_ephemeral: Non-fatal assertion !(register_service(hs_service_map, service) < 0) failed. (on Tor 0.3.5.12 a0b827eb5b50aa81)
02-03 11:37:17.689 I/TorPlugin: WARN Bug: Tor 0.3.5.12 (git-a0b827eb5b50aa81): Non-fatal assertion !(register_service(hs_service_map, service) < 0) failed in hs_service_add_ephemeral at src/feature/hs/hs_service.c:3603. (Stack trace not available) (on Tor 0.3.5.12 a0b827eb5b50aa81)
02-03 11:37:17.689 I/TorPlugin: WARN Onion Service private key collides with an existing v3 service.
02-03 11:37:17.689 W/TorPlugin: net.freehaven.tor.control.TorControlError: Error reply: Onion address collision
net.freehaven.tor.control.TorControlError: Error reply: Onion address collision
at net.freehaven.tor.control.TorControlConnection.sendAndWaitForResponse(TorControlConnection.java:204)
at net.freehaven.tor.control.TorControlConnection.addOnion(TorControlConnection.java:837)
at net.freehaven.tor.control.TorControlConnection.addOnion(TorControlConnection.java:786)
at org.briarproject.bramble.plugin.tor.TorPlugin.createRendezvousEndpoint(TorPlugin.java:751)
at org.briarproject.bramble.rendezvous.RendezvousPollerImpl.createEndpoint(RendezvousPollerImpl.java:213)
at org.briarproject.bramble.rendezvous.RendezvousPollerImpl.addTransport(RendezvousPollerImpl.java:350)
at org.briarproject.bramble.rendezvous.RendezvousPollerImpl.lambda$addTransportAsync$5(RendezvousPollerImpl.java:339)
at org.briarproject.bramble.rendezvous.RendezvousPollerImpl.lambda$addTransportAsync$5$RendezvousPollerImpl(Unknown Source:0)
at org.briarproject.bramble.rendezvous.-$$Lambda$RendezvousPollerImpl$h19OH8Qm1qYh76tkmxUCO9U4dzc.run(Unknown Source:4)
at org.briarproject.bramble.PoliteExecutor.lambda$execute$0(PoliteExecutor.java:57)
at org.briarproject.bramble.PoliteExecutor.lambda$execute$0$PoliteExecutor(Unknown Source:0)
at org.briarproject.bramble.-$$Lambda$PoliteExecutor$wSvuPL6t_HUoaaqCVexrhJX_RSg.run(Unknown Source:6)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:919)
```https://code.briarproject.org/briar/briar/-/issues/63Prevent tag length from being used for active probing2021-01-25T17:55:11ZakwizgranPrevent tag length from being used for active probingOn some transports it may be possible to use the fixed tag length to probe a transport endpoint to determine whether it's likely to be accepting BTP traffic: the endpoint will always accept (tag length - 1) random bytes but close the tra...On some transports it may be possible to use the fixed tag length to probe a transport endpoint to determine whether it's likely to be accepting BTP traffic: the endpoint will always accept (tag length - 1) random bytes but close the transport connection after (tag length) bytes.
It may be possible to address this by picking a random number for each incoming transport connection and reading that many bytes before deciding whether to accept the connection. The number could be anywhere between (tag length) and (tag length + stream header length). The number could be drawn from a distribution supplied by the TAP profile, allowing the distribution to be tailored to the transport.https://code.briarproject.org/briar/briar/-/issues/1259User testing for headless desktop/server app2021-01-21T13:24:56ZakwizgranUser testing for headless desktop/server appSubtask of #1254.Subtask of #1254.Headless MVPhttps://code.briarproject.org/briar/briar/-/issues/753Listener interfaces have mixed responsibilities2021-01-20T12:34:20ZakwizgranListener interfaces have mixed responsibilitiesThe UI makes heavy use of listener interfaces that inherit from either DestroyableContext or BaseFragmentListener. These are used for various purposes:
* Callbacks from a controller to the UI (e.g. `TransportStateListener#stateUpdate()`...The UI makes heavy use of listener interfaces that inherit from either DestroyableContext or BaseFragmentListener. These are used for various purposes:
* Callbacks from a controller to the UI (e.g. `TransportStateListener#stateUpdate()`)
* Injecting dependencies into fragments (`BaseFragmentListener#getActivityComponent()`)
* Manipulating other parts of the UI (e.g. `CreateGroupListener#showSoftKeyboard()`)
* Running tasks (`DestroyableContext#runOnUiThreadUnlessDestroyed()`, `BaseFragmentListener#runOnDbThread()` (deprecated))
These different purposes would ideally be separated into different interfaces. Maybe it would clarify things if communication from controllers back to the UI used the "listener" name and communication between fragments and their activities used some other name.
Listeners are usually provided by casting an Activity or Context (passed to `ActivityLifecycleController#onActivityCreate()` or `Fragment#onAttach()`) to an arbitrary listener interface. This is a bit of a hack - it would be nice if we could provide listeners in a type-safe way, for example by injection.
Related to #752.https://code.briarproject.org/briar/briar/-/issues/1907Identical messages are treated as duplicates2021-01-19T12:38:48ZakwizgranIdentical messages are treated as duplicatesUnder unlikely circumstances, different devices may create identical messages. If a device receives a message that's identical to one it created, it will treat it as a redundant copy of its own message.
We could prevent this by includin...Under unlikely circumstances, different devices may create identical messages. If a device receives a message that's identical to one it created, it will treat it as a redundant copy of its own message.
We could prevent this by including salt in each message at the client layer or the sync layer.https://code.briarproject.org/briar/briar/-/issues/1906Make app less visible.2021-01-18T22:50:15ZVladislavMake app less visible.If it is possible to have an option, or another version of briar, that would be less visible in androd launcher.
So, in case, someone get acces to your phone, he will not find there secured messenger app, and will not insult you to logi...If it is possible to have an option, or another version of briar, that would be less visible in androd launcher.
So, in case, someone get acces to your phone, he will not find there secured messenger app, and will not insult you to login.
For example: Traccar android client app '''
In addition to standard version available on the Google Play, Traccar Client for Android comes in a special hidden version. It includes modifications to make the app less visible to the phone's owner. Name is changed from "Traccar Client" to "Device Settings". Default Android settings icon is used as an app icon. After first start, the app removes itself from the launcher on older versions of Android. To open it again dial 8722227 (TRACCAR).'''https://code.briarproject.org/briar/briar/-/issues/983Explain why the app asks for certain permissions or privileges2021-01-15T14:18:37ZSok PuppetteExplain why the app asks for certain permissions or privilegesI just installed this from Google Play and was presented with an intimidating list of privileges.
I don't *want* the app to know about my WiFi environment (or even to know whether I'm on WiFi or not; turning off Tor on WiFi is at best a...I just installed this from Google Play and was presented with an intimidating list of privileges.
I don't *want* the app to know about my WiFi environment (or even to know whether I'm on WiFi or not; turning off Tor on WiFi is at best a misfeature anyway). I have no intention of *ever* using Bluetooth for anything chat related, including contact exchange, and I don't want any unnecessary programs to have access to it. I'm unlikely to ever send a picture with it, and would prefer that it have no ability to capture any images or audio from the environment. I have no idea what the "app history" permission or whatever it is is for, but other than OrBot I don't see why your app should have any knowledge of anything that's going on.
All of those privileges just add attack surface. The Android platform is already scary enough without giving away extra information to a program whose whole purpose is to communicate with potentially hostile remote entities.
I understand that you may have features that rely on those privileges, and that some/many/most users may want those features... but as I understand it the new "right" way to do that on Android is to ask for the privilege when the user actually tries to use the feature. Given that you're a privacy app, I'd also suggest that you clearly explain the risks and justifications when you ask.
Thanks for the hard work on the app, by the way.CleopatraCleopatrahttps://code.briarproject.org/briar/briar/-/issues/1466Add screenshots of Briar interface to f-droid page2021-01-14T19:46:07Zduyeyix@ethersportz.infoAdd screenshots of Briar interface to f-droid pageF-droid allows to have a gallery with screenshots from the app, it is a good way to show the user what the app looks like. I think Briar should have screenshots as well, log-in menu,man page,chat menu and so on. If you search "dandelior*...F-droid allows to have a gallery with screenshots from the app, it is a good way to show the user what the app looks like. I think Briar should have screenshots as well, log-in menu,man page,chat menu and so on. If you search "dandelior*" a disapora* client, you see they have a nice gallery.CleopatraCleopatrahttps://code.briarproject.org/briar/briar/-/issues/315"About privacy" section2021-01-13T14:54:43ZMegalox"About privacy" sectionadd an "about privacy" view where we explain the advantages and limitations of serverless messaging.
Explain the perils of "reveal relationship" for private groups; connect this paragraph to the "more info" button in the "options" dialog...add an "about privacy" view where we explain the advantages and limitations of serverless messaging.
Explain the perils of "reveal relationship" for private groups; connect this paragraph to the "more info" button in the "options" dialog for join messages.