List of questions:
- Will there be an iOS version of Briar?
- What's the difference between a private group, a forum and a blog?
- When do posts in forums/groups/blogs get shared with others?
- Can I have multiple identities/profiles/accounts?
- Can I use the same account with several devices?
- How do I backup my account?
- Is it safe to publish my briar:// link publicly?
- Can people track my online status if I publish my briar:// link?
- Does Briar provide anonymity?
- Has Briar been independently audited?
- Does Briar include malware, spyware, trackers or backdoors?
- My firewall shows that Briar is connecting to a lot of different IP addresses - should I be concerned?
- What permissions does Briar request on Android, and why?
Will there be an iOS version of Briar?
Short answer: Probably not.
Long answer: We're looking into whether an iOS version is feasible. Briar needs to run in the background to receive messages from contacts, and iOS has much tighter restrictions on background apps than Android (though Android's getting stricter).
A typical iOS messaging app would use a push notification to wake the app when a message is received, but this exposes metadata to Apple's push notification service and the app developer's push gateway.
To reduce the metadata leakage, the sender of the message could connect to the push gateway via Tor - but the push gateway and APNS would still know who was receiving the notification. In a publish-subscribe network like Briar, if a bunch of people always receive notifications whenever the Revolutionary Planning Council updates its blog, then even if we don't know who sent the notifications, we've learned something sensitive about the recipients.
If we don't use push notifications then the best Apple allows us to do is wake up every 15 minutes and check for messages. But maybe the sender won't be online when we check (their 15 minute intervals might not be aligned with ours - clocks aren't perfect). So we need somewhere for the sender to store the message until our next check.
We're working on a piece of software called a mailbox that will receive encrypted messages over Tor and store them until the owner collects them. It's designed to run on a spare Android device, laptop, or Raspberry Pi that's plugged into power and internet. Once that's ready it will make an iOS app more feasible. But we are not sure if the 15 minute delay will be a deal-breaker.
What's the difference between a private group, a forum and a blog?
A private group is a group chat where the admin decides who to invite. A forum is similar, but anyone can invite new members.
A blog is a bit like a Telegram channel: you can write posts that all your contacts can see, and they can reshare individual posts or invite their contacts to subscribe to your feed.
If you import an RSS feed it's converted into a Briar blog, so you can share individual posts or invite your contacts to subscribe to the feed.
When do posts in forums/groups/blogs get shared with others?
A post will be shared with someone if all of these conditions are fullfilled:
- they're your contact, and
- both of you subscribe to the forum/group/blog where the message was posted, and
- both of you have chosen to let the other one know that you subscribe (by inviting the other one to join the forum/group/blog, or accepting an invitation from the other one).
When the other person receives the post, they apply the same rules to share it with their own contacts, and so on across the social graph.
In more technical terms, each forum/group/blog has a distribution graph where the nodes are subscribers and the edges are a subset of contact relationships (specifically, the subset that have chosen to reveal the subscription to each other).
Can I have multiple identities/profiles/accounts?
Short Answer: No. That is not supported by Briar.
Long Answer: In a p2p network it's hard to prevent identities from being linked to each other if they live on the same device.
Consider the scenario where you have two identities,
B. A contact of
A and a contact of
B get together and try to find out whether
B are the same person. What information could they use?
- First, the times when
Bare online. In a p2p network we can't hide this from our contacts
- Second, the network addresses that they use to communicate with
B. If we use Tor then we can have a separate hidden service address for each identity, so that's fine. But with WiFi and Bluetooth, the contacts can compare the addresses we gave them and see that it's the same device.
- Third, they could look for information leaks at the application layer. For example they could try to introduce
B, and see if the protocol behaves differently than it would if
Bwere on different devices. If we supported multiple identities, we'd have to be very careful to avoid any leaks like this in our application-layer code.
Can I use the same account with several devices?
Short answer: No that's not possible.
Long answer: Allowing the same account to be used on more than one device is a hard problem to solve in delay tolerant p2p networks. The difficult part is how to reconcile conflicting actions performed on different devices such as accepting an invitation on one device and declining it on another. Our best idea to address this is to have a single authoritive main device that your other devices connect to in order to control your account.
How do I backup my account?
Short Answer: This is not possible at the moment, but planned.
Long answer: Storing any key material in the backup would defeat forward secrecy. The problem is that if the backup falls into the wrong hands at some point in the future, it can be used to decrypt all your traffic since the time when the backup was made (assuming the adversary recorded the encrypted traffic at the time). This violates forward secrecy, which is one of our security goals. So we need to modify the protocols to provide forward secrecy in this scenario before implementing a backup feature. The progress is tracked in ticket #110.
Is it safe to publish my
briar:// link publicly?
Your Briar link contains a public key and it is safe to publish in the same way as a PGP public key. If you want to contact someone via Briar, both of you need to add each other's links.
Can people track my online status if I publish my
No, your online status isn't exposed by publishing your
briar:// link. For strangers to be able to connect to you, you must first add them as a contact, otherwise they won't know where to find you in the Tor network.
For a more technical explanation, for adding each new contact a separate Tor hidden service gets created whose address depends on both your own and your contact's public key. See the Bramble Rendezvous Protocol for more information.
Does Briar provide anonymity?
No. Briar does not conceal your identity from your contacts. It provides unlinkability but not anonymity. This means nobody else can discover who your contacts are, but your contacts may be able to discover who you are.
For example, Briar shares your Bluetooth address with your contacts so they can connect to you via Bluetooth when they're nearby. Your contacts could use this information to confirm a guess about your identity. Your Bluetooth address is shared even if you add a contact remotely by exchanging
Other device information shared with contacts in order to connect with them:
- the five most recent IPv4 LAN addresses and ports
- the most recent IPv6 link-local address for the Wi-Fi interface (on some android devices the ipv6 link-local address is based on the hardware MAC, so it has similar privacy issues to the Bluetooth address)
- the address of Briar's Tor onion service
None of this should reveal anything about your location or identity on its own, but it could be used to confirm a guess about your identity (e.g. "network logs showed that the suspect's laptop received address
192.168.0.222 from the router in the cafe, which is consistent with the LAN IP address we received from the anonymous whistleblower".
Has Briar been independently audited?
Yes, Briar was audited by Cure53 in 2017. You can read the audit report here:
All the issues identified by the audit were fixed before the first public release of the app.
Security audits are expensive so we can't commission an audit for every release, but our current grant includes funding for another audit in 2023.
Does Briar include malware, spyware, trackers or backdoors?
No. Briar doesn't include malware, spyware, trackers or backdoors - and we can prove it!
We have a reproducible build process that can prove that the application published on our website (and in Google Play and F-Droid) corresponds exactly to the published source code. You can read more about reproducible builds here:
We encourage anyone who's interested in this issue to reproduce the Briar application from source for themselves. If you'd like to do that, here are the instructions:
My firewall shows that Briar is connecting to a lot of different IP addresses - should I be concerned?
Don't be concerned. Briar uses the Tor network to connect to your contacts privately and securely. All of the IP addresses that Briar connects to are Tor relays. You can look up information about each IP address on the Tor project's website:
What permissions does Briar request on Android, and why?
Briar asks for the following permissions:
- "Let app always run in background" (on some phones this is called "Ignore battery optimizations"). Briar needs this permission so it can receive messages while the app is in the background.
- Permission to access the camera. Briar asks for this permission when adding a contact who's nearby so that Briar can scan a QR code. Briar doesn't use the camera at any other time.
- Permission to access your location. Briar asks for this permission when adding a contact who's nearby so that Briar can discover nearby Bluetooth devices. This is required by Android because in certain cases, knowing that a certain Bluetooth device is nearby might reveal your location. Briar doesn't store, track or share your location in any way other than discovering Bluetooth devices.