List of questions:
- Will there be an iOS version of Briar?
- When do posts in forums/groups/blogs get shared with others?
- Can I have multiple identities/profiles/accounts?
- How do I backup my account?
- Is it safe to publish my briar:// link publicly?
Will there be an iOS version of Briar?
Short answer: Probably not.
Long answer: We're looking into whether an iOS version is feasible. Briar needs to run in the background to receive messages from contacts, and iOS has much tighter restrictions on background apps than Android (though Android's getting stricter).
A typical iOS messaging app would use a push notification to wake the app when a message is received, but this exposes metadata to Apple's push notification service and the app developer's push gateway.
To reduce the metadata leakage, the sender of the message could connect to the push gateway via Tor - but the push gateway and APNS would still know who was receiving the notification. In a publish-subscribe network like Briar, if a bunch of people always receive notifications whenever the Revolutionary Planning Council updates its blog, then even if we don't know who sent the notifications, we've learned something sensitive about the recipients.
If we don't use push notifications then the best Apple allows us to do is wake up every 15 minutes and check for messages. But maybe the sender won't be online when we check (their 15 minute intervals might not be aligned with ours - clocks aren't perfect). So we need somewhere for the sender to store the message until our next check.
We're working on a piece of software called a mailbox that will receive encrypted messages over Tor and store them until the owner collects them. It's designed to run on a spare Android device, laptop, or Raspberry Pi that's plugged into power and internet. Once that's ready it will make an iOS app more feasible. But we are not sure if the 15 minute delay will be a deal-breaker.
When do posts in forums/groups/blogs get shared with others?
A post will be shared with someone if all of these conditions are fullfilled:
- they're your contact, and
- both of you subscribe to the forum/group/blog where the message was posted, and
- both of you have chosen to let the other one know that you subscribe (by inviting the other one to join the forum/group/blog, or accepting an invitation from the other one).
When the other person receives the post, they apply the same rules to share it with their own contacts, and so on across the social graph.
In more technical terms, each forum/group/blog has a distribution graph where the nodes are subscribers and the edges are a subset of contact relationships (specifically, the subset that have chosen to reveal the subscription to each other).
Can I have multiple identities/profiles/accounts?
Short Answer: No. That is not supported by Briar.
Long Answer: In a p2p network it's hard to prevent identities from being linked to each other if they live on the same device.
Consider the scenario where you have two identities,
B. A contact of
A and a contact of
B get together and try to find out whether
B are the same person. What information could they use?
- First, the times when
Bare online. In a p2p network we can't hide this from our contacts
- Second, the network addresses that they use to communicate with
B. If we use Tor then we can have a separate hidden service address for each identity, so that's fine. But with WiFi and Bluetooth, the contacts can compare the addresses we gave them and see that it's the same device.
- Third, they could look for information leaks at the application layer. For example they could try to introduce
B, and see if the protocol behaves differently than it would if
Bwere on different devices. If we supported multiple identities, we'd have to be very careful to avoid any leaks like this in our application-layer code.
How do I backup my account?
Short Answer: This is not possible at the moment, but planned.
Long answer: Storing any key material in the backup would defeat forward secrecy. The problem is that if the backup falls into the wrong hands at some point in the future, it can be used to decrypt all your traffic since the time when the backup was made (assuming the adversary recorded the encrypted traffic at the time). This violates forward secrecy, which is one of our security goals. So we need to modify the protocols to provide forward secrecy in this scenario before implementing a backup feature. The progress is tracked in ticket #110.
Is it safe to publish my
briar:// link publicly?
Your Briar link contains a public key and it is safe to publish in the same way as a PGP public key. If you want to contact someone via Briar, both of you need to add each other's links.