A typical iOS messaging app would use a push notification to wake the
app when a message is received, but this exposes metadata to Apple's
push notification service and the app developer's push gateway.
To reduce the metadata leakage, the sender of the message could connect
to the push gateway via Tor - but the push gateway and APNS would still
know who was receiving the notification. In a publish-subscribe network
like Briar, if a bunch of people always receive notifications whenever
the Revolutionary Planning Council updates its blog, then even if we
don't know who sent the notifications, we've learned something sensitive
about the recipients.
If we don't use push notifications then the best Apple allows us to do
is wake up every 15 minutes and check for messages. But maybe the sender
won't be online when we check (their 15 minute intervals might not be
aligned with ours - clocks aren't perfect). So we need somewhere for the
sender to store the message until our next check.
We're working on a piece of software called a mailbox that will receive
encrypted messages over Tor and store them until the owner collects
them. It's designed to run on a spare Android device, laptop, or
Raspberry Pi that's plugged into power and internet. Once that's ready
it will make an iOS app more feasible. But we are not sure if the 15 minute
delay will be a deal-breaker.
When do posts in forums/groups/blogs get shared with others?
A post will be shared with someone if all of these conditions are fullfilled:
they're your contact, and
both of you subscribe to the forum/group/blog where the message was posted, and
both of you have chosen to let the other one know that you subscribe (by inviting the other one to join the forum/group/blog, or accepting an invitation from the other one).
When the other person receives the post, they apply the same rules to share it with their own contacts, and so on across the social graph.
In more technical terms, each forum/group/blog has a distribution graph where the nodes are subscribers and the edges are a subset of contact relationships (specifically, the subset that have chosen to reveal the subscription to each other).
Can I have multiple identities/profiles/accounts?
Short Answer: No. That is not supported by Briar.
Long Answer: In a p2p network it's hard to prevent identities from being linked to each other if they live on the same device.
Consider the scenario where you have two identities, A and B. A contact of A and a contact of B get together and try to find out whether A and B are the same person. What information could they use?
First, the times when A and B are online. In a p2p network we can't hide this from our contacts
Second, the network addresses that they use to communicate with A and B. If we use Tor then we can have a separate hidden service address for each identity, so that's fine. But with WiFi and Bluetooth, the contacts can compare the addresses we gave them and see that it's the same device.
Third, they could look for information leaks at the application layer. For example they could try to introduce A to B, and see if the protocol behaves differently than it would if A and B were on different devices. If we supported multiple identities, we'd have to be very careful to avoid any leaks like this in our application-layer code.
How do I backup my account?
Short Answer: This is not possible at the moment, but planned.
Long answer: Storing any key material in the backup would defeat forward secrecy. The problem is that if the backup falls into the wrong hands at some point in the future, it can be used to decrypt all your traffic since the time when the backup was made (assuming the adversary recorded the encrypted traffic at the time). This violates forward secrecy, which is one of our security goals. So we need to modify the protocols to provide forward secrecy in this scenario before implementing a backup feature. The progress is tracked in ticket #110.
Is it safe to publish my briar:// link publicly?
Your Briar link contains a public key and it is safe to publish in the same way as a PGP public key. If you want to contact someone via Briar, both of you need to add each other's links.