... | @@ -75,4 +75,32 @@ Long answer: Storing any key material in the backup would defeat forward secrecy |
... | @@ -75,4 +75,32 @@ Long answer: Storing any key material in the backup would defeat forward secrecy |
|
|
|
|
|
# Is it safe to publish my `briar://` link publicly?
|
|
# Is it safe to publish my `briar://` link publicly?
|
|
|
|
|
|
Your Briar link contains a public key and it is safe to publish in the same way as a PGP public key. If you want to contact someone via Briar, both of you need to add each other's links. |
|
Your Briar link contains a public key and it is safe to publish in the same way as a PGP public key. If you want to contact someone via Briar, both of you need to add each other's links.
|
|
\ No newline at end of file |
|
|
|
|
|
# Has Briar been independently audited?
|
|
|
|
|
|
|
|
Yes, Briar was audited by Cure53 in 2017. You can read the audit report here:
|
|
|
|
|
|
|
|
https://briarproject.org/raw/BRP-01-report.pdf
|
|
|
|
|
|
|
|
All the issues identified by the audit were fixed before the first public release of the app.
|
|
|
|
|
|
|
|
Security audits are expensive so we can't commission an audit for every release, but our current grant includes funding for another audit in 2023.
|
|
|
|
|
|
|
|
# Does Briar include malware, spyware, trackers or backdoors?
|
|
|
|
|
|
|
|
No, Briar doesn't include malware, spyware, trackers or backdoors - and we can prove it!
|
|
|
|
|
|
|
|
We have a reproducible build process that can prove that the application published on our website (and in Google Play and F-Droid) corresponds exactly to the published source code. You can read more about reproducible builds here:
|
|
|
|
|
|
|
|
https://reproducible-builds.org/
|
|
|
|
|
|
|
|
We encourage anyone who's interested in this issue to reproduce the Briar application from source for themselves. If you'd like to do that, here are the instructions:
|
|
|
|
|
|
|
|
https://code.briarproject.org/briar/briar-reproducer/-/blob/master/README.md
|
|
|
|
|
|
|
|
# My firewall shows that Briar is connecting to a lot of different IP addresses - should I be concerned?
|
|
|
|
|
|
|
|
Don't be concerned. Briar uses the [Tor network](https://support.torproject.org/about/) to connect to your contacts privately and securely. All of the IP addresses that Briar connects to are Tor relays. You can look up information about each IP address on the Tor project's website:
|
|
|
|
|
|
|
|
https://metrics.torproject.org/rs.html |
|
|
|
\ No newline at end of file |