2017-beta-released-security-audit.html 6.11 KB
Newer Older
Torsten Grote's avatar
Torsten Grote committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
<!DOCTYPE html>
	<title>Briar - Darknet Messenger Releases Beta, Passes Security Audit</title>
	<meta charset="utf-8" />
	<meta name="description" content="Secure messaging, anywhere"/>
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<link rel="stylesheet" type="text/css" href="../css/styles.css" />
<body id="2017-beta">

<div id="wrapper">
	<div id="header_container">
		<div id="header">
			<a href="index.html"><div id="logo"><img src="../img/briar_logo_large.png" alt="Briar" class="logo"/></div></a>
			<div id="nav">
				<div id="signupform"></div>
				<label for="menu-toggle"><img src="../img/menu.png"></label>
				<input type="checkbox" id="menu-toggle"/>
				<ul id="menu">
					<li><a href="../index.html" id="indexnav">Home</a></li>
					<li><a href="../download.html" id="downloadnav">Download</a></li>
					<li><a href="../how-it-works.html" id="hownav">How&nbsp;it&nbsp;Works</a></li>
					<li><a href="../about.html" id="aboutnav">About&nbsp;Us</a></li>
					<li><a href="../get-involved.html" id="involvednav">Get&nbsp;Involved</a></li>
			</div> <!-- nav -->
		</div> <!-- header -->
	</div> <!-- header_container -->

	<div id="container">
		<div id="content" class="news">
			<h2>Press Release</h2>
Torsten Grote's avatar
Torsten Grote committed
			<h2>Darknet Messenger Releases Beta, Passes Security Audit</h2>
			<h5>July 21 2017</h5>
Torsten Grote's avatar
Torsten Grote committed
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122

				After extensive private beta tests, the first public beta of Briar was <a href="https://play.google.com/store/apps/details?id=org.briarproject.briar.beta">released today</a>.
				Briar is a secure messaging app for Android.
				Unlike other popular apps, Briar does not require servers to work.
				It connects users directly using a <strong>peer-to-peer network</strong>.
				This makes it resistant to censorship and allows it to work even without internet access.
				The app encrypts all data end-to-end and also <strong>hides metadata</strong> about who is communicating.
				This is the <a href="https://blog.grobox.de/2016/briar-next-step-of-the-crypto-messenger-evolution/">next step in the evolution of secure messaging</a>.
				No communication ever enters the public internet.
				Everything is sent via the <a href="https://www.torproject.org">Tor anonymity network</a> or local networks.
				With today's beta release, the Briar team also publishes the results of an <strong>independent security audit</strong>
				(<a href="../raw/BRP-01-report.pdf">PDF</a>).
				It was performed by <a href="https://cure53.de">Cure53</a> who are known for their audits of SecureDrop, Cryptocat and Dovecot.
				Six testers took a total of thirteen days to look for flaws in Briar's cryptographic protocols and code.
				In their report, they state "<i>the quality and readability of the app’s source code was rather exceptional</i>"
				and highlight "<i>a good understanding of vulnerability patterns and threats</i>".
				All the issues found by the audit have been addressed in this beta release.
				The report concludes that Briar "<i>is able to offer a <strong>good level of privacy and security</strong>.
				In other words, the Briar secure messenger can be recommended for use.</i>"
				Briar's development team is looking for feedback on today's beta release.
				You can submit your feedback anonymously through the app
				or publicly in the project's <a href="https://code.briarproject.org/akwizgran/briar/issues">issue tracker</a>.
				Before the final release, changes to the peer-to-peer protocol are expected,
				so users will not be able to migrate their accounts to the final version.
				For security reasons, their <strong>accounts and data will expire</strong> with the beta.


			<div id="screenshots">
				<a href="../raw/screenshots/00_password.png"><img src="../raw/screenshots/00_password.png"/></a>
				<a href="../raw/screenshots/01_nav_drawer.png"><img src="../raw/screenshots/01_nav_drawer.png"/></a>
				<a href="../raw/screenshots/02_contact_list.png"><img src="../raw/screenshots/02_contact_list.png"/></a>
				<a href="../raw/screenshots/03_private_messages.png"><img src="../raw/screenshots/03_private_messages.png"/></a>
				<a href="../raw/screenshots/04_private_group.png"><img src="../raw/screenshots/04_private_group.png"/></a>
				<a href="../raw/screenshots/05_blog.png"><img src="../raw/screenshots/05_blog.png"/></a>
				<a href="../raw/screenshots/06_forum.png"><img src="../raw/screenshots/06_forum.png"/></a>

			<img src="../img/architecture-simple.png" style="width:100%;"/>

			<h3>About Briar</h3>
				Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate.
				Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices.
				If the internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis.
				If the internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.
				Briar has received funding from <a href="https://smallmedia.org.uk">Small Media</a>,
				the <a href="https://openitp.org/">Open Internet Tools Project</a>,
				<a href="https://accessnow.org/">Access</a>
				and the <a href="https://www.opentech.fund">Open Technology Fund</a>.

			<p>Torsten Grote &lt;<a href="mailto:t&#64;grobox.de">t&#64;grobox.de</a>&gt; [<a href="https://grobox.de/gpg/0x74DCA8A36C52F833.asc">PGP key</a>]</p>
			<p>Michael Rogers &lt;<a href="mailto:contact@briarproject.org">contact@briarproject.org</a>&gt; [<a href="../keys/contact.asc">PGP key</a>]</p>
			<p><a href="https://twitter.com/BriarApp">@BriarApp</a></p>
	</div> <!-- container -->

</div> <!-- wrapper -->

<div class="clearboth"></div>

<div id="footer_container">
	<div id="footer">
			<li><a href="../copyright.html">Copyright</a></li>
			<li><a href="../privacy.html">Privacy</a></li>
			<li>Site design by Reflective Spaces</li>
	</div> <!-- footer -->
</div> <!-- footer_container -->