Skip to content
Snippets Groups Projects
Normal view Permalink
2017-beta-released-security-audit.md 4.1 KiB
Newer Older
micressor's avatar
Migrating .html pages into markdown pages
micressor committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 
---
date: 2017-07-21T00:00:00+01:00
title: 'Briar - Darknet Messenger Releases Beta, Passes Security Audit'
---

Press Release
-------------

Darknet Messenger Releases Beta, Passes Security Audit
------------------------------------------------------

##### July 21 2017

After extensive private beta tests, the first public beta of Briar was
[released
today](https://play.google.com/store/apps/details?id=org.briarproject.briar.beta).
Briar is a secure messaging app for Android.

Unlike other popular apps, Briar does not require servers to work. It
connects users directly using a **peer-to-peer network**. This makes it
resistant to censorship and allows it to work even without internet
access.

The app encrypts all data end-to-end and also **hides metadata** about
who is communicating. This is the [next step in the evolution of secure
messaging](https://blog.grobox.de/2016/briar-next-step-of-the-crypto-messenger-evolution/).
No communication ever enters the public internet. Everything is sent via
the [Tor anonymity network](https://www.torproject.org) or local
networks.

With today's beta release, the Briar team also publishes the results of
an **independent security audit** ([PDF](/raw/BRP-01-report.pdf)). It
was performed by [Cure53](https://cure53.de) who are known for their
audits of SecureDrop, Cryptocat and Dovecot. Six testers took a total of
thirteen days to look for flaws in Briar's cryptographic protocols and
code. In their report, they state "*the quality and readability of the
app’s source code was rather exceptional*" and highlight "*a good
understanding of vulnerability patterns and threats*". All the issues
found by the audit have been addressed in this beta release. The report
concludes that Briar "*is able to offer a **good level of privacy and
security**. In other words, the Briar secure messenger can be
recommended for use.*"

Briar's development team is looking for feedback on today's beta
release. You can submit your feedback anonymously through the app or
publicly in the project's [issue
tracker](https://code.briarproject.org/briar/briar/issues). Before the
final release, changes to the peer-to-peer protocol are expected, so
users will not be able to migrate their accounts to the final version.
For security reasons, their **accounts and data will expire** with the
beta.

### Media

<div id="screenshots">
  <a href="/raw/screenshots/00_password.png">
  <img src="/raw/screenshots/00_password.png"></a>
  <a href="/raw/screenshots/01_nav_drawer.png">
  <img src="/raw/screenshots/01_nav_drawer.png"></a>
  <a href="/raw/screenshots/02_contact_list.png">
  <img src="/raw/screenshots/02_contact_list.png"></a>
  <a href="/raw/screenshots/03_private_messages.png">
  <img src="/raw/screenshots/03_private_messages.png"></a>
  <a href="/raw/screenshots/04_private_group.png">
  <img src="/raw/screenshots/04_private_group.png"></a>
  <a href="/raw/screenshots/05_blog.png">
  <img src="/raw/screenshots/05_blog.png"></a>
  <a href="/raw/screenshots/06_forum.png">
  <img src="/raw/screenshots/06_forum.png"></a>
</div>

<img src="/img/architecture-simple.png" style="width:100%;">

### About Briar

Briar is a messaging app designed for activists, journalists, and anyone
else who needs a safe, easy and robust way to communicate. Unlike
traditional messaging tools such as email, Twitter or Telegram, Briar
doesn't rely on a central server - messages are synchronized directly
between the users' devices. If the internet's down, Briar can sync via
Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the
internet's up, Briar can sync via the Tor network, protecting users and
their relationships from surveillance.

Briar has received funding from [Small
Media](https://smallmedia.org.uk), the [Open Internet Tools
Project](https://web.archive.org/web/20160413063937/https://www.openitp.org/),
[Access](https://accessnow.org/) and the [Open Technology
Fund](https://www.opentech.fund).

### Contact

Torsten Grote &lt;<t@grobox.de>&gt; \[[PGP
key](https://grobox.de/gpg/0x74DCA8A36C52F833.asc)\]

Michael Rogers &lt;<contact@briarproject.org>&gt; \[[PGP
key](/keys/contact.asc)\]

[@BriarApp](https://twitter.com/BriarApp)