Skip to content
Snippets Groups Projects
2017-beta-released-security-audit.html 8.54 KiB
Newer Older
Torsten Grote's avatar
Torsten Grote committed
<!DOCTYPE html>
<html>
<head>
  <title>Briar - Darknet Messenger Releases Beta, Passes Security Audit</title>
  <meta charset="utf-8" />
  <meta name="description" content="Secure messaging, anywhere"/>
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <link rel="stylesheet" type="text/css" href="../css/styles.css" />
Torsten Grote's avatar
Torsten Grote committed
</head>
  
  <div id="wrapper">
    <div id="header_container">
      <div id="header">
        <a href="../index.html"><div id="logo"><img src="../img/briar_logo_large.png" alt="Briar" class="logo"/></div></a>
        <div id="nav">
          <div id="signup">
            <div id="twitter">
              <a href="https://twitter.com/BriarApp" target="_blank"><img class="twitterbutton" src="../img/twitter.png"/></a>
            </div> <!-- twitter -->
            <form id="signupform" action="https://sourceforge.net/projects/briar/lists/briar-announce" target="_blank" method="get" onSubmit="submitForm()">
              <input placeholder="Email address" type="email" name="email" tabindex="2"></input>
              <button name="submit" type="submit" id="signup-submit">Keep me updated</button>
            </form>
            <div id="signupconf">Thanks! We'll keep you updated.</div>
            <script language="JavaScript">
            <!--
                document.getElementById('signupform').style.display = 'none';
                document.getElementById('signupconf').style.display = 'block';
            }
            //-->
            </script>
          </div> <!-- signup -->
          <label for="menu-toggle"><img src="../img/menu.png"></label>
          <input type="checkbox" id="menu-toggle"/>
          <ul id="menu">
            <li><a href="../index.html" id="indexnav">Home</a></li>
            <li><a href="../download.html" id="downloadnav">Download</a></li>
            <li><a href="../how-it-works.html" id="hownav">How&nbsp;it&nbsp;Works</a></li>
            <li><a href="../about.html" id="aboutnav">About&nbsp;Us</a></li>
            <li><a href="../get-involved.html" id="involvednav">Get&nbsp;Involved</a></li>
          </ul>
        </div> <!-- nav -->
      </div> <!-- header -->
    </div> <!-- header_container -->
  
    <div id="container">
      <div id="content" class="news">
        <h2>Press Release</h2>
        <h2>Darknet Messenger Releases Beta, Passes Security Audit</h2>
        <h5>July 21 2017</h5>
  
        <p>
          After extensive private beta tests, the first public beta of Briar was <a href="https://play.google.com/store/apps/details?id=org.briarproject.briar.beta">released today</a>.
          Briar is a secure messaging app for Android.
        </p>
        <p>
          Unlike other popular apps, Briar does not require servers to work.
          It connects users directly using a <strong>peer-to-peer network</strong>.
          This makes it resistant to censorship and allows it to work even without internet access.
        </p>
        <p>
          The app encrypts all data end-to-end and also <strong>hides metadata</strong> about who is communicating.
          This is the <a href="https://blog.grobox.de/2016/briar-next-step-of-the-crypto-messenger-evolution/">next step in the evolution of secure messaging</a>.
          No communication ever enters the public internet.
          Everything is sent via the <a href="https://www.torproject.org">Tor anonymity network</a> or local networks.
        </p>
        <p>
          With today's beta release, the Briar team also publishes the results of an <strong>independent security audit</strong>
          (<a href="../raw/BRP-01-report.pdf">PDF</a>).
          It was performed by <a href="https://cure53.de">Cure53</a> who are known for their audits of SecureDrop, Cryptocat and Dovecot.
          Six testers took a total of thirteen days to look for flaws in Briar's cryptographic protocols and code.
          In their report, they state "<i>the quality and readability of the app’s source code was rather exceptional</i>"
          and highlight "<i>a good understanding of vulnerability patterns and threats</i>".
          All the issues found by the audit have been addressed in this beta release.
          The report concludes that Briar "<i>is able to offer a <strong>good level of privacy and security</strong>.
          In other words, the Briar secure messenger can be recommended for use.</i>"
        </p>
        <p>
          Briar's development team is looking for feedback on today's beta release.
          You can submit your feedback anonymously through the app
akwizgran's avatar
akwizgran committed
          or publicly in the project's <a href="https://code.briarproject.org/briar/briar/issues">issue tracker</a>.
          Before the final release, changes to the peer-to-peer protocol are expected,
          so users will not be able to migrate their accounts to the final version.
          For security reasons, their <strong>accounts and data will expire</strong> with the beta.
        </p>
  
        <h3>Media</h3>
  
        <div id="screenshots">
          <a href="../raw/screenshots/00_password.png"><img src="../raw/screenshots/00_password.png"/></a>
          <a href="../raw/screenshots/01_nav_drawer.png"><img src="../raw/screenshots/01_nav_drawer.png"/></a>
          <a href="../raw/screenshots/02_contact_list.png"><img src="../raw/screenshots/02_contact_list.png"/></a>
          <a href="../raw/screenshots/03_private_messages.png"><img src="../raw/screenshots/03_private_messages.png"/></a>
          <a href="../raw/screenshots/04_private_group.png"><img src="../raw/screenshots/04_private_group.png"/></a>
          <a href="../raw/screenshots/05_blog.png"><img src="../raw/screenshots/05_blog.png"/></a>
          <a href="../raw/screenshots/06_forum.png"><img src="../raw/screenshots/06_forum.png"/></a>
        </div>
  
        <img src="../img/architecture-simple.png" style="width:100%;"/>
  
        <h3>About Briar</h3>
        <p>
          Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate.
          Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices.
          If the internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis.
          If the internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.
        </p>
        <p>
          Briar has received funding from <a href="https://smallmedia.org.uk">Small Media</a>,
          the <a href="https://openitp.org/">Open Internet Tools Project</a>,
          <a href="https://accessnow.org/">Access</a>
          and the <a href="https://www.opentech.fund">Open Technology Fund</a>.
        </p>
  
        <h3>Contact</h3>
        <p>Torsten Grote &lt;<a href="mailto:t&#64;grobox.de">t&#64;grobox.de</a>&gt; [<a href="https://grobox.de/gpg/0x74DCA8A36C52F833.asc">PGP key</a>]</p>
        <p>Michael Rogers &lt;<a href="mailto:contact@briarproject.org">contact@briarproject.org</a>&gt; [<a href="../keys/contact.asc">PGP key</a>]</p>
        <p><a href="https://twitter.com/BriarApp">@BriarApp</a></p>
      </div>
    </div> <!-- container -->
  
  </div> <!-- wrapper -->
  
  <div class="clearboth"></div>
  
  <div id="footer_container">
    <div id="footer">
      <div id="signup2">
        <div id="twitter2">
          <a href="https://twitter.com/BriarApp" target="_blank"><img class="twitterbutton" src="../img/twitter.png"/></a>
        </div> <!-- twitter2 -->
        <form id="signupform2" action="https://sourceforge.net/projects/briar/lists/briar-announce" target="_blank" method="get" onSubmit="submitForm2()">
          <input placeholder="Email address" type="email" name="email" tabindex="2"></input>
          <button name="submit" type="submit" id="signup-submit2">Keep me updated</button>
        </form>
        <div id="signupconf2">Thanks! We'll keep you updated.</div>
        <script language="JavaScript">
        <!--
            document.getElementById('signupform2').style.display = 'none';
            document.getElementById('signupconf2').style.display = 'block';
        }
        //-->
        </script>
      </div> <!-- signup2 -->
      <ul>
        <li><a href="../copyright.html">Copyright</a></li>
        <li><a href="../privacy.html">Privacy</a></li>
        <li>Site design by Reflective Spaces</li>
      </ul>
    </div> <!-- footer -->
  </div> <!-- footer_container -->
Torsten Grote's avatar
Torsten Grote committed
</body>
</html>