Incorporate feedback for 1.2 press release

65f3c7db · Torsten Grote · 328291fa · 65f3c7db
Verified Commit 65f3c7db authored 5 years ago by Torsten Grote
--- a/content/news/2019-briar-1.2-released-remote-contacts.md
+++ b/content/news/2019-briar-1.2-released-remote-contacts.md
@@ -2,7 +2,7 @@
 aliases:
 - /news/2019-briar-1.2-released-remote-contacts.html
 date: 2019-10-01T00:00:00+02:00
-title: 'Briar 1.2 released, allowing you to add people without meeting them'
+title: 'Briar 1.2 released, contacts can now be added by exchanging links'
 ---

 ### Press Release
@@ -10,34 +10,29 @@ title: 'Briar 1.2 released, allowing you to add people without meeting them'
 ##### October 1 2019

 The Briar Project released version 1.2 of its Android app today.
-This release allows users to add each other securely without needing to meet in person.
-
-With earlier versions of the app,
-people could already add someone remotely by getting an introduction from a mutual trusted contact.
-However, most people found this inconvenient
-and requested an easier and more direct way of adding contacts.
-The developers hope that Briar will be useful for an even larger set of users now.
-
-The new version provides a special link for each user
-that two users need to exchange (over other channels) in order to add each other.
+This release allows users to add each other securely by exchanging links.
+Previously users needed to meet in person or ask a mutual contact to introduce them.

+Most messenger apps find your contacts by uploading your phone's contact list to a server.
 Since Briar is protecting metadata and contact relationships,
-it does not use the phone's address book to harvest contacts.
-To allow people to add contacts without leaking metadata,
-behind the scenes - the app opens
-a dedicated [Tor Onion Service](https://2019.www.torproject.org/docs/onion-services.html.en).
-The onion service is only used to add this one single contact
-by exchanging cryptographic keys and other information.
-It will be discarded once the contact was added.
+it instead uses the Tor network
+to [connect directly](https://2019.www.torproject.org/docs/onion-services.html.en)
+to the person you're adding,
+without revealing your contact list to anyone.

 Technical details can be found in the documentation of the
 [Bramble Rendezvous Protocol](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BRP.md).

-As with all other apps, when adding contacts remotely, there is the possibility
-that a [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
-compromises the contact relationship.
-Instead of adding the correct contact, the attacker is added thus defeating end-to-end encryption.
-Users at risk of such attacks are advised to continue adding each other in person.
+As with any other app,
+users must still be careful to ensure that contact requests really come from the person
+they appear to come from.
+If two users are tricked into exchanging links with an attacker
+when they think they're exchanging links with each other,
+the attacker can [sit in the middle](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
+of their conversation,
+silently reading or altering messages.
+Users who are concerned about such attacks
+should continue to use the old method of adding contacts in person for maximum assurance.

 The design and and user testing of this new feature
 was carried out by [Ura](https://www.ura.design).