Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
W
website
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
briar
website
Merge requests
!30
Briar 1.2 release announcement
Code
Review changes
Check out branch
Download
Patches
Plain diff
Merged
Briar 1.2 release announcement
grote/website:release-1.2
into
master
Overview
18
Commits
5
Pipelines
0
Changes
1
Merged
Torsten Grote
requested to merge
grote/website:release-1.2
into
master
5 years ago
Overview
18
Commits
5
Pipelines
0
Changes
1
Expand
1
0
Merge request reports
Viewing commit
65f3c7db
Prev
Next
Show latest version
1 file
+
18
−
23
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
Verified
65f3c7db
Incorporate feedback for 1.2 press release
· 65f3c7db
Torsten Grote
authored
5 years ago
content/news/2019-briar-1.2-released-remote-contacts.md
+
18
−
23
Options
@@ -2,7 +2,7 @@
aliases
:
-
/news/2019-briar-1.2-released-remote-contacts.html
date
:
2019-10-01T00:00:00+02:00
title
:
'
Briar
1.2
released,
allowing
you
to
add
people
without
meeting
them
'
title
:
'
Briar
1.2
released,
contacts
can
now
be
added
by
exchanging
links
'
---
### Press Release
@@ -10,34 +10,29 @@ title: 'Briar 1.2 released, allowing you to add people without meeting them'
##### October 1 2019
The Briar Project released version 1.2 of its Android app today.
This release allows users to add each other securely without needing to meet in person.
With earlier versions of the app,
people could already add someone remotely by getting an introduction from a mutual trusted contact.
However, most people found this inconvenient
and requested an easier and more direct way of adding contacts.
The developers hope that Briar will be useful for an even larger set of users now.
The new version provides a special link for each user
that two users need to exchange (over other channels) in order to add each other.
This release allows users to add each other securely by exchanging links.
Previously users needed to meet in person or ask a mutual contact to introduce them.
Most messenger apps find your contacts by uploading your phone's contact list to a server.
Since Briar is protecting metadata and contact relationships,
it does not use the phone's address book to harvest contacts.
To allow people to add contacts without leaking metadata,
behind the scenes - the app opens
a dedicated
[
Tor Onion Service
](
https://2019.www.torproject.org/docs/onion-services.html.en
)
.
The onion service is only used to add this one single contact
by exchanging cryptographic keys and other information.
It will be discarded once the contact was added.
it instead uses the Tor network
to
[
connect directly
](
https://2019.www.torproject.org/docs/onion-services.html.en
)
to the person you're adding,
without revealing your contact list to anyone.
Technical details can be found in the documentation of the
[
Bramble Rendezvous Protocol
](
https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BRP.md
)
.
As with all other apps, when adding contacts remotely, there is the possibility
that a
[
man-in-the-middle attack
](
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
)
compromises the contact relationship.
Instead of adding the correct contact, the attacker is added thus defeating end-to-end encryption.
Users at risk of such attacks are advised to continue adding each other in person.
As with any other app,
users must still be careful to ensure that contact requests really come from the person
they appear to come from.
If two users are tricked into exchanging links with an attacker
when they think they're exchanging links with each other,
the attacker can
[
sit in the middle
](
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
)
of their conversation,
silently reading or altering messages.
Users who are concerned about such attacks
should continue to use the old method of adding contacts in person for maximum assurance.
The design and and user testing of this new feature
was carried out by
[
Ura
](
https://www.ura.design
)
.
Loading
Torsten Grote authored