Darknet Messenger Releases Beta, Passes Security Audit
July 21 2017
After extensive private beta tests, the first public beta of Briar was released today. Briar is a secure messaging app for Android.
Unlike other popular apps, Briar does not require servers to work. It connects users directly using a peer-to-peer network. This makes it resistant to censorship and allows it to work even without internet access.
The app encrypts all data end-to-end and also hides metadata about who is communicating. This is the next step in the evolution of secure messaging. No communication ever enters the public internet. Everything is sent via the Tor anonymity network or local networks.
With today's beta release, the Briar team also publishes the results of an independent security audit (PDF). It was performed by Cure53 who are known for their audits of SecureDrop, Cryptocat and Dovecot. Six testers took a total of thirteen days to look for flaws in Briar's cryptographic protocols and code. In their report, they state "the quality and readability of the app’s source code was rather exceptional" and highlight "a good understanding of vulnerability patterns and threats". All the issues found by the audit have been addressed in this beta release. The report concludes that Briar "is able to offer a good level of privacy and security. In other words, the Briar secure messenger can be recommended for use."
Briar's development team is looking for feedback on today's beta release. You can submit your feedback anonymously through the app or publicly in the project's issue tracker. Before the final release, changes to the peer-to-peer protocol are expected, so users will not be able to migrate their accounts to the final version. For security reasons, their accounts and data will expire with the beta.
Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices. If the internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.