briar issueshttps://code.briarproject.org/groups/briar/-/issues2020-11-21T18:47:35Zhttps://code.briarproject.org/briar/briar/-/issues/463Redesign panic button settings2020-11-21T18:47:35ZMegaloxRedesign panic button settingsThe panic button settings could look better, but this is very low priority.The panic button settings could look better, but this is very low priority.https://code.briarproject.org/briar/briar/-/issues/454Research RSS article extraction libraries2020-11-21T18:55:04ZTorsten GroteResearch RSS article extraction librariesThere are two main problems with doing a RSS Import and republishing it as a Briar Blog:
1. **The feed may not include the full article, but only a teaser**
2. How would RSS feed of a traditional blog or news website fit with Briar's mor...There are two main problems with doing a RSS Import and republishing it as a Briar Blog:
1. **The feed may not include the full article, but only a teaser**
2. How would RSS feed of a traditional blog or news website fit with Briar's more tumblr-like blogs
This ticket is about solving the first problem. Once this is solved, we'll open a new ticket for the second one.
One solution could be to **fetch and reformat the full article** that is usually linked from the RSS feed. This is a difficult job that would require a lot of testing with real-world data. Fortunately, there are libraries out there that could solve this problem for us.
It is difficult to detect if an RSS feed provides the full content or not. In both cases, the `<description>` tag is used. So maybe we could show users a **preview** before importing the feed and allow them to **switch article extraction mode on manually** for when the feed only contains teasers.
An alternative is not to support teaser-only feeds at all and rely on users to provide full text feeds. There is even a [Free Software webservice](http://fivefilters.org/content-only/) to do this.
This is a sub-ticket of #135.
# Article Extraction Libraries
## [boilerpipe](https://github.com/kohlschutter/boilerpipe)
* seems to be the most popular library on the net, but last release was 5 years ago and last commit 2 years ago
* not on jcenter, only private maven repo or jars
* `ArticleExtractor#getText()` can take various arguments such as `Url`, `String`, `Reader`, etc. so we can fetch the document ourselves via Tor
* The built-in `HTMLFetcher` is very simple and does not seem to support proxies
* License: Apache License 2.0
* Dependencies:
* [nekohtml](http://nekohtml.sourceforge.net/)
* [xerces](https://xerces.apache.org/)
## [snacktory](https://github.com/karussell/snacktory)
* used by the RSS reader Torsten is using and works well, but also [no longer actively developed](https://github.com/karussell/snacktory/issues/42#issuecomment-71230546)
* good detection for none-english sites (German, Japanese, ...), snacktory does not depend on the word count in its text detection to support CJK languages
* not on jcenter, only private maven repo or jars (or one `.java` file)
* `ArticleTextExtractor#extractContent()` can take various arguments such as `JResult`, `String`, `Document`, etc. so we can fetch the document ourselves via Tor
* There is also a built-in `HtmlFetcher` that has a `setProxy()` method
* License: Apache License 2.0
* Dependencies:
* [jsoup](https://jsoup.org/)
* [log4j](https://logging.apache.org/log4j/)
* [slf4j-api](http://www.slf4j.org/)
## [goose](https://github.com/GravityLabs/goose)
* written in Scala which apparently can be used in Android projects
* Last release in Nov 2015
* License: Apache License 2.0https://code.briarproject.org/briar/briar/-/issues/445iOS and iPhone2023-03-28T12:51:28ZSimó Albert i BeltraniOS and iPhoneUnfortunatelly I know iPhone users :(
Could they run Briar?Unfortunatelly I know iPhone users :(
Could they run Briar?https://code.briarproject.org/briar/briar/-/issues/439Compare TRVE Data with BSP2020-11-21T18:55:43Zstr4dCompare TRVE Data with BSPFrom the research team we are talking with about performance / battery life measurements (for #115). It sounds like it has a lot of overlap with BSP; it would be interesting to know in what ways the approaches differ.
http://www.cl.cam....From the research team we are talking with about performance / battery life measurements (for #115). It sounds like it has a lot of overlap with BSP; it would be interesting to know in what ways the approaches differ.
http://www.cl.cam.ac.uk/research/dtg/trve/
https://github.com/trvedatahttps://code.briarproject.org/briar/briar/-/issues/435Generalise ForumSharingIntegrationTest2020-11-21T18:58:09Zstr4dGeneralise ForumSharingIntegrationTestAs part of #403, `ForumSharingManager` was generalised into a `SharingManager` that is subclassed per-shareable.
`ForumSharingIntegrationTest` should be similarly generalised to ensure that the common behaviour is consistent across all ...As part of #403, `ForumSharingManager` was generalised into a `SharingManager` that is subclassed per-shareable.
`ForumSharingIntegrationTest` should be similarly generalised to ensure that the common behaviour is consistent across all subclasses (and to reduce duplication).https://code.briarproject.org/briar/briar/-/issues/421Rich Text Editor for Writing Blog Posts2022-11-23T14:44:51ZTorsten GroteRich Text Editor for Writing Blog PostsThis ticket depends on #411.
Blog posts need some kind of styling like Markdown or HTML. Users should have a simple WYSIWYG editor to apply simple styles to their posts.
It's possible to render HTML in TextView (and there's a library t...This ticket depends on #411.
Blog posts need some kind of styling like Markdown or HTML. Users should have a simple WYSIWYG editor to apply simple styles to their posts.
It's possible to render HTML in TextView (and there's a library that extends the support). We could find e.g. a Markdown renderer for Android. When we render arbitrary HTML, we have to be very careful about how we increase the attack surface. We also find a way to handle links. You don't want people to publish blogs with specially prepared links that will deanonymize the readers of the blog once they click on them without special precautions like opening the link only via Orfox for example.
[HTMLTextView](https://github.com/SufficientlySecure/html-textview) could be a candidate for rendering a subset of HTML in TextViews.
For inspiration:
![other app](https://code.briarproject.org/akwizgran/briar/uploads/41699a337c47789ab1a51b929d37a7fa/Screenshot_20160523-092610.jpg)
![new_blog_new_post](/uploads/779490393046b65a97557363cc4651c2/new_blog_new_post.jpg)https://code.briarproject.org/briar/briar/-/issues/379Safe publication audit2020-11-21T19:01:53ZakwizgranSafe publication auditAudit the codebase for safe publication issues:
* Allowing `this` to escape the constructor (including indirectly via non-static inner classes)
* Passing mutable objects between threads (including mutable collections)Audit the codebase for safe publication issues:
* Allowing `this` to escape the constructor (including indirectly via non-static inner classes)
* Passing mutable objects between threads (including mutable collections)https://code.briarproject.org/briar/briar/-/issues/349Explain Panic Button settings better2020-11-21T19:04:18ZakwizgranExplain Panic Button settings betterSome users discovered the Panic Button settings and were confused by them.Some users discovered the Panic Button settings and were confused by them.https://code.briarproject.org/briar/briar/-/issues/338Assign parents to activities2020-11-21T19:06:06ZakwizgranAssign parents to activitiesMost activities are currently using NavDrawerActivity as their parent. Pick an appropriate parent for each activity and update the manifest.Most activities are currently using NavDrawerActivity as their parent. Pick an appropriate parent for each activity and update the manifest.https://code.briarproject.org/briar/briar/-/issues/315"About privacy" section2021-01-13T14:54:43ZMegalox"About privacy" sectionadd an "about privacy" view where we explain the advantages and limitations of serverless messaging.
Explain the perils of "reveal relationship" for private groups; connect this paragraph to the "more info" button in the "options" dialog...add an "about privacy" view where we explain the advantages and limitations of serverless messaging.
Explain the perils of "reveal relationship" for private groups; connect this paragraph to the "more info" button in the "options" dialog for join messages.https://code.briarproject.org/briar/briar/-/issues/303Use Bluetooth LE for peer discovery2022-01-26T13:50:35ZakwizgranUse Bluetooth LE for peer discoverySome newer Android devices support Bluetooth LE peripheral mode, which allows them to send beacons advertising their presence. This could be used as a low-energy and privacy-preserving alternative to polling for device pairs that support...Some newer Android devices support Bluetooth LE peripheral mode, which allows them to send beacons advertising their presence. This could be used as a low-energy and privacy-preserving alternative to polling for device pairs that support it.
https://altbeacon.github.io/android-beacon-library/beacon-transmitter-devices.html
Related to #44, #62.https://code.briarproject.org/briar/briar/-/issues/289Improve UX for notifications2020-11-21T19:26:17ZakwizgranImprove UX for notificationshttps://code.briarproject.org/briar/briar/-/issues/265Fuzzing tests for message validators2021-02-10T15:10:26ZakwizgranFuzzing tests for message validatorsUse fuzzing to ensure the message validators reject invalid messages without crashing. Record any messages that trigger crashes.
We can either look for a suitable fuzzing library or write our own fuzzer, starting from valid messages and...Use fuzzing to ensure the message validators reject invalid messages without crashing. Record any messages that trigger crashes.
We can either look for a suitable fuzzing library or write our own fuzzer, starting from valid messages and applying random mutations (delete/replace/repeat).https://code.briarproject.org/briar/briar/-/issues/232Improve unread message highlight2020-11-21T19:33:28ZErnir ErlingssonImprove unread message highlightRight now unread messages are displayed in red-ish chat bubbles in the private chat window with a contact. These are a bit hard to read and there was a suggestion of changing their color.
What about highlighting the chat bubbles for a ...Right now unread messages are displayed in red-ish chat bubbles in the private chat window with a contact. These are a bit hard to read and there was a suggestion of changing their color.
What about highlighting the chat bubbles for a few seconds and then letting the color fade away? We should also use the same color somewhere in a contact list element where we display unread messages.
Are there maybe some other suggestions how we do this ?https://code.briarproject.org/briar/briar/-/issues/187Implement I2P plugin2021-12-09T00:18:37Zstr4dImplement I2P plugin@akwizgran expressed a keen interest in this happening eventually. The basic idea is to add I2P as a transport, so that contacts can choose to communicate over I2P if they wish. It should be similar to the Tor plugin, and will probably b...@akwizgran expressed a keen interest in this happening eventually. The basic idea is to add I2P as a transport, so that contacts can choose to communicate over I2P if they wish. It should be similar to the Tor plugin, and will probably be easier to implement (because I2P has a native Java API).https://code.briarproject.org/briar/briar/-/issues/152Merge patches upstream2020-11-21T19:42:04ZakwizgranMerge patches upstreamDetermine which of the patches in the /patches dir should be merged upstream and contact the upstream developers.
Related: #25, #64, #115Determine which of the patches in the /patches dir should be merged upstream and contact the upstream developers.
Related: #25, #64, #115https://code.briarproject.org/briar/briar/-/issues/65Two-factor authentication2020-11-21T20:09:51ZakwizgranTwo-factor authenticationAdd optional two-factor authentication to the Android app via NFC -- to log in, the user must tap a particular NFC tag as well as entering their password. Data from the NFC tag is incorporated into the PBKDF. This prevents brute force pa...Add optional two-factor authentication to the Android app via NFC -- to log in, the user must tap a particular NFC tag as well as entering their password. Data from the NFC tag is incorporated into the PBKDF. This prevents brute force password cracking if the Android device is captured but the NFC tag is not.
NFC tags may be readable at long distances, so this won't prevent password cracking by an attacker who can read the NFC tag in advance.
This is weaker than 2FA protocols based on public keys, such as U2F, but those require a trusted server that can deny access to the account if the signature doesn't match.https://code.briarproject.org/briar/briar/-/issues/63Prevent tag length from being used for active probing2021-01-25T17:55:11ZakwizgranPrevent tag length from being used for active probingOn some transports it may be possible to use the fixed tag length to probe a transport endpoint to determine whether it's likely to be accepting BTP traffic: the endpoint will always accept (tag length - 1) random bytes but close the tra...On some transports it may be possible to use the fixed tag length to probe a transport endpoint to determine whether it's likely to be accepting BTP traffic: the endpoint will always accept (tag length - 1) random bytes but close the transport connection after (tag length) bytes.
It may be possible to address this by picking a random number for each incoming transport connection and reading that many bytes before deciding whether to accept the connection. The number could be anywhere between (tag length) and (tag length + stream header length). The number could be drawn from a distribution supplied by the TAP profile, allowing the distribution to be tailored to the transport.https://code.briarproject.org/briar/briar/-/issues/59Traffic analysis prevention layer2022-11-01T14:51:18ZakwizgranTraffic analysis prevention layerThe traffic analysis prevention (TAP) layer is responsible for preventing an observer from determining the volume and timing of data carried by a BTP stream.
What should the interfaces between BTP, TAP and the transport plugin look like...The traffic analysis prevention (TAP) layer is responsible for preventing an observer from determining the volume and timing of data carried by a BTP stream.
What should the interfaces between BTP, TAP and the transport plugin look like? Does the plugin need to be able to ask for a specific stream length, other than setting an upper bound? Are there any transports for which sending data as quickly as possible is preferable (from a TAP point of view) to sending it at a limited rate?
The TAP layer could adjust the transmission rate, increasing it if there's data waiting and decreasing it if not. What could the adversary learn by observing changes in the transmission rate and/or manipulating congestion?
Padding could be handled at the BTP layer by choosing a padding multiplier for each stream. The TAP layer would then sit between BTP and the transport and handle chopping and delaying the stream -- that is, segmenting the encrypted, padded stream according to some segment size distribution, and writing segments to the transport according to some inter-segment delay distribution.
The padding, size and delay distributions can be used to produce a characteristic traffic 'shape' for each device or pair of devices:
http://www.cs.kau.se/philwint/pdf/wpes2013.pdf
We can conceal traffic bursts by throttling the output of the TAP layer so that bursts are smoothed out. However, we should make good use of intermittently available transports -- if we send too slowly, the transport connection may be lost before we finish.https://code.briarproject.org/briar/briar/-/issues/58Use double MAC technique for checking MACs2020-11-21T20:17:47ZakwizgranUse double MAC technique for checking MACsComparing a received MAC to the expected MAC in constant time is tricky in high-level languages because the compiler, runtime and JIT may optimise the comparison code so that it no longer runs in constant time. The adversary may be able ...Comparing a received MAC to the expected MAC in constant time is tricky in high-level languages because the compiler, runtime and JIT may optimise the comparison code so that it no longer runs in constant time. The adversary may be able to use the timing of the comparison to discover how many bytes of the received MAC match the expected MAC.
To avoid revealing this information, the recipient can calculate another MAC over each MAC and compare the outer MACs. The adversary can use the timing of the comparison to learn the position at which the outer MACs differ, but that doesn't reveal the position at which the inner MACs differ.
https://www.isecpartners.com/blog/2011/february/double-hmac-verification.aspx
The MAC is being used as a PRF. It seems like this technique could also be used for validating signatures -- the validator can use any MAC key (not necessarily shared with the signer) to calculate MACs over the received and expected signatures, then compare the MACs.