briar issueshttps://code.briarproject.org/groups/briar/-/issues2020-11-21T17:05:02Zhttps://code.briarproject.org/briar/briar/-/issues/640Detect blogs that are no longer receiving updates2020-11-21T17:05:02ZakwizgranDetect blogs that are no longer receiving updatesIt's possible for a blog subscriber to be cut off from the blog's author due to upstream subscribers unsubscribing or leaving the network. We could use some combination of keepalive messages from the author and an adaptive timeout at the...It's possible for a blog subscriber to be cut off from the blog's author due to upstream subscribers unsubscribing or leaving the network. We could use some combination of keepalive messages from the author and an adaptive timeout at the subscriber to detect this and mark the blog as inactive or unreachable.
If we use keepalives, the interval between keepalives should adapt to the average interval between posts. If we use a timeout at the subscriber based on the arrival times of updates, TCP's running estimates of round-trip time and round-trip time variance might be a good place to start.
Depending on the mechanism used, this might also be applicable to other kinds of group.https://code.briarproject.org/briar/briar/-/issues/626Add a sign out button to the ongoing notification2020-11-21T17:07:01ZErnir ErlingssonAdd a sign out button to the ongoing notificationOne test user took the drastic action of turning his mobile device off and on in order to completely close Briar. The user didn't realise that the logout button in-app would have that affect and remove the static notification.
Suggested...One test user took the drastic action of turning his mobile device off and on in order to completely close Briar. The user didn't realise that the logout button in-app would have that affect and remove the static notification.
Suggested solution: We add a logout button to the static notification, which causes Briar to close completely and removes the static notificationhttps://code.briarproject.org/briar/briar/-/issues/624How to reach individual blogs2022-11-18T17:24:07ZTorsten GroteHow to reach individual blogsSo far, we opened a user's blog when you clicked on that author's name or avatar while reading a blog post from the combined blog feed.
![reblog_04](/uploads/82f45e7ddf98a4db4979272bb2213b91/reblog_04.png)
Now the problem with rebloggi...So far, we opened a user's blog when you clicked on that author's name or avatar while reading a blog post from the combined blog feed.
![reblog_04](/uploads/82f45e7ddf98a4db4979272bb2213b91/reblog_04.png)
Now the problem with reblogging and comments is that there can be posts and comments from authors in our feed whose blog we do not subscribe. So we can not open their blog when clicking on their name.
So do we show a dialog with just an OK button informing the user that she does not have access to this author's blog or do we find another way to open the blogs of our contacts?https://code.briarproject.org/briar/briar/-/issues/1139Progress wheels are invisible on Sony Xperia Z3 Compact2020-11-19T04:48:02ZakwizgranProgress wheels are invisible on Sony Xperia Z3 CompactWhen signing in or adding a contact, the progress wheels are invisible on the Sony Xperia Z3 Compact (Android 6.0.1).When signing in or adding a contact, the progress wheels are invisible on the Sony Xperia Z3 Compact (Android 6.0.1).https://code.briarproject.org/briar/briar/-/issues/1140Button to update RSS feeds2020-11-19T04:47:28ZakwizgranButton to update RSS feedsA user asked for a button to manually update RSS feeds.A user asked for a button to manually update RSS feeds.https://code.briarproject.org/briar/briar/-/issues/1144Secret Questions for Forgot Password2020-11-19T04:44:21ZSaurabh DayamaSecret Questions for Forgot PasswordIf the user forgets his password, there is no way to retrieve it. Would it make sense to have 3/5 secret questions that if answered correctly would enable the user to retrieve/reset the password?If the user forgets his password, there is no way to retrieve it. Would it make sense to have 3/5 secret questions that if answered correctly would enable the user to retrieve/reset the password?https://code.briarproject.org/briar/briar/-/issues/620ConfigControllerImpl reads disk on UI thread, violating strict mode2020-11-21T17:08:27ZakwizgranConfigControllerImpl reads disk on UI thread, violating strict mode```
08-28 22:33:05.205 D/StrictMode(24991): StrictMode policy violation; ~duration=23 ms: android.os.StrictMode$StrictModeDiskReadViolation: policy=31 violation=2
08-28 22:33:05.205 D/StrictMode(24991): at android.os.StrictMode$A...```
08-28 22:33:05.205 D/StrictMode(24991): StrictMode policy violation; ~duration=23 ms: android.os.StrictMode$StrictModeDiskReadViolation: policy=31 violation=2
08-28 22:33:05.205 D/StrictMode(24991): at android.os.StrictMode$AndroidBlockGuardPolicy.onReadFromDisk(StrictMode.java:1151)
08-28 22:33:05.205 D/StrictMode(24991): at libcore.io.BlockGuardOs.stat(BlockGuardOs.java:292)
08-28 22:33:05.205 D/StrictMode(24991): at java.io.File.isDirectory(File.java:524)
08-28 22:33:05.205 D/StrictMode(24991): at org.briarproject.android.AppModule$2.databaseExists(AppModule.java:79)
08-28 22:33:05.205 D/StrictMode(24991): at org.briarproject.android.controller.ConfigControllerImpl.accountExists(ConfigControllerImpl.java:41)
08-28 22:33:05.205 D/StrictMode(24991): at org.briarproject.android.SplashScreenActivity.startNextActivity(SplashScreenActivity.java:67)
08-28 22:33:05.205 D/StrictMode(24991): at org.briarproject.android.SplashScreenActivity$1.run(SplashScreenActivity.java:51)
```https://code.briarproject.org/briar/briar/-/issues/608Send feedback immediately if possible2020-11-21T17:08:45ZakwizgranSend feedback immediately if possibleUser feedback is saved to disk and sent the next time the user signs in. It should be sent immediately if possible.User feedback is saved to disk and sent the next time the user signs in. It should be sent immediately if possible.https://code.briarproject.org/briar/briar/-/issues/606Improve Fragment handling2020-11-21T17:17:05ZTorsten GroteImprove Fragment handlingThe `BriarFragmentActivity` is working around the fragment backstack instead of with it. Sometimes fragments are added to the stack and sometimes not. Fragments are *always* created from scratch even if there might already be an instance...The `BriarFragmentActivity` is working around the fragment backstack instead of with it. Sometimes fragments are added to the stack and sometimes not. Fragments are *always* created from scratch even if there might already be an instance on the backstack that could be re-used.https://code.briarproject.org/briar/briar/-/issues/604Provide hooks for mitigating flooding attacks at client layer2020-11-21T17:21:36ZakwizgranProvide hooks for mitigating flooding attacks at client layerMessage flooding attacks can be mitigated to some extent at the sync layer (#511), but the client may be in a better position to make decisions such as rate limiting. The sync API should allow clients to express these decisions, for exam...Message flooding attacks can be mitigated to some extent at the sync layer (#511), but the client may be in a better position to make decisions such as rate limiting. The sync API should allow clients to express these decisions, for example by limiting the rate at which messages are delivered to the client, shared with contacts, or both.https://code.briarproject.org/briar/briar/-/issues/603Research stream isolation for hidden service connections2020-11-16T11:11:45ZakwizgranResearch stream isolation for hidden service connectionsTor supports stream isolation, meaning that streams used for separate purposes can be forced to use separate circuits, making it harder for observers to tell whether the streams belong to the same client. Clients can activate this featur...Tor supports stream isolation, meaning that streams used for separate purposes can be forced to use separate circuits, making it harder for observers to tell whether the streams belong to the same client. Clients can activate this feature by specifying a SOCKS username and password - streams with different SOCKS credentials will be isolated from each other.
Using stream isolation for our hidden service connections may help to prevent Tor relays from learning which hidden service addresses belong to contacts of the same user. That information could be used to help identify the user or her contacts. On a larger scale it might also be used to build an anonymised social graph of hidden service addresses, which could then be deanonymised by comparing it with other social graphs (https://33bits.org/).
However, it's not clear whether stream isolation would prevent this information leak, as Tor may re-use existing circuits for publishing and retrieving hidden service descriptors (see https://gitweb.torproject.org/torspec.git/plain/rend-spec.txt).
Find out:
* Whether stream isolation applies to publishing and retrieving HS descriptors
* Whether stream isolation has a bandwidth cost due to using more circuitshttps://code.briarproject.org/briar/briar/-/issues/602Exponential backoff for RSS feeds2021-04-16T13:21:41ZakwizgranExponential backoff for RSS feedsWe fetch all RSS feeds at the same fixed interval. Some feeds update much more frequently than others, so we should adjust the interval of each feed to match its update interval. This can be done by doubling the interval whenever a fetch...We fetch all RSS feeds at the same fixed interval. Some feeds update much more frequently than others, so we should adjust the interval of each feed to match its update interval. This can be done by doubling the interval whenever a fetch succeeds without finding any new posts, and halving the interval whenever new posts are found. The intervals should be stored persistently.
Related to #44, #45.https://code.briarproject.org/briar/briar/-/issues/590Option to save the password2023-09-01T12:43:31ZligiOption to save the passwordadd a setting to store the password with the hint to the user that this makes things less secure
**Motivation**
this will help developers when developing the app because it reduces the time they have to enter the password
could also he...add a setting to store the password with the hint to the user that this makes things less secure
**Motivation**
this will help developers when developing the app because it reduces the time they have to enter the password
could also help adoption as a users might get frustrated having to enter a password often. There are some use cases where this additional attack-vector does not really matter and could be traded for convenience. Ideally this setting is exposed to the contacts so they know.
this is a follow up from a discussion in #587https://code.briarproject.org/briar/briar/-/issues/540Sync messages in dependency order2020-11-21T17:43:08ZakwizgranSync messages in dependency orderMessages should be synced in dependency order (i.e. dependencies before their dependents) so they can be delivered to the client as soon as possible.
This can be done by recording the dependency depth of each message in the DB. A messag...Messages should be synced in dependency order (i.e. dependencies before their dependents) so they can be delivered to the client as soon as possible.
This can be done by recording the dependency depth of each message in the DB. A message with no dependencies has a depth of 0. A message with dependencies has a depth one greater than the greatest depth of its dependencies.https://code.briarproject.org/briar/briar/-/issues/577Annotate fields and methods that should only be accessed from certain threads2020-11-21T17:35:02ZakwizgranAnnotate fields and methods that should only be accessed from certain threadsCreate @UiThread and @DbThread annotations for fields and methods (just for documentation purposes at this stage). Maybe also @Blocking and @NonBlocking for methods.Create @UiThread and @DbThread annotations for fields and methods (just for documentation purposes at this stage). Maybe also @Blocking and @NonBlocking for methods.https://code.briarproject.org/briar/briar/-/issues/567Clean up the Lint issues2020-11-21T17:36:57ZErnir ErlingssonClean up the Lint issuesThe Lint tool is reporting a lot of issues, we should review them and decide which ones are valid, and add the respective ignore tag/annotation to the ones that aren't.The Lint tool is reporting a lot of issues, we should review them and decide which ones are valid, and add the respective ignore tag/annotation to the ones that aren't.https://code.briarproject.org/briar/briar/-/issues/537Create back stack when opening activities from notifications2020-11-21T17:51:33ZakwizgranCreate back stack when opening activities from notificationsWhen opening an activity in response to the user touching an incoming message notification, the back stack should be populated. Currently the activity is stacked above any previously visited activities, so backing out of it may lead to t...When opening an activity in response to the user touching an incoming message notification, the back stack should be populated. Currently the activity is stacked above any previously visited activities, so backing out of it may lead to the home screen or an unrelated activity.https://code.briarproject.org/briar/briar/-/issues/561Include forum name when showing response to forum invitation2020-11-21T17:38:07ZakwizgranInclude forum name when showing response to forum invitationhttps://code.briarproject.org/briar/briar/-/issues/529Forum invitation notification is not cleared when viewing invitation from for...2020-11-21T17:52:34ZakwizgranForum invitation notification is not cleared when viewing invitation from forum listWhen a new forum invitation arrives, a notification is shown. The invitation can be viewed either from the private conversation, which clears the notification, or from the snackbar in the forum list, which does not.When a new forum invitation arrives, a notification is shown. The invitation can be viewed either from the private conversation, which clears the notification, or from the snackbar in the forum list, which does not.https://code.briarproject.org/briar/briar/-/issues/550Move timestamps from sync layer to client layer2020-11-21T17:40:50ZakwizgranMove timestamps from sync layer to client layerClients have different requirements for representing time: some don't need timestamps at all, some can use simple timestamps like we currently provide, and in future others may need more complex representations of time, incorporating tim...Clients have different requirements for representing time: some don't need timestamps at all, some can use simple timestamps like we currently provide, and in future others may need more complex representations of time, incorporating timezones, for example. Timestamps should be moved up to the client layer so each client can represent time in its own way.