briar issueshttps://code.briarproject.org/groups/briar/-/issues2020-11-19T15:07:21Zhttps://code.briarproject.org/briar/briar/-/issues/974Show Onboarding for new Forums and Groups2020-11-19T15:07:21ZTorsten GroteShow Onboarding for new Forums and GroupsWhen a user first created a forum or a private group, we should show an onboarding screen that includes and action to open the sharing/invite screen.When a user first created a forum or a private group, we should show an onboarding screen that includes and action to open the sharing/invite screen.https://code.briarproject.org/briar/briar/-/issues/973Add 'Select All' Button to Sharing Screens2020-11-15T10:20:33ZTorsten GroteAdd 'Select All' Button to Sharing ScreensMessages traversal in a social graph improves with each added share relationship between contacts. This is especially true for forums, but maybe also blogs and (reveal contacts of) private groups. In order to encourage sharing, I propose...Messages traversal in a social graph improves with each added share relationship between contacts. This is especially true for forums, but maybe also blogs and (reveal contacts of) private groups. In order to encourage sharing, I propose to add a "select all" button to the respective sharing/reveal screens that selects all selectable contacts and still allows the user to unselect individual contacts before proceeding.https://code.briarproject.org/briar/briar/-/issues/972Allow user to choose security profile2022-10-27T17:43:53ZTorsten GroteAllow user to choose security profileThis is an idea for how to make Briar easier to use: When the user creates her account, we could ask the user to choose one of three security options: low, medium and high security (that come with a description about what they mean exact...This is an idea for how to make Briar easier to use: When the user creates her account, we could ask the user to choose one of three security options: low, medium and high security (that come with a description about what they mean exactly).
Based on what the user chooses, we can adapt certain settings or simplify certain things, so it gets easier to use. For example, if the user chooses medium security we could show private notifications on the lock screen. If they chose low, we could even show the content of messages on the lock screen (crazy, I know). In that case, we could also reveal contacts by default in private groups, for example. If a high security profile has been choose, we do not show any notifications on the lock screen and we display a warning before clicked links are opened. The latter warning would not be shown on a low security profile.
The idea is that Briar would be a useful and valuable tool also for users with lower security but higher convenience requirements.
**Addition from #2138 on 26th of July 2021 by @nicoalt:**
With the increased interest in disaster communication and the upcoming research on [multi-hop social mesh](https://code.briarproject.org/briar/briar/-/issues/1816) and [public mesh](https://code.briarproject.org/briar/briar/-/issues/1817), it might be cool if users could specify their security settings in Briar, similar to [Tor Browser's security settings](https://tb-manual.torproject.org/security-settings/). Tor Browser's settings could translate to Briar like this:
* Standard (I would rather call it "disaster" or "insecure"): public mesh
* Safer: multi-hop social mesh
* Safest: single-hop social mesh like at the moment
![Tor Browser's security settings screenshot](/uploads/0cb63741449cdaebc37c487fad810d67/security-settings-safest.png)
I can see, though, that this is both difficult to implement and difficult to understand for users, but I'm still curious what UX experts like @elioqoshi think about it. If we don't do security settings but want to provide a solution with public mesh, I think forking Briar is the only viable alternative we have.https://code.briarproject.org/briar/briar/-/issues/963Threaded Conversation: No Unread Button when new message partly visible2020-11-19T15:13:36ZakwizgranThreaded Conversation: No Unread Button when new message partly visibleIf a message is received in a private group while the group is open, the message doesn't appear until the screen is rotated.
This may be device-dependent: it happens on the Moto G 4G and the Moto E3, but not on the Galaxy Nexus.If a message is received in a private group while the group is open, the message doesn't appear until the screen is rotated.
This may be device-dependent: it happens on the Moto G 4G and the Moto E3, but not on the Galaxy Nexus.https://code.briarproject.org/briar/briar/-/issues/958Importing RSS Feed, UX considerations2020-11-19T15:15:13ZErnir ErlingssonImporting RSS Feed, UX considerations1. We should close the keyboard after the user has pressed the import button
2. One user imported a large RSS feed and before it finished his screen turned off, he had a short setting for an active screen but we should maybe consider met...1. We should close the keyboard after the user has pressed the import button
2. One user imported a large RSS feed and before it finished his screen turned off, he had a short setting for an active screen but we should maybe consider methods to keep the screen on while something is loading, there the device is usually not really idle but the user is simply waiting for the loading to finish before continuing.https://code.briarproject.org/briar/briar/-/issues/952Use external IP address in LocationUtils if available2020-11-19T15:17:31ZakwizgranUse external IP address in LocationUtils if availableIf we can discover a routable IP address from a network interface then we can look it up in Tor's GeoIP library and use that as one of the sources to determine whether Tor's likely to be blocked in our current location.If we can discover a routable IP address from a network interface then we can look it up in Tor's GeoIP library and use that as one of the sources to determine whether Tor's likely to be blocked in our current location.https://code.briarproject.org/briar/briar/-/issues/950Detect when Tor is failing to connect to the network2022-06-06T13:23:38ZakwizgranDetect when Tor is failing to connect to the networkUnder some circumstances (see #845), Tor can't connect to the network but the app doesn't realise there's no internet connectivity.. Repeatedly trying and failing to connect to guard nodes could cause Tor to mark its preferred guards as ...Under some circumstances (see #845), Tor can't connect to the network but the app doesn't realise there's no internet connectivity.. Repeatedly trying and failing to connect to guard nodes could cause Tor to mark its preferred guards as unreachable and choose new guards sooner than necessary, which could harm anonymity. We should consider setting `DisableNetwork 1` after repeated guard connection failures, then waiting for a connectivity event before trying again.https://code.briarproject.org/briar/briar/-/issues/947Bluetooth address is empty in LineageOS guest mode2020-11-19T15:19:18ZTorsten GroteBluetooth address is empty in LineageOS guest modeThis happens on a device with Privacy Guard (even if disabled) when starting Briar (or when trying to add a contact):
![signal-2017-05-09-213424](/uploads/304cd58b9dd6bd7596a9b606143949c5/signal-2017-05-09-213424.png)
Since the user ca...This happens on a device with Privacy Guard (even if disabled) when starting Briar (or when trying to add a contact):
![signal-2017-05-09-213424](/uploads/304cd58b9dd6bd7596a9b606143949c5/signal-2017-05-09-213424.png)
Since the user can not even log in, there is no way this report gets send out via Tor, so it is attached as a screenshot here.https://code.briarproject.org/briar/briar/-/issues/944WiFi Transport layer dead when device has been offline for long2020-11-19T15:20:50ZErnir ErlingssonWiFi Transport layer dead when device has been offline for longBriar was running for two days in flight mode but failed to connect when device internet connectivity was restored per WiFi. I failed to check other transports due to a crash ~~that I'm still investigating, it might be that Briar's stabi...Briar was running for two days in flight mode but failed to connect when device internet connectivity was restored per WiFi. I failed to check other transports due to a crash ~~that I'm still investigating, it might be that Briar's stability was compromised.~~
Edit: Unrelated crash due to an error in my save/restore branchhttps://code.briarproject.org/briar/briar/-/issues/942Compare Briar's Notification behaviour with other chat applications2020-11-19T15:21:55ZErnir ErlingssonCompare Briar's Notification behaviour with other chat applications> @ernir it would be great if you could look into the notification behaviour of other apps in detail (if i had to pick one, i guess it would be whatsapp) and see how they're handling all the corner cases. for example, if a conversation i...> @ernir it would be great if you could look into the notification behaviour of other apps in detail (if i had to pick one, i guess it would be whatsapp) and see how they're handling all the corner cases. for example, if a conversation is open and a message arrives, does it show a notification/vibrate/make a sound/blink the led? same question if the screen is off, same question if the list of conversations is open instead of the conversation itself, etchttps://code.briarproject.org/briar/briar/-/issues/935Hostname of feed URL is logged during RSS Feed Import2020-11-19T15:22:32ZTorsten GroteHostname of feed URL is logged during RSS Feed ImportPrivacy leak?
```
04-10 15:14:04.602 D/libc-netbsd: [getaddrinfo]: hostname=www.schneier.com; servname=(null); cache_mode=(null), netid=0; mark=0
04-10 15:14:04.602 D/libc-netbsd: [getaddrinfo]: ai_addrlen=0; ai_canonname=(null); ai_flag...Privacy leak?
```
04-10 15:14:04.602 D/libc-netbsd: [getaddrinfo]: hostname=www.schneier.com; servname=(null); cache_mode=(null), netid=0; mark=0
04-10 15:14:04.602 D/libc-netbsd: [getaddrinfo]: ai_addrlen=0; ai_canonname=(null); ai_flags=4; ai_family=0
```https://code.briarproject.org/briar/briar/-/issues/929Non-blocking SettingsManager2020-11-15T10:37:10ZakwizgranNon-blocking SettingsManagerThe SettingsManager interface is inconvenient to use because it needs to be called on the DB thread. Make the interface non-blocking by loading settings at startup and writing them back to the DB in the background when they're updated.The SettingsManager interface is inconvenient to use because it needs to be called on the DB thread. Make the interface non-blocking by loading settings at startup and writing them back to the DB in the background when they're updated.https://code.briarproject.org/briar/briar/-/issues/927The "Change password" option accepts the old password as new2022-07-26T15:34:47ZJulian DehmThe "Change password" option accepts the old password as newIt's possible to "change" the password to the one you currently use.
We should check if the new one differs from the old before activating the change password buttonIt's possible to "change" the password to the one you currently use.
We should check if the new one differs from the old before activating the change password buttonhttps://code.briarproject.org/briar/briar/-/issues/924Tester thought tap target onboarding was a bug2020-11-15T10:43:00ZakwizgranTester thought tap target onboarding was a bugA tester thought the tap target onboarding for the introduction feature was a bug - she held up her phone and asked "Is it meant to look like that?".
Perhaps we should consider using a less bold design, or changing the parameters so tha...A tester thought the tap target onboarding for the introduction feature was a bug - she held up her phone and asked "Is it meant to look like that?".
Perhaps we should consider using a less bold design, or changing the parameters so that the target appears more gradually.https://code.briarproject.org/briar/briar/-/issues/922Emoji in forum and group names2020-11-19T15:24:18ZakwizgranEmoji in forum and group namesA tester asked to be able to use emoji in forum and group names. (This is possible with an emoji keyboard, but not otherwise.)A tester asked to be able to use emoji in forum and group names. (This is possible with an emoji keyboard, but not otherwise.)https://code.briarproject.org/briar/briar/-/issues/921Contact seemed to remain online after phone was reused2020-11-19T15:25:24ZakwizgranContact seemed to remain online after phone was reusedThis issue arose in user testing when one of the devices was reused by another tester.
User A with device X and user B with device Y added each other as contacts. Then user C took over device Y and created a new account. User A continue...This issue arose in user testing when one of the devices was reused by another tester.
User A with device X and user B with device Y added each other as contacts. Then user C took over device Y and created a new account. User A continued to see user B as online.
This may have been caused by a Bluetooth channel remaining open between the devices, causing user A to think that a connection to user B was still open. Perhaps a subsequent connection between user A and user C either reused the channel or otherwise caused it to remain open rather than timing out, or perhaps the Bluetooth stack on device X simply doesn't time out connections in a reasonable time.
If any of those speculations are right, we should work out how to avoid relying on Bluetooth to time out the connection and time out after a reasonable time in the Bramble stack instead.
We should also check that Bluetooth connections are being disposed of properly when they're closed.https://code.briarproject.org/briar/briar/-/issues/920Transfer ownership of a private group2022-11-18T17:24:07ZakwizgranTransfer ownership of a private groupA tester asked for the ability to transfer the ownership of a private group to another member.
This might not be possible with the current structure, because not all members might be contacts of the new owner, or might not wish to revea...A tester asked for the ability to transfer the ownership of a private group to another member.
This might not be possible with the current structure, because not all members might be contacts of the new owner, or might not wish to reveal whether they were.https://code.briarproject.org/briar/briar/-/issues/918Voting or consensus for inviting a new member to a private group2021-01-13T11:59:11ZakwizgranVoting or consensus for inviting a new member to a private groupA user suggested this in a recent testing session.A user suggested this in a recent testing session.https://code.briarproject.org/briar/briar/-/issues/917Testers did not understand who could be invited to private groups2020-11-19T15:34:00ZakwizgranTesters did not understand who could be invited to private groupsTesters asked whether they could invite users who weren't their contacts to a group, and whether an invited member could invite her contacts. They eventually worked out what was possible but were initially confused.
Related to #801, #81...Testers asked whether they could invite users who weren't their contacts to a group, and whether an invited member could invite her contacts. They eventually worked out what was possible but were initially confused.
Related to #801, #811 and #855.https://code.briarproject.org/briar/briar/-/issues/901Improve key binding in contact exchange protocol2020-11-19T15:35:33ZakwizgranImprove key binding in contact exchange protocolThe contact exchange protocol provides the following guarantees:
* Each party knows that the ephemeral and identity public keys she received are owned by the other party
* Each party knows that the ephemeral and identity public keys she ...The contact exchange protocol provides the following guarantees:
* Each party knows that the ephemeral and identity public keys she received are owned by the other party
* Each party knows that the ephemeral and identity public keys she received were used by the other party in the same run of the protocol - in other words it binds each party's ephemeral key pair to the same party's identity key pair and vice versa
* Each party knows that the ephemeral public key she received was used by the other party in the current run of the protocol - in other words it binds the parties' ephemeral key pairs to each other
To achieve this, each party uses her identity key pair to sign a nonce derived from the ephemeral shared secret, and authenticates the signed nonce using a symmetric key derived from the ephemeral shared secret.
Each party knows that the nonce she received is fresh, as it depends on her own ephemeral key pair, so the nonce itself proves that the other party owns the ephemeral public key received by the first party, while the signature proves that the other party owns the identity public key received by the first party.
The nonce is unique to this combination of ephemeral key pairs, so the signature represents a claim by the owner of the received identity public key that she took part in a protocol run involving both ephemeral key pairs. Authenticating the signed nonce with a symmetric key derived from the ephemeral shared secret represents a claim by the owner of the received ephemeral public keys that she took part in a protocol run involving both ephemeral key pairs and the identity key pair.
As far as I can tell, this construction is secure and achieves what we need, but it's unnecessarily convoluted. The binding and proof of ownership that's achieved by signing nonces could be achieved more straightforwardly by signing public keys:
* Each party signs both parties' ephemeral public keys and timestamps using her identity key pair
* Each party authenticates both parties' identity public keys, ephemeral public keys and timestamps, using a symmetric key derived from the ephemeral shared secret
If we're not concerned with deniability, each party can sign both parties' identity public keys, ephemeral public keys and timestamps. But as far as I can see, we get all the assurance we need without doing this.
Related to #902.