briar issueshttps://code.briarproject.org/groups/briar/-/issues2022-01-28T19:53:16Zhttps://code.briarproject.org/briar/briar-desktop/-/issues/284Inform users of security implications of different features (private chats, g...2022-01-28T19:53:16ZMikolai GütschowInform users of security implications of different features (private chats, groups, forums)Apart from mentioning those in the FAQ on the website, they should also be explained *concisely* at appropriate places in the UI. This depends on #13 and #12.Apart from mentioning those in the FAQ on the website, they should also be explained *concisely* at appropriate places in the UI. This depends on #13 and #12.https://code.briarproject.org/briar/briar-desktop/-/issues/273Do a user survey inside the app2022-01-28T19:53:15ZNicoDo a user survey inside the appCurrently we know only very little how users use Briar and what features they want the most.
Similar to how Signal has done it in the past, we could ask directly inside the app whether users want to participate in a little survey. In co...Currently we know only very little how users use Briar and what features they want the most.
Similar to how Signal has done it in the past, we could ask directly inside the app whether users want to participate in a little survey. In contrast to Signal, though, everything should happen inside the app and in the end the feedback mechanism could/should be used to deliver the results.
See Signal's [Research on your terms](https://signal.org/blog/signal-research/).https://code.briarproject.org/briar/briar-desktop/-/issues/283Potentially integrate private groups and forums in the same list as private c...2022-01-28T19:48:59ZMikolai GütschowPotentially integrate private groups and forums in the same list as private chatsSimilar as other messanging apps handle all group and single-person conversations in one list. During the UX coaching, we got the advice to think about the different security levels of private chats, groups and forums to decide whether p...Similar as other messanging apps handle all group and single-person conversations in one list. During the UX coaching, we got the advice to think about the different security levels of private chats, groups and forums to decide whether putting them together would make sense.
We discussed that private chats and groups *might* fit together, but forums should stay apart.https://code.briarproject.org/briar/briar-desktop/-/issues/282Allow users to send crash reports2022-01-28T11:55:24ZNicoAllow users to send crash reportsBrought up in https://code.briarproject.org/briar/briar-desktop/-/issues/272#note_61894.Brought up in https://code.briarproject.org/briar/briar-desktop/-/issues/272#note_61894.Desktop 1.0.0https://code.briarproject.org/briar/briar-desktop/-/issues/269Allow to save images2022-01-28T11:19:55ZNicoAllow to save imagesBriar Android allows this, too. However, we should warn and ask the user whether they really want to save the image to the hard disk, because inside Briar it's encrypted.Briar Android allows this, too. However, we should warn and ask the user whether they really want to save the image to the hard disk, because inside Briar it's encrypted.https://code.briarproject.org/briar/briar-desktop/-/issues/270Allow to export messages2022-01-28T11:19:54ZNicoAllow to export messagesIt would be cool if the whole chat history could be exported. Just like in #269 we have to warn the user about the lack of encryption, though.
Related:
* https://code.briarproject.org/briar/briar/-/issues/1095
* https://code.briarprojec...It would be cool if the whole chat history could be exported. Just like in #269 we have to warn the user about the lack of encryption, though.
Related:
* https://code.briarproject.org/briar/briar/-/issues/1095
* https://code.briarproject.org/briar/briar/-/issues/1153
* https://code.briarproject.org/briar/briar/-/issues/2213
(those might all be duplicates of each other)https://code.briarproject.org/briar/briar-desktop/-/issues/266Add extra information to messages2022-01-28T11:11:00ZNicoAdd extra information to messagesExplain what the clock, one tick and two ticks mean for example. This could be done by
* showing some information when hovering the icons
* providing some extended message information like in Signal
Those extended information could be a...Explain what the clock, one tick and two ticks mean for example. This could be done by
* showing some information when hovering the icons
* providing some extended message information like in Signal
Those extended information could be accessible either via
* navigating close to the message and clicking on 3 dots that appear
* right/long click on a message
Some images from Signal:
![Screenshot_from_2022-01-28_12-04-42](/uploads/7f4669bacd619cf4ba97401bf67f3a5c/Screenshot_from_2022-01-28_12-04-42.png)
![Screenshot_from_2022-01-28_12-05-27](/uploads/18e15bd0f408ea2d4601f6b6a93dc0fd/Screenshot_from_2022-01-28_12-05-27.png)https://code.briarproject.org/briar/briar-gtk/-/issues/73Redesign contact list2022-01-28T10:54:10ZNicoRedesign contact listInspiration by the GNOME Project:
![mobile-shell-convergence](/uploads/c7c585bd2133b1e37cd70487b7baf6a5/mobile-shell-convergence.png)
Source: https://gitlab.gnome.org/Teams/Design/os-mockups/-/blob/f69fa82f8676582d900af8716522a27ddd77d...Inspiration by the GNOME Project:
![mobile-shell-convergence](/uploads/c7c585bd2133b1e37cd70487b7baf6a5/mobile-shell-convergence.png)
Source: https://gitlab.gnome.org/Teams/Design/os-mockups/-/blob/f69fa82f8676582d900af8716522a27ddd77d87f/mobile-shell/mobile-shell-convergence.pnghttps://code.briarproject.org/briar/briar-desktop/-/issues/34Make all UI components reflect correct briar state2022-01-28T10:51:39ZSebastianMake all UI components reflect correct briar stateMany things in the UI are just stubs not displaying the state they are meant to represent. This is an epic umbrella ticket to gather such issues.
Examples for things that don't reflect state yet:
* online status of contacts in contact l...Many things in the UI are just stubs not displaying the state they are meant to represent. This is an epic umbrella ticket to gather such issues.
Examples for things that don't reflect state yet:
* online status of contacts in contact list
* online status of contact in private message view top bar
* avatar images in contact list
* avatar image in private message top bar
* timestamps in message bubbles
* delivered/read-checkmarks in message bubbles
* last seen time in contact list
* ...
We probably want tickets for individual things like those and link them with this ticket.Desktop 0.1.0https://code.briarproject.org/briar/website/-/issues/14Site is broken in IE 8 and 92022-01-28T10:28:40ZakwizgranSite is broken in IE 8 and 9The site's content doesn't show up in IE 8 or 9, which unfortunately are still popular browsers in China (and perhaps elsewhere).
https://www.chinainternetwatch.com/8757/top-web-browsers-china/
IE 8:
![win7_ie_8.0](/uploads/ca7cff7937...The site's content doesn't show up in IE 8 or 9, which unfortunately are still popular browsers in China (and perhaps elsewhere).
https://www.chinainternetwatch.com/8757/top-web-browsers-china/
IE 8:
![win7_ie_8.0](/uploads/ca7cff793777c4c704901c6658a4d238/win7_ie_8.0.png)
IE 9:
![win7_ie_9.0](/uploads/fb608d9ad305da26aa3d6073a422002b/win7_ie_9.0.png)
IE 10 (for comparison):
![win7_ie_10.0](/uploads/9af39292007ab26331230419d6acd013/win7_ie_10.0.png)https://code.briarproject.org/briar/briar-desktop/-/issues/254Add sha256 hashsums on download page2022-01-27T16:02:13ZSebastianAdd sha256 hashsums on download pageMultiple people asked for checksums on the download page so that they could verify their download hasn't been tampered with.Multiple people asked for checksums on the download page so that they could verify their download hasn't been tampered with.https://code.briarproject.org/briar/briar-desktop/-/issues/56Inform and assist 3rd party maintainers with Briar Desktop2022-01-27T15:26:10ZNicoInform and assist 3rd party maintainers with Briar DesktopThis comment https://code.briarproject.org/briar/briar/-/merge_requests/1376#note_47744 reminded me that there are these awesome people in the Briar community like @lsf that are maintaining packages of Briar GTK in non-Debian distributio...This comment https://code.briarproject.org/briar/briar/-/merge_requests/1376#note_47744 reminded me that there are these awesome people in the Briar community like @lsf that are maintaining packages of Briar GTK in non-Debian distributions. We should inform them once Briar Desktop is mature enough to do first builds and assist them with any problem they encounter.Desktop 0.1.0https://code.briarproject.org/briar/briar/-/issues/1546Support Bluetooth discovery for connecting to contacts2022-01-26T13:50:35ZakwizgranSupport Bluetooth discovery for connecting to contactsOn Android 8+ apps don't have access to the device's own Bluetooth address, so we can't share our address with contacts. When adding contacts we use discovery to work around this (#1147). Users have reported that Bluetooth works when add...On Android 8+ apps don't have access to the device's own Bluetooth address, so we can't share our address with contacts. When adding contacts we use discovery to work around this (#1147). Users have reported that Bluetooth works when adding contacts, but not when subsequently trying to communicate.
Learning our Bluetooth address from contacts would raise some tricky security and privacy issues, such as revealing to existing contacts, by adding a Bluetooth address to our transport properties, that we've just added a contact via Bluetooth.
After adding a contact we could store the contact's address for subsequent connection attempts, but that would only let us connect to contacts who were added via Bluetooth. To let us connect to any nearby contact we need to make the device discoverable and perform discovery.
Making the device temporarily discoverable requires user confirmation each time. Making the device permanently discoverable has privacy implications, and doesn't work on all devices (e.g. the Sony Xperia Tipo). Discovering nearby devices may require a lot of power and may interfere with wifi (#699). BLE discovery uses less power and doesn't require user confirmation, but not all devices can be discovered via BLE (#303).
A possible solution would be to make the device temporarily discoverable, and perform discovery, when the user enables the Bluetooth transport (#185). Then we could provide some way of manually triggering discovery, such as a "nearby contacts" tab with a "scan" button. This would limit the discoverability window, and the battery and interference impact of running discovery, to periods when the user had explicitly shown an interest in connecting to nearby contacts. Confirmation dialogs would only be shown in response to user actions.
This falls short of the goal of effortless connectivity, but it may be the best we can achieve within the constraints of the platform.https://code.briarproject.org/briar/briar/-/issues/1147Support Bluetooth discovery for adding contacts2022-01-26T13:50:35ZakwizgranSupport Bluetooth discovery for adding contactsThe local Bluetooth address is no longer available on the Nexus 5X running Android 8.1. `BluetoothAdapter#getAddress()` returns the fake address 02:00:00:00:00:00, and `Settings.Secure.getString(ctx, "bluetooth_address")` returns null.
...The local Bluetooth address is no longer available on the Nexus 5X running Android 8.1. `BluetoothAdapter#getAddress()` returns the fake address 02:00:00:00:00:00, and `Settings.Secure.getString(ctx, "bluetooth_address")` returns null.
This means we can no longer include our Bluetooth address in the QR code when adding a contact. Instead we'll need to make the device temporarily discoverable, and indicate in the QR code that the contact should use discovery to find us. The contact will need the ACCESS_COARSE_LOCATION permission for discovery.
The contact will need to store our Bluetooth address for future connection attempts. We don't currently have a way for plugins to store local per-contact information, but we can add one.https://code.briarproject.org/briar/briar/-/issues/303Use Bluetooth LE for peer discovery2022-01-26T13:50:35ZakwizgranUse Bluetooth LE for peer discoverySome newer Android devices support Bluetooth LE peripheral mode, which allows them to send beacons advertising their presence. This could be used as a low-energy and privacy-preserving alternative to polling for device pairs that support...Some newer Android devices support Bluetooth LE peripheral mode, which allows them to send beacons advertising their presence. This could be used as a low-energy and privacy-preserving alternative to polling for device pairs that support it.
https://altbeacon.github.io/android-beacon-library/beacon-transmitter-devices.html
Related to #44, #62.https://code.briarproject.org/briar/briar/-/issues/62Reduce information leaked by polling2022-01-26T13:47:24ZakwizgranReduce information leaked by pollingPolling for connections to contacts may reveal the number of contacts and their identities to a local observer. For example, anyone monitoring Bluetooth traffic near a Briar device will see periodic bursts of connection attempts from the...Polling for connections to contacts may reveal the number of contacts and their identities to a local observer. For example, anyone monitoring Bluetooth traffic near a Briar device will see periodic bursts of connection attempts from the device's MAC address to certain other MAC addresses. The observer will learn how many contacts the device has, and if the observer knows who owns any of the other MAC addresses then contact relationships will be revealed.
There are several techniques we can use to reduce information leaks.
1) Poll at random intervals
Instead of polling all contacts at regular intervals, poll each contact at exponentially distributed intervals.
This should reduce the information about contacts leaked to a local observer. The shorter the observation period, the less likely it is that connection attempts to all contacts will be observed.
2) Don't poll unreachable contacts
Plugins should store contextual information to help them decide which contacts may be reachable, and contacts who are unreachable should not be polled. Contacts who are rarely reachable via a given transport may be polled less frequently.
3) Don't poll at all
Polling probably contributes to Briar's battery and bandwidth consumption, and for short-range transports it may not be the most efficient way of connecting to nearby contacts. The user knows when contacts are nearby, and may be able to connect to them more quickly by triggering a scan manually than by waiting for the next poll.
To reduce the amount of information leaked by a manual or automatic scan, the scan should detect nearby contacts and then try to connect to any that are nearby, as opposed to the current approach of trying to connect to all contacts. The rationale for the current approach is that we can't make an Android device permanently discoverable via Bluetooth, and making the device temporarily discoverable requires confirmation from the user each time. But if the scan is triggered manually, user confirmation may be acceptable. It may be possible to make a device permanently discoverable via Bluetooth LE or Wi-Fi Direct, in which case we could scan multiple transports with a single manual trigger.https://code.briarproject.org/briar/briar/-/issues/2258Crash when changing profile picture on Samsung Mini I9195 build e3126f92022-01-25T11:36:44ZIvanaCrash when changing profile picture on Samsung Mini I9195 build e3126f9**Steps to reproduce**
- Within the Briar app go to Settings > Change profile picture
- go to gallery and select a picture you want to use
- Tap on Change (on the popup)
**Expected results**
The picture changes successfully
**Actual...**Steps to reproduce**
- Within the Briar app go to Settings > Change profile picture
- go to gallery and select a picture you want to use
- Tap on Change (on the popup)
**Expected results**
The picture changes successfully
**Actual results**
Briar Crashes.
Reproduced three times in a row. Changing profile pictres also tested on Nokia 3.1 and Pixel 2 - with no issues.[Crash_when_changing_profile_picture_on_Samsung_Mini.txt](/uploads/15a36645c3d4d551c983e6a479836b6f/Crash_when_changing_profile_picture_on_Samsung_Mini.txt)https://code.briarproject.org/briar/briar/-/issues/39Wi-Fi Direct plugin2022-01-21T14:28:52ZakwizgranWi-Fi Direct pluginSome devices running Android 4.0 and later support Wi-Fi Direct, which has a legacy mode that allows older devices to connect to WFD devices. The legacy mode creates an access point on the WFD device, with a random SSID and password that...Some devices running Android 4.0 and later support Wi-Fi Direct, which has a legacy mode that allows older devices to connect to WFD devices. The legacy mode creates an access point on the WFD device, with a random SSID and password that must be communicated to the other device out of band. The other device connects as a client in the usual way. The access point doesn't share the WFD device's internet connection, if any.
This could be useful when devices are in wifi range of each other but there's no wifi network; the SSID and password will have to be synced across some other transport (e.g. Bluetooth). When adding contacts via QR codes, the SSID and password can be included in the QR code.
Get the `WifiP2pManager` system service, call `initialize()`, then call `createGroup()` to create an access point. Call `requestGroupInfo()` to get a `WifiP2pGroup`, then call `getNetworkName()` and `getPassphrase()` and to get the transport properties.
After connecting to the access point, how does the client know the access point's IP address? `WifiP2pGroup.getOwner()` returns a `WifiP2pDevice`, which contains a MAC address but not an IP address.
It seems from this example code that `WifiP2pInfo.groupOwnerAddress.toString()` can be passed as the hostname to `Socket.connect()`:
[http://www.cse.unsw.edu.au/~ezarepour/COMP9336/WiFiDirectActivity.java](https://web.archive.org/web/20140310040212/http://www.cse.unsw.edu.au/~ezarepour/COMP9336/WiFiDirectActivity.java)
Presumably we can put that string in the transport properties with the SSID and password.
We may be able to advertise the access point's current SSID and password (in encrypted and obfuscated form) via WFD service discovery:
* Alice creates a legacy mode AP via `WifiP2pManager.createGroup()`
* The AP has a random SSID and password, which Bob doesn't know
* Alice packs the SSID and password into a `WifiP2pServiceInfo`
* Alice advertises the service via `WifiP2pManager.addLocalService()`
* Bob discovers the service via `WifiP2pManager.addServiceRequest()`
* Bob unpacks the SSID and password and connects to the AP as a legacy
client
However, the Thali developers have run into performance and stability problems with WFD service discovery, so this may not be a viable approach.
https://code.briarproject.org/briar/briar/-/issues/1985Register public mesh research app's signing key and package name with Google ...2022-01-21T14:13:18ZakwizgranRegister public mesh research app's signing key and package name with Google PlayIf we plan to develop a research app as part of #1817, register the package name and app signing key with Google Play before the end of July 2021 so we're not required to let Google manage the signing key.
https://android-developers.goo...If we plan to develop a research app as part of #1817, register the package name and app signing key with Google Play before the end of July 2021 so we're not required to let Google manage the signing key.
https://android-developers.googleblog.com/2020/11/new-android-app-bundle-and-target-api.html
Subtask of #1817.Public mesh researchakwizgranakwizgran2021-07-31https://code.briarproject.org/briar/briar/-/issues/2256Create skeleton app for public mesh experiments2022-01-21T14:12:55ZakwizgranCreate skeleton app for public mesh experimentsSubtask of #1817.Subtask of #1817.Public mesh researchakwizgranakwizgran