briar issueshttps://code.briarproject.org/groups/briar/-/issues2021-11-24T17:04:00Zhttps://code.briarproject.org/briar/briar/-/issues/1003RSS feeds served by Cloudflare fail to import due to captcha page2021-11-24T17:04:00ZakwizgranRSS feeds served by Cloudflare fail to import due to captcha pageA user reported that the following feed fails to import: https://blog.fefe.de/rss.xml
A quick test confirms that there's no error message, but no posts appear. The RSS feed appears in the list of feeds, with the expected title. Maybe th...A user reported that the following feed fails to import: https://blog.fefe.de/rss.xml
A quick test confirms that there's no error message, but no posts appear. The RSS feed appears in the list of feeds, with the expected title. Maybe there's an issue with parsing the feed? The items have no dates.
(Note: The issue of feeds without dates has been moved to #1708.)https://code.briarproject.org/briar/briar/-/issues/1000Testers had to pair phones via Bluetooth to add each other as contacts2020-11-15T10:50:05ZakwizgranTesters had to pair phones via Bluetooth to add each other as contacts* User feedback: "Took us some time to figure out that we have to first pair our phones via Bluetooth before trying to add a contact."
* Android version: 7.1.2
* Briar version: 0.16.2* User feedback: "Took us some time to figure out that we have to first pair our phones via Bluetooth before trying to add a contact."
* Android version: 7.1.2
* Briar version: 0.16.2https://code.briarproject.org/briar/briar/-/issues/996Feedback to the "Blog" function2022-11-18T17:24:07ZHenrie SchmidtFeedback to the "Blog" functionHey developers!
Thx for your great work! I really love Briar!
I tested the Blog function of Briar and want to give you some feedback (from my point of view).
Is it possible to group the blog entries in some way? E.g. username -> blog e...Hey developers!
Thx for your great work! I really love Briar!
I tested the Blog function of Briar and want to give you some feedback (from my point of view).
Is it possible to group the blog entries in some way? E.g. username -> blog entry -> comments? The current implementation, where I can see all entries of all my contacts in chronological order is in my opinion really confusing. Also the fact that each blog entry is repeated with each comment is too much.
I really would appreciate that I can see a list of my contacts, click on one contact and see a list of blog entries from this contact, click on a blog entry and can read the contents and the comments.
If you have a lot of contacts with lot of blog entries and lot of comments, the phone is constantly notifiying about new entries. I think this will be eventually really tedious.
Best regards
Jenshttps://code.briarproject.org/briar/briar/-/issues/984Show how messages were transported2020-11-19T14:55:03ZDale RuaneShow how messages were transportedIt would be pretty cool if you could click on a received or sent message and see over which medium it was sent.It would be pretty cool if you could click on a received or sent message and see over which medium it was sent.https://code.briarproject.org/briar/briar/-/issues/981Add settings to mute/disable notifications for specific groups/forums/blogs/c...2020-11-19T14:59:56ZJulian DehmAdd settings to mute/disable notifications for specific groups/forums/blogs/contactsLarge groups for example can be annoying because a lot of messages arrive at any time of the day. There should be an option to disable notifications for specific groups/.../....
related: #330Large groups for example can be annoying because a lot of messages arrive at any time of the day. There should be an option to disable notifications for specific groups/.../....
related: #330https://code.briarproject.org/briar/briar/-/issues/922Emoji in forum and group names2020-11-19T15:24:18ZakwizgranEmoji in forum and group namesA tester asked to be able to use emoji in forum and group names. (This is possible with an emoji keyboard, but not otherwise.)A tester asked to be able to use emoji in forum and group names. (This is possible with an emoji keyboard, but not otherwise.)https://code.briarproject.org/briar/briar/-/issues/880Forum topics2020-11-19T15:54:25ZakwizgranForum topicsThis is a suggestion for a different way to organise forum threads.
Each top-level post starts a new topic. The author picks a subject line for the topic. Descendents of the post that started the topic don't have subject lines of their ...This is a suggestion for a different way to organise forum threads.
Each top-level post starts a new topic. The author picks a subject line for the topic. Descendents of the post that started the topic don't have subject lines of their own.
Within each forum, we show a list of topics. These can be sorted by recent activity, so inactive topics fall to the bottom. Subject lines provide a summary of the topics currently being discussed. The user can open an existing topic or start a new topic. Within each topic we show a threaded view like the one we currently use for the forum as a whole.
The aim is to allow parallel conversations to happen within a single forum, while making it easy to navigate between different conversations or focus on the most interesting ones. Subject lines make it easy to collapse inactive conversations down to a summary.
The main disadvantage is adding another level of navigation. The distinction between the forum list and the topic list might not be clear.https://code.briarproject.org/briar/briar/-/issues/878Let contacts know that we've removed them2020-11-19T15:54:55ZakwizgranLet contacts know that we've removed themCurrently we don't tell contacts that we've removed them - we just stop connecting to them and close any connections they make to us, since we no longer recognise the tags.
The main advantage of the current approach is that we can remov...Currently we don't tell contacts that we've removed them - we just stop connecting to them and close any connections they make to us, since we no longer recognise the tags.
The main advantage of the current approach is that we can remove contacts tactfully: the contact can't necessarily tell whether we removed her or whether we just haven't signed in recently. However, if the contact sees us posting to forums, blogs or private groups, she may be able to tell that we've removed her. A second advantage is that we can immediately delete all state relating to the contact. Removing all *identifiable* state is important - it's the equivalent of forward secrecy for the social graph. But removing *all* state is just convenient.
The main disadvantage of the current approach is that the contact wastes battery and bandwidth trying to connect to us indefinitely. Depending on the transport this may expose metadata (#62). These problems will get worse over time as users accumulate defunct contacts.https://code.briarproject.org/briar/briar/-/issues/815When Bluetooth can not be enabled QRCode loads forever2020-11-21T12:45:30ZTorsten GroteWhen Bluetooth can not be enabled QRCode loads foreverMy Sony Xperia Pro test phone seems to have an issue with Bluetooth at the moment. It is in a semi active state, but not really enabled. When trying to add contacts (which should work fine over WiFi), the QRcode loads forever without eve...My Sony Xperia Pro test phone seems to have an issue with Bluetooth at the moment. It is in a semi active state, but not really enabled. When trying to add contacts (which should work fine over WiFi), the QRcode loads forever without ever failing or showing up.https://code.briarproject.org/briar/briar/-/issues/717Up navigation2020-11-21T16:38:01ZakwizgranUp navigationWe're currently treating the "up" action in the action bar as equivalent to the "back" action. Instead it should navigate to the current activity's parent.
https://developer.android.com/training/implementing-navigation/ancestral.htmlWe're currently treating the "up" action in the action bar as equivalent to the "back" action. Instead it should navigate to the current activity's parent.
https://developer.android.com/training/implementing-navigation/ancestral.htmlhttps://code.briarproject.org/briar/briar/-/issues/706Migrate crypto to libsodium2020-11-21T16:39:44ZakwizgranMigrate crypto to libsodiumUsing libsodium via JNI would give us constant-time implementations of Curve25519 and Ed25519 (see #236) and a fast implementation of Argon2 (see #170). Our crypto_secretbox implementation could be replaced, and we could use crypto_box i...Using libsodium via JNI would give us constant-time implementations of Curve25519 and Ed25519 (see #236) and a fast implementation of Argon2 (see #170). Our crypto_secretbox implementation could be replaced, and we could use crypto_box instead of ECIES for crash reports and feedback. BLAKE2s would remain in Java (libsodium only has BLAKE2b). If we replaced the Fortuna generator with libsodium's RNG, we could get rid of Bouncy Castle.
https://github.com/joshjdevl/libsodium-jnihttps://code.briarproject.org/briar/briar/-/issues/590Option to save the password2023-09-01T12:43:31ZligiOption to save the passwordadd a setting to store the password with the hint to the user that this makes things less secure
**Motivation**
this will help developers when developing the app because it reduces the time they have to enter the password
could also he...add a setting to store the password with the hint to the user that this makes things less secure
**Motivation**
this will help developers when developing the app because it reduces the time they have to enter the password
could also help adoption as a users might get frustrated having to enter a password often. There are some use cases where this additional attack-vector does not really matter and could be traded for convenience. Ideally this setting is exposed to the contacts so they know.
this is a follow up from a discussion in #587https://code.briarproject.org/briar/briar/-/issues/513Verify unverified contacts2023-02-07T08:56:41ZakwizgranVerify unverified contactsContacts who are added via introductions (or via long-distance transports, if we decide to support that) are considered "unverified" due to the possibility of a man-in-the-middle attack against the key exchange protocol. Contacts who are...Contacts who are added via introductions (or via long-distance transports, if we decide to support that) are considered "unverified" due to the possibility of a man-in-the-middle attack against the key exchange protocol. Contacts who are added face-to-face are considered "verified".
Design and implement a protocol and UI for verifying the identity of a previously unverified contact when the user meets the contact face-to-face.https://code.briarproject.org/briar/briar/-/issues/288QR RuntimeException: Fail to connect to camera service2020-11-21T19:26:39ZTorsten GroteQR RuntimeException: Fail to connect to camera serviceToday, for the first time, I am unable to add contacts with two devices. One device just doesn't want to focus on the QR code. I am still trying to get it to work (because I need to test something else) and then managed to crash Briar:
...Today, for the first time, I am unable to add contacts with two devices. One device just doesn't want to focus on the QR code. I am still trying to get it to work (because I need to test something else) and then managed to crash Briar:
```
04-06 17:48:10.855 W/ShowQrCodeFragment: Error opening camera
java.lang.RuntimeException: Fail to connect to camera service
at android.hardware.Camera.native_setup(Native Method)
at android.hardware.Camera.<init>(Camera.java:323)
at android.hardware.Camera.open(Camera.java:298)
at org.briarproject.android.keyagreement.ShowQrCodeFragment$3.doInBackground(ShowQrCodeFragment.java:212)
at org.briarproject.android.keyagreement.ShowQrCodeFragment$3.doInBackground(ShowQrCodeFragment.java:196)
at android.os.AsyncTask$2.call(AsyncTask.java:287)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
at java.util.concurrent.FutureTask.run(FutureTask.java:137)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
at java.lang.Thread.run(Thread.java:856)
```
IMHO this error should be handled more graceful.https://code.briarproject.org/briar/briar/-/issues/93Conversation backgrounds2020-11-21T19:57:08ZakwizgranConversation backgroundsUsers asked for the ability to change the background colour of a conversation or set a background image.Users asked for the ability to change the background colour of a conversation or set a background image.https://code.briarproject.org/briar/briar/-/issues/84Notifications for new messages while signed out2020-11-21T20:02:31ZakwizgranNotifications for new messages while signed outA user asked for notifications to be shown when messages or forums posts are received while the user is signed out.
We can't do this with the current architecture, but this ticket exists to document the demand for the feature.A user asked for notifications to be shown when messages or forums posts are received while the user is signed out.
We can't do this with the current architecture, but this ticket exists to document the demand for the feature.https://code.briarproject.org/briar/briar/-/issues/59Traffic analysis prevention layer2022-11-01T14:51:18ZakwizgranTraffic analysis prevention layerThe traffic analysis prevention (TAP) layer is responsible for preventing an observer from determining the volume and timing of data carried by a BTP stream.
What should the interfaces between BTP, TAP and the transport plugin look like...The traffic analysis prevention (TAP) layer is responsible for preventing an observer from determining the volume and timing of data carried by a BTP stream.
What should the interfaces between BTP, TAP and the transport plugin look like? Does the plugin need to be able to ask for a specific stream length, other than setting an upper bound? Are there any transports for which sending data as quickly as possible is preferable (from a TAP point of view) to sending it at a limited rate?
The TAP layer could adjust the transmission rate, increasing it if there's data waiting and decreasing it if not. What could the adversary learn by observing changes in the transmission rate and/or manipulating congestion?
Padding could be handled at the BTP layer by choosing a padding multiplier for each stream. The TAP layer would then sit between BTP and the transport and handle chopping and delaying the stream -- that is, segmenting the encrypted, padded stream according to some segment size distribution, and writing segments to the transport according to some inter-segment delay distribution.
The padding, size and delay distributions can be used to produce a characteristic traffic 'shape' for each device or pair of devices:
http://www.cs.kau.se/philwint/pdf/wpes2013.pdf
We can conceal traffic bursts by throttling the output of the TAP layer so that bursts are smoothed out. However, we should make good use of intermittently available transports -- if we send too slowly, the transport connection may be lost before we finish.https://code.briarproject.org/briar/briar/-/issues/45Reduce mobile data consumption2021-12-13T14:17:30ZakwizgranReduce mobile data consumptionBriar uses a lot of bandwidth considering the small amount of data it transfers. The most likely culprit is the Tor plugin, which maintains circuits to several introduction points and regularly tries to build circuits to contacts' introd...Briar uses a lot of bandwidth considering the small amount of data it transfers. The most likely culprit is the Tor plugin, which maintains circuits to several introduction points and regularly tries to build circuits to contacts' introduction points. Can we reduce the amount of bandwidth it uses?
~~Ricochet has a nice solution to this: each time we (re)connect to Tor, try to connect to our peers, and while we remain connected, expect them to connect to us rather than vice versa.~~
~~https://github.com/ricochet-im/ricochet/issues/68~~
~~There may be a race condition, however, if our hidden service doesn't become reachable until after we've polled our contacts' services. Can we poll our own hidden service to check its reachability?~~
~~Another possible culprit is the LAN plugin, which will bind to an interface with a non-local address if no local address is available. This is meant to enable the plugin to work on internal networks that use non-local addresses, such as UCL -- but it may also lead to observable connections across the WAN, so perhaps we should change it.~~https://code.briarproject.org/briar/briar/-/issues/44Reduce battery consumption2022-11-02T18:28:35ZakwizgranReduce battery consumptionSeveral users reported that Briar used an excessive amount of battery power. They identified it as the single most important issue that would prevent them from regularly using the app.
Polling for connections to contacts is probably the...Several users reported that Briar used an excessive amount of battery power. They identified it as the single most important issue that would prevent them from regularly using the app.
Polling for connections to contacts is probably the biggest single factor here.https://code.briarproject.org/briar/briar/-/issues/39Wi-Fi Direct plugin2022-01-21T14:28:52ZakwizgranWi-Fi Direct pluginSome devices running Android 4.0 and later support Wi-Fi Direct, which has a legacy mode that allows older devices to connect to WFD devices. The legacy mode creates an access point on the WFD device, with a random SSID and password that...Some devices running Android 4.0 and later support Wi-Fi Direct, which has a legacy mode that allows older devices to connect to WFD devices. The legacy mode creates an access point on the WFD device, with a random SSID and password that must be communicated to the other device out of band. The other device connects as a client in the usual way. The access point doesn't share the WFD device's internet connection, if any.
This could be useful when devices are in wifi range of each other but there's no wifi network; the SSID and password will have to be synced across some other transport (e.g. Bluetooth). When adding contacts via QR codes, the SSID and password can be included in the QR code.
Get the `WifiP2pManager` system service, call `initialize()`, then call `createGroup()` to create an access point. Call `requestGroupInfo()` to get a `WifiP2pGroup`, then call `getNetworkName()` and `getPassphrase()` and to get the transport properties.
After connecting to the access point, how does the client know the access point's IP address? `WifiP2pGroup.getOwner()` returns a `WifiP2pDevice`, which contains a MAC address but not an IP address.
It seems from this example code that `WifiP2pInfo.groupOwnerAddress.toString()` can be passed as the hostname to `Socket.connect()`:
[http://www.cse.unsw.edu.au/~ezarepour/COMP9336/WiFiDirectActivity.java](https://web.archive.org/web/20140310040212/http://www.cse.unsw.edu.au/~ezarepour/COMP9336/WiFiDirectActivity.java)
Presumably we can put that string in the transport properties with the SSID and password.
We may be able to advertise the access point's current SSID and password (in encrypted and obfuscated form) via WFD service discovery:
* Alice creates a legacy mode AP via `WifiP2pManager.createGroup()`
* The AP has a random SSID and password, which Bob doesn't know
* Alice packs the SSID and password into a `WifiP2pServiceInfo`
* Alice advertises the service via `WifiP2pManager.addLocalService()`
* Bob discovers the service via `WifiP2pManager.addServiceRequest()`
* Bob unpacks the SSID and password and connects to the AP as a legacy
client
However, the Thali developers have run into performance and stability problems with WFD service discovery, so this may not be a viable approach.