Wow these features really emphasize how Briar is focused on an arab spring situation where the internet access is restricted.
The most common gripe about Briar is that it's not on iOS, but clearly there is nothing like Briar anywhere. Just too bad about the bluetooth thing. I don't see why it should leak your BT ID. That should definitely be an opt-in feature.
Yeah but Briar communicates over Onion routing, good luck finding that in iOS.
The local communications are of course not onion routed, goes without saying. It's a whole little tookit of subversive communication, including some anonymous and some not.
Peer to Peer data transfer via computing devices is something I wish was be more mainstream. It's not, because the commercial cloud storage mafia has invested heavily in telling people that your data has to traverse their toll roads first.
I recently discovered Syncthing Fork which was customizable in a way Google Drive or alternatives were not. And it's entirely P2P, transmitting files between my laptop and my phone, in either direction pretty seamlessly.
I'm now interested in learning about Bluetooth transfer as well as it works without Internet access. I've heard transfer speeds are slow though.
OMG yes, being able to share jpgs, mp3s and even java apps from one phone to another via Irda then Bluetooth felt mind blowing in the early to mid 00's, considering that most people didn't have internet on their phones (2G/3G data plans were eye-watering at the time, hell, even texts were expensive) but their phones had this short range wireless sort-of-WiFi-ish capability on their phones for sending and receiving files from other phones or even desktop computers. For FREE!
I remember I would spend hours after school in Photoshop to turn an image I like into the perfect wallpaper for my phone, tuning the resolution and color gradient until it looked perfect on the phone's low resolution display, and using bluetooth to upload them.
Same with mp3s. Due to the low amount of storage on the early phones amounting to only a few MB, I spent a lot of time experimenting with aggressive compression to make sure I could fit as many songs on my phone as possible. Therefore they sounded pretty bad on the cheapo wired hands-free earphones that came in the box, but I didn't care or didn't bother to notice as I now had my favorite bands always with me in my pocket before MP3 players became affordable and I would just get lost in the lyrics on the bus to school.
On an old Symbian Nokia I had, once you paired it to your PC via Bluetooth, you could send and read SMS texts off it directly from windows just like I can now use Signal/Telegram/Whatsapp desktop clients. I didn't think this would be so mind blowing until I found that Android had no similar functionality built in at the time for SMS on desktop via Bluetooth (and still doesn't AFAIK) which really bummed me out that such a powerful OS with such powerful HW was so lacking in features compared to the dying Symbian.
Another fun anecdote, digging around my parents house this year, I found my ancient 2003 vintage NEC phone which had some VGA photos I took with it of me and my old school mates on it. When I saw that I could pull the photos off it in a pinch to my modern Android phone using Bluetooth, and immediately share them online with my former schoolmates from the photos, it was pretty mind blowing to say the least. Bluetooth gets a lot of hate today for connectivity issues some people face, but seeing it work reliably between vastly different devices almost 20 years apart is an amazing feat in my book and should at least deserve some praise.
Meanwhile, I couldn't change my 2006 phone's wallpaper without paying Verizon to enable the USB connection with a PC. I ended up taking a picture of the wallpaper using the phone, and then setting that image as the wallpaper. It was a 2-inch screen so it didn't look too bad.
Yeah I heard US telecoms were insanely draconic (why were they allowed to act like that though? lobbying?)
In Europe they weren't saints either but they weren't as bad when locking down your phone and mostly just resorted to SIM-lock, instead of locking other features as well.
From what I remember, Verizon did this with dumbphones, which I think ran similar OSes. So if you wanted to change the ringtone, you had to buy it from the crappy e-storefront on the phone. Same for wallpapers, and moving phone pictures to a computer via USB.
In 2008 I picked up a Windows Mobile 6.1 phone (Samsung Blackjack) that didn't have any such restriction. USB worked and it had a microSD slot for me to add in movies and music. I could crop an MP3 and simply transfer it to the Ringtones folder via USB mass storage.
Was there no way to flash it with a less restricted firmware? I remember running Alltel firmware on my Verizon Razr. And I was able to do similar things to the Rizr I got as my next phone.
In some areas of the world, this method seems to have persisted longer. Sahel Sounds released two compilations "Music from Saharan Cellphones" of tracks that they originally discovered on such bluetooth sharing networks: https://sahelsoundscompilations.bandcamp.com/album/music-fro...
(Though I'm pretty sure that they then went back and established traditional contractual relationships with the artists before releasing the compilations).
Man I remember drifting around the internet and finding the blog post about purchasing song .MP3s in a market and transferring them over bluetooth. At the time that seemed like such a cool and unexpected alternate evolution of purchasing songs from itunes.
Also, small java feature phone games! Was always a highlight when someone was "traded" a brand new feature phone game from another school, and it spread through ours within a day.
The Zune actually shared songs via WiFi. Microsoft unfortunately dubbed this feature "squirting" and initially had some silly DRM limits of three plays before the shared song expired. Nonetheless the Zune was an excellent music player.
Syncthing was a godsend when I was in college, but it was surprisingly hard to convince my peers (pun intended) that it was worth using instead of Google Drive/OneDrive. For most of them, the hangup came down to the setup process- the incumbent cloud-based file sync tools are braindead easy to use. Just log in, and boom, there are your files. Syncthing's setup process is clunky by comparison, but more importantly it's a workflow that people aren't really familiar with.
I hadn't heard of Resilio before, but their website makes it seem like a very attractive option.
In fact, their screenshots remind me of the biggest gripe I had with Syncthing back when I was using it daily in college- Syncthing doesn't let you browse a folder without downloading it. By the time I graduated, I had a good 2GB of Verilog crap sitting on my phone, just so that I could work on homework from my phone (of course, you could also blame me for putting Vivado projects in my Documents folder).
> Peer to Peer data transfer via computing devices is something I wish was be more mainstream. It's not, because the commercial cloud storage mafia has invested heavily in telling people that your data has to traverse their toll roads first.
Been in software half my life never heard anyone saying anything like this. It's most of the time easier and more efficient to use cloud storage than to spin up and bootstrap a p2p system. Also, thanks to encryption I don't really care if data hits the cloud.
This is absurd. Try synchronizing a GB of data between two devices in the same room on an ADSL. If they (stupidly) bounce through an external server it might take an hour.
Not to mention if you are on a mobile connection.
Very people on this planet have fast + symmetric + unlimited bandwith available 24/7.
I have seen many concerns of quantum computing and its ability to blow through most of our encryption standards with ease. So that trust in the cloud via encryption will likely soon fade
Prior to all this cloud madness, I used to rely on a WiFi Direct app called HitcherNet and later, Superbeam. But when it came to actually syncing across a network, I've settled on Syncthing.
AFAIK there's still no standardized, non-proprietary, easy, out of the box way to share files between different phones brands/OS and/or PCs using WiFi as Android/Samsung/Apple each do their own thing here.
You have to resort to setting up an ftp server and/or download extra apps on your phone for this, whereas Bluetooth file sharing is standardized and should work out of the box on any phone brand or OS (not sure on iPhones though) and anyone should know how to use it without needing any third party apps.
It can be done using WebRTC with something like snapdrop.net. Still requires both devices being able to connect to their signaling server, but at least it works on every device, doesn't require you to install something, it's peer to peer, and open source.
Sure, but take care as I said "easy, out of the box way" that any user can do, not the way that requires 5 years of sys-admin experience and 3 dev-ops certifications to pull off.
I call it the (grand)parents test. If they can't figure it out on their own then it's not user friendly enough.
Yeah I get what you mean, I didn't actually mean implementing it yourself, but just going to snapdrop.net. That should doable for most people I assume.
And that the wireless network isn't doing client isolation like "free wifi" type networks do. Most of my "oh send me that video" type AirDrop interactions are in places like bars.
I'm pretty sure my parents would have no idea how to setup an ftp service on their phones but they do know how to use Bluetooth.
Plus, non-iOS/Android feature phones don't have ftp support but they do have bluetooth so this cross-compatibility out of the box is another advantage.
And I know how to do things from the command line faster than some people using a GUI, but this elitist way of thinking needs to stop. Consumer devices and their features should be easily accessible to everyone regardless of their tech skills.
That's why Apple is a multi-trillion dollar company. Because people want the easy way. If things require extra apps, extra steps and reading tutorials/instructions to use, you can bet most people will stop right there.
I'm not disagreeing with you, I'm just saying how things work for the masses.
I generally lean more toward “i like that iOS is locked down”, but this offline-app-sharing feature is one of the best arguments I’ve seen against that. That said, either I’d want peer-to-peer-shared apps to be signed by an entity I already highly trust, or that the sandbox containing the app was extremely solid (and preferably both of course).
If both parties have F-Droid installed prior to the internet going away or being censored or whatever, other apps can be shared locally from a single device that has the app, to any other F-Droid user:
Briar is really neat, and I hope it will land on Linux, Mac and Windows. Being able to send messages and files directly to anybody on a local network without any account just rocks.
Briar is actually built on a library called Bramble that can be used for offline-first p2p data syncing. There was recently a good talk by a Briar Dev going deeper into the Bramble protocol: https://nico.dorfbrunnen.eu/posts/2021/diving-at-xmpp/
Safer how? On PC at least, SD card readers, both internal and external are attached via the USB protocol and are seen by the OS like mass storage devices, just like USB drives, including being bootable, so whatever malware you have for a specific PC target, the payload should basically work the same from SD cards as via USB drives.
An SD card in a card slot can only be accessed as a mass storage device.
A USB drive can act as a mass storage device as well as a keyboard and mouse and even contain an entire OS on it that could be remotely accessible via WiFi.
fwiw, it is most definitely possible to build an sd card that can exfiltrate its own data over wifi. in fact, that was the entire point of the Eye-Fi[0] product (though not with any nefarious intent).
though granted that's still a way smaller attack surface than what would be typically granted to a usb device.
I had forgotten entirely about Eye-Fi. Excellent point!
When it comes to physical access, especially with shared physical devices, there's always going to be some type of attack vector, however small it may be.
SDIO would suggest otherwise, though I have no idea if Android supports it, and what drivers would hypothetically be required. Niche, but might be possible.
Still, it's probably much easier for an USB drive to actually pack malicious hardware in addition to software, like sensors (e.g., microphones) or an USB killer:
A USB drive can operate fully within the USB spec, implementing a USB hub and USB keyboard, and enter malicious code.
The SD interface does not implement a similar spec, so this somewhat safer. The bad news most PC card readers are based on USB, so a targeted attack (which is probably in scope for Briar's customers) may still be possible - you could attack the firmware of the card reader, as described in [1] by Adam Caudill of BadUSB fame. Without breaking that firmware, however, you can't connect USB network->Card reader->USB hub, and you also probably can't connect SDIO/SPI network->SDIO-based-card-reader->USB hub.
There's also the possibility that the card itself can run untrusted code. Just like a USB drive, an SD card typically contains a small 8051 [2] or ARM [3] microcontroller. Running a compromised controller would give the attacker access to all the data that's ever sent to the SD card, but one would hope that Briar does not cache unencrypted data to the uSD card which the user is expected to write to an physically pass to a potential adversary.
Also, be aware of products like the Toshiba FlashAir Wifi SD card, which implement a wireless adapter in an SD card form factor. Replacing the label would be trivial, and it could broadcast or connect to a hidden wifi network without your knowledge. But again, one would hope that Briar does not cache unencrypted data to the SD card where it could, with one of these cards, be exfiltrated wirelessly. I think this capability is only available as an SD card or an obvious uSD-to-protruding-SD-card adapter form factor, not as a microSD card which would typically be used in a mobile device.
Of course, there's still the possibility that the host OS does something stupid, like autorun an executable on the external media...but that's more of a badly configured Windows PC problem, I expect that modern mobile devices do not do that.
This sounds like a hobby project. Except Sudan has had its internet cut for 2 weeks. A widely used mesh network app would really change the balance of power between the people and the military coup.
These sorts of things inevitably are hobby projects... until they're not. The people making them are usually quite far-sighted about scenarios they might be used in, but these scenarios are generally not relevant day-to-day for most people. That would be a real breakthrough - make a system like this that is useful enough to get mass adoption in 'normal' times, but can continue working in disaster/coup/war type situations.
What I'd like to have is easy offline media files sharing across as many phone models as possible. Basically a free open-source alternative to ShareIt. Why it doesn't exist yet? Does ShareIt use some hidden and/or proprietary APIs?
if "on the local lan" is offline enough for you, take a look at kde connect, connects all your devices with file transfer, cross-device copy'n'paste etc.
By "offline" I mean not using any external infrastructure at all. Use Wi-Fi/bluetooth/whatever both devices are capable of and set it up as needed. I want to walk up to a person anywhere and share photos/videos I've just made with them.
Scuttlebutt works over wifi, tor, internet, sneakernets, etc. There is an android client called Manyverse; a desktop app, a cli client, libraries in Python, Java, NodeJS...
iPhone makes much of these concepts either impossible or extremely difficult.
Namely, things cannot operate easily as a background service. Forcing the user to jump though many hoops to make it work. And since it is not an apple service. There is a single button "reset settings" that breaks all the users changes for these apps.
On one hand it is generally more secure for iPhone users, on the other hand it greatly inhibits some types of innovation.
Yes I wouldn't touch it because even though I'm not into Apple and its ecosystem I do communicate with Apple users and I'd expect activists would want to too.
I've asked because the mac of your Bluetooth is linked to your device and therefore traceable to the user, don't you agree?
and then, for what reason should I share the BT address with a remote contact that i will never see IRL?
If you won't ever see them... keep in mind you're posting in a thread titled "Briar 1.4 - Offline sharing". It's meant to be used offline and you're broadcasting your MAC address where-ever you go anyway. Doesn't mean others should track it (I had some interesting experiences with my WiFi MAC ending up in some tracking database), but it's not for a lack of ability.
you can also add contacts remotely, you need to exchange your briar links on a different channel. It's safe to post your link publicly. Only if both parties add each other's links within the app, you will be able to communicate. Post you own link here and add mine: briar://aagcagf7vews5wtz4kpzzy76vpv2r65mlwqlm6a627tvr6bkf75em
The most common gripe about Briar is that it's not on iOS, but clearly there is nothing like Briar anywhere. Just too bad about the bluetooth thing. I don't see why it should leak your BT ID. That should definitely be an opt-in feature.