Both: Use Bluetooth

Briar: Uses Tor, you don’t reveal your IP address to the people you talk to.

Berty: Uses both IPFS and P2P, so you reveal your IP to anyone you talk to.

Discussion: Berty looks to have a larger developer community and funding, had iOS and Android apps.

Berty, if someone could monitor your traffic they could see who you talk with, even if the messages are encrypted your social graph would be available.

Do you see Berty replacing session (where people don’t trust each other)? Can Berty survive without central servers, or if IPFS does?

I know Briar will always work, no central control at all.

  • bzxt
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I was unfamiliar with those projects too. It seems that these are the private messaging apps: Berty Briar

    • jet@hackertalks.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Those links are correct, sorry for not providing enough context.

      The general theme of Briar and Berty that is different then Signal and Telegram is distributed, no central control, no central point that can be killed. So they are designed to be resilient to bad actors. Both programs provide mesh networking, so messages can pass from person to person even without internet (like at a protest, or in a disaster scenario).

      Briar is older and more “mature”, but very rough around the edges, and only has a android application (no progressive web app here).

      Berty is newer, prettier, but uses a different architecture entirely.

      There are tradeoffs of using Tor as the main internet backchannel vs IPFS/Peer to peer.

      Berty will tell the person your talking to your IP address, so its not anonymous. Which is fine if you know the person, but it does mean anyone observing the network knows who and when you talk to someone.

      Briar uses Tor so its much harder to discover, and because of that your IP address isn’t known by the person your talking to.

      Consider session (which uses the Oxen network, kinda like Tor, but crypto based), its a fork of Signal but they gave up Perfect Forward Secrecy (a hard requirement IMHO for security, otherwise if your key is ever leaked, all your recorded messages can be read… you have to assume you will be compromised at some point, and reduce the potential area of exposure). In Session since its all cryto-onion network you never know the IP address of the person your talking to.