Both: Use Bluetooth
Briar: Uses Tor, you don’t reveal your IP address to the people you talk to.
Berty: Uses both IPFS and P2P, so you reveal your IP to anyone you talk to.
Discussion: Berty looks to have a larger developer community and funding, had iOS and Android apps.
Berty, if someone could monitor your traffic they could see who you talk with, even if the messages are encrypted your social graph would be available.
Do you see Berty replacing session (where people don’t trust each other)? Can Berty survive without central servers, or if IPFS does?
I know Briar will always work, no central control at all.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.45K Posts
- 57.9K Comments
- Modlog
SimpleX
Berty isn’t as well proven. If your looking for the most private and secure solution go with briar
I’m excited for both applications. I would love for Bernie to get some nice audits. To prove how reliable it is in a security context. But any activity in the space is welcome. I still donate to briar
Could you give a little more background for someone who’s not familiar with either, please?
I was unfamiliar with those projects too. It seems that these are the private messaging apps: Berty Briar
Those links are correct, sorry for not providing enough context.
The general theme of Briar and Berty that is different then Signal and Telegram is distributed, no central control, no central point that can be killed. So they are designed to be resilient to bad actors. Both programs provide mesh networking, so messages can pass from person to person even without internet (like at a protest, or in a disaster scenario).
Briar is older and more “mature”, but very rough around the edges, and only has a android application (no progressive web app here).
Berty is newer, prettier, but uses a different architecture entirely.
There are tradeoffs of using Tor as the main internet backchannel vs IPFS/Peer to peer.
Berty will tell the person your talking to your IP address, so its not anonymous. Which is fine if you know the person, but it does mean anyone observing the network knows who and when you talk to someone.
Briar uses Tor so its much harder to discover, and because of that your IP address isn’t known by the person your talking to.
Consider session (which uses the Oxen network, kinda like Tor, but crypto based), its a fork of Signal but they gave up Perfect Forward Secrecy (a hard requirement IMHO for security, otherwise if your key is ever leaked, all your recorded messages can be read… you have to assume you will be compromised at some point, and reduce the potential area of exposure). In Session since its all cryto-onion network you never know the IP address of the person your talking to.
I should mention session in this discussion, but I think their oxen network is so unique It basically counts as centrally controlled.
Plus session doesn’t have Perfect Forward Secrecy. Not sure of Berty does either.
It’s worth noting on session brute force is less of a concern than usual with a 2^128 value, but your point stands it wasn’t a great decision.
I think the main issue with perfect for secrecy is not brute forcing the code. It’s eventually one of your computers is going to get compromised. And then they’ll have a key to unlock all the messages historically. That’s not great
Well said and even if you delete history daily there’s no way to know for sure it’s being removed from servers at the same interval.