Briar: Advantages, Cons, Dangers
Briar is just one of the many new “privacy-oriented” messengers which offers communication via Bluetooth, WiFi, and Tor, a method that’s aimed at eliminating government interference. But is it secure enough and easy enough to use to catch on? This article will draw a line in the sand and discuss how trustworthy and viable for mass use Briar can really be.
Man of the Hour
Briar could serve as a functional communication platform even if the internet is down. It could also be useful in remote areas or cases where the internet may be inaccessible or unsafe due to state intervention. For now, it’s only used for chatting but the creators plan to release a blogging platform based on Briar and a Google Docs-like system for mass document editing.
As the app is open-source, its code has been closely reviewed by several security firms before its initial release. The findings seemed to be quite encouraging, although later audits were advised as well.
The app was used in Hong Kong, during the same protests that I covered in my prior article. It didn’t see widespread use like Telegram but some of the more tight-knit cells among the protesters have relied on it when the government attempted to block their regular means of conversing.
What Makes It Strong
There are several key strengths that have brought Briar into the spotlight among the users most concerned with security. But a few of these strengths could reasonably be seen as weaknesses to those that care more about a good balance of privacy vs convenience.
1. Briar eliminates the danger of metadata spying
The app keeps the user’s contact list on the device only and encrypts it to prevent any chance of access. When you take Briar’s intended user base into consideration, this becomes a crucial point in favor of the messenger.
2. Multiple connection options bring versatility
Not everybody would bother using the Tor connectivity option that Briar brings to the table, making the Bluetooth and WiFi options a saving grace. It’s too early to say whether it’s going to be enough but messengers live and die on features and ease of use. While Bluetooth is likely to surprise newcomers, it’s a chance to breathe life into the technology and take advantage of its unique capabilities.
3. No servers to shut down
This is the key to Briar’s appeal among activists and dissidents: it can’t be shut down by the government as the app is decentralized. Although even centralized but distributed apps seem to be dealing with that issue quite well. Just look at Telegram thriving in Russia and Iran despite the bans from local governments. For Briar, decentralization is more like the creators showing off that you can trust them. No servers to hold information means no chance of the company itself spying on you.
4. Operable even in a blackout
Briar has the edge over regular messengers like WhatsApp and Signal not just due to stronger privacy but because it works as long as your phone is on. No internet connection required, just make sure your contact is in Bluetooth range and you’re good to go. That range isn’t exactly impressive but, if you have enough people running the app, you could pass the message on from one device to another until the encrypted dispatch reaches its goal. Great if you’re in a protest, not so impressive if the power grid goes down and you want to message friends across town.
The Cracks in the Case
Briar certainly has quite a few things tipping the scales in its favor but it’s not all perfect, especially when looking through the lens of global messaging.
1. Audits aren’t a guarantee
Briar did pass several audits from security firms but passing doesn’t mean much in these circumstances. For one, a pass is given when, after a few weeks of analyzing it, the team of security employees don’t manage to break too many safeguards in the app. So a pass could mean that the app is watertight just as much as it could mean that the app made it just barely. Besides, each audit is done for the current iteration, meaning that the next version of Briar that you install could change things considerably.
2. Could alienate the general populace
From the loud manifesto on the app’s official site, talking about adversaries and organizing social movements, to an unavoidable association with the so-called dark web by way of Tor, Briar isn’t trying to stay on the down low. It’s gonna be tough to convince your aunt to use “that dark web app that supports revolutions”.
But if Briar is made specifically for dissidents anyone who has it installed is a suspect. Alternatives like Telegram don’t have that partisan association and, on Telegram, you could just log out to destroy all your secret chats. Nothing to see here, oppressive state, just conversations about Friday night plans.
3. Tough to popularize
In a dream scenario of Briar being the king of messengers, it would be insanely effective. Messages would spread from user to user and across borders even without the internet to help. But right now, with a measly user base and no strong reputation to speak of outside of infosec circles, Briar is running on fumes. It needs people to fuel the app but people won’t use an app that isn’t bringing its full power.
4. Too coy for its own good
You need to go to where your activist friend is. Stand there for a while messaging each other, not too far apart. And you have to give them a sign that you’re there and they need the app to be on and you also have to have previously scanned a QR code on their phone to connect. This kind of description brings up thoughts like “any dissidents doing this would be immediately captured” or, at least, “this seems awfully inefficient”. Much easier to hold a secret chat on Telegram or Signal. Same end-to-end encryption, no need to be in physical proximity, no prior meetups required.
5. Lack of platforms and features
These two are tied as usability issues. For one, Briar isn’t currently on iOS. The dev team is working on a version that’ll be supported by Apple devices, which is complicated by the platform restricting apps’ background actions. But even then there’ll be no chance of push notifications, something that’s essential for timely communication nowadays. And even in terms of UI and basic features like file sharing, Briar is far behind modern messengers like Telegram (which it seems to be copying style-wise). Customization is barebones, file sharing is only in the planning stage, and there’s likely no chance of voice or video calls making it over to this app.
Cloudy with a Chance of Pitfalls
Despite the fact that Briar is one of the most exciting messengers on paper, it’s tough to prophesize it as the new step in the field simply because it’s not likely to make waves outside of the infosec community.
There’s also the problem of Briar being far less effective until it’s popular, which means it has to get popular while operating at a third of its potential. It’s a built-in handicap and it’s not one that’s easy to circumvent. Traditional messengers like Telegram and Signal don’t have such shackles and thus come out on top in the race.
It’s tough to say whether the app could change course to popularity because some of its failings are intended: the barebones UI/UX, the politically charged message, the complicated circumvention and delivery methods. None of these are going to excite much of the general public, which might want to protect their messages and data but aren’t really willing to jump through hoops for it.
