Both: Use Bluetooth

Briar: Uses Tor, you don’t reveal your IP address to the people you talk to.

Berty: Uses both IPFS and P2P, so you reveal your IP to anyone you talk to.

Discussion: Berty looks to have a larger developer community and funding, had iOS and Android apps.

Berty, if someone could monitor your traffic they could see who you talk with, even if the messages are encrypted your social graph would be available.

Do you see Berty replacing session (where people don’t trust each other)? Can Berty survive without central servers, or if IPFS does?

I know Briar will always work, no central control at all.

  • jet@hackertalks.comOP
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I should mention session in this discussion, but I think their oxen network is so unique It basically counts as centrally controlled.

    Plus session doesn’t have Perfect Forward Secrecy. Not sure of Berty does either.

    • AHEHE@unilem.org
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      It’s worth noting on session brute force is less of a concern than usual with a 2^128 value, but your point stands it wasn’t a great decision.

      • jet@hackertalks.comOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I think the main issue with perfect for secrecy is not brute forcing the code. It’s eventually one of your computers is going to get compromised. And then they’ll have a key to unlock all the messages historically. That’s not great

        • AHEHE@unilem.org
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Well said and even if you delete history daily there’s no way to know for sure it’s being removed from servers at the same interval.

  • bri@lemmygrad.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Could you give a little more background for someone who’s not familiar with either, please?

      • jet@hackertalks.comOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Those links are correct, sorry for not providing enough context.

        The general theme of Briar and Berty that is different then Signal and Telegram is distributed, no central control, no central point that can be killed. So they are designed to be resilient to bad actors. Both programs provide mesh networking, so messages can pass from person to person even without internet (like at a protest, or in a disaster scenario).

        Briar is older and more “mature”, but very rough around the edges, and only has a android application (no progressive web app here).

        Berty is newer, prettier, but uses a different architecture entirely.

        There are tradeoffs of using Tor as the main internet backchannel vs IPFS/Peer to peer.

        Berty will tell the person your talking to your IP address, so its not anonymous. Which is fine if you know the person, but it does mean anyone observing the network knows who and when you talk to someone.

        Briar uses Tor so its much harder to discover, and because of that your IP address isn’t known by the person your talking to.

        Consider session (which uses the Oxen network, kinda like Tor, but crypto based), its a fork of Signal but they gave up Perfect Forward Secrecy (a hard requirement IMHO for security, otherwise if your key is ever leaked, all your recorded messages can be read… you have to assume you will be compromised at some point, and reduce the potential area of exposure). In Session since its all cryto-onion network you never know the IP address of the person your talking to.

    • jet@hackertalks.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’m excited for both applications. I would love for Bernie to get some nice audits. To prove how reliable it is in a security context. But any activity in the space is welcome. I still donate to briar