 Yeah, we're here to listen again One of the big problems of today is how to communicate where I'd All of those gumshoe people sniffing up behind you including picking up your meter data from the commercial side of Whatever the system is and This is another try far right if I rightly informed this is Problem is with most of the stuff you still You're either have to be linked to some GSM number or you have to have a wifey around you need some IP connection Obviously people have been thinking about that and This is Thorsten this full name is Thorsten Grote Excuse me. I'm pronouncing it the German way and He's part of the Briar team since two years He's originally from Germany. He's a free software activist and Programmer and he's lives in Brazil Envy Where's your tan by the way Okay, so let's have a big hand for Thorsten Gote who's gonna present briar to you Thank you very much all for coming here today for taking time out of your busy Congress schedule. I hope you had a great Congress so far and Thanks for coming to hear about briar. So let's get right into it What is briar? Essentially briar is a communication tool you could say it is been developed being developed since 2012 so quite some time and Some of you might be thinking now Yet another messenger like don't we have too many of those already and I totally agree like Like who of you have at least five messengers on your phone that you use to connect to people Yeah, it's crazy like yeah, I think it's a third of the audience who has that so I Can only recommend everybody don't build yet another secure messenger unless it's substantially different from all the others that we have so far and To motivate a little bit why we need yet another one Let's look at some of the threats that people who use messengers are facing Yes before we got into this sorry, I forgot this slide Briar is focused on security and Resilience and I think especially this resilience part is something new and we hear in the resilience track of the chaos communications Congress So this will be important as well So now back to the threats we are facing when we use communication over the internet the classical one is eavesdropping like they read our messages, but we want confidentiality and if dropping has been largely solved by end-to-end encryption Essentially means at the source of the communication the messages encrypted and at the destination it is decrypted and nobody in between Not even any servers on the way can read the content. That's great. And there have been some awesome advances in the last year May that made end-to-end encryption usable for everybody So you don't see any keys anymore. You don't need to sign anything. It just works It gets out of your way and this is the way it should be the only problem of end-to-end encryption is that it still needs more adoption and I'm especially looking at you. Hello Facebook messenger and telegram Where end-to-end encryption is available, but not activated by default And that's something that I hope will change in the future as well Next problem metadata You're here at the Congress. You probably know all about it. So I will be brief Metadata is data that is not the content itself But everything else like at the time of your communication who you are communicating with and how much and that is Almost all that your adversaries need to know about you because it tells a lot and you can deduce a lot of information from it and This problem has been largely ignored unfortunately There is just a few projects to try to address that but it's a very important one And if you don't believe me that it's important, maybe you will believe this guy We have no audio Go back We kill people based on metadata But that's not what we do with this metadata thankfully Wow, I was working up a sweat there for a second So for those who might not have understood it He said we kill people based on metadata alone and he was talking about these two kinds of metadata He was talking about phone records mostly and domestic ones and foreign ones So he's basically promising. Oh, we don't kill the Americans based on the meta just everybody else So these phone records especially when it comes to messengers are a nice selector and They are all centrally stored and your entire address book is uploaded to two people servers And then the servers know all of the metadata that's going on and it's a juicy target for an attack Like if you compromise this kind of infrastructure, you know, you have all the metadata of all the people communicating for the service But also timing attacks are quite easy So using phone numbers is maybe not the best idea But apart from eavesdropping and metadata There is also censorship and service blocking So basically they block our stuff and we want to have it accessible This is just one example here from China Where it happens from time to time and of course I know we can usually circumvent stuff like there are tools But this is for a technical elite and this is not for the big masses that can just easily circumvent these blockings and censorship And it happens all over the world. I don't know how much you're following this This happens in Turkey in Brazil the courts are very happy to block what's that once in a while even though it's used by almost everybody for for lots of important things and That sucks like it shouldn't be possible right This is even worse Like even in industrial countries like Germany or the United States politicians are seriously discussing to Turn off the internet completely And this is really bad like they They turn off they pull the plug and we lose all access and that can happen, but Thankfully, I think politicians understood that we rely economically a lot on the internet So turning it off is is also a bad idea for other reasons But in many countries like Cameroon for example where they have this bring back our internet campaign It's still a suppression instrument by the governments because the reliance on internet is still relatively small So so people don't start the revolution then the internet goes down In India they have been 69 total shutdowns since 2010 in various provinces mostly in the north and There's many other examples, but I won't show you all of them So this is when the government is pulling the plug and disconnecting us all But it could also happen that there is a natural catastrophe Infrastructure breaks down. Maybe there's not even electricity The uplinks don't work anymore and we are in a big mess and still need to coordinate help You still need to communicate. You still need to find people another likely scenario that could happen where Internet won't be available is The zombie a couple of us So if your tool doesn't work while there's a zombie a couple of us happening then maybe your tool is not as good after all So now let's look a little bit more detailed into briar and how briar is Attempting to address these issues. It's just It's still work in progress. It's it's you could see it as a research approach of addressing these problems and The the main difference is That briar is not using a server To relay all People's communication And this is how all of these messages you have on your phone work There is a central server infrastructure whenever you send a message it goes through there and they know Who you are and who you talk to and If you cannot reach the server you're out of luck you cannot send anything so that's why briar removes the server out of the equation and Connects people directly peer to peer So the great thing about this is when you don't need to reach a server anymore Then you can use what you already have in your pocket anyway to make connections to people and in our case with our smartphones today This is the Bluetooth radio and the Wi-Fi antenna you have in your phone so people Can find each other through Bluetooth people can find each other in local lands in white and Wi-Fi networks and then they can directly make connections and This is only good for short range unfortunately because our phones are designed like that But it still is good if you live in a densely populated area where a lot of people and the social network is strong So there the short range doesn't matter so much But briar has been made in a way that the way that data can be transported Through whatever means like as long as you have like a simplex or a duplex Data stream you can send you're fine At the moment we don't have these but you could easily imagine to write just a plug-in to put it into briar and then you can enhance your phone with one of these like you can have a satellite uplink or If somebody knows hem radio you can use this with your phone as well over other devices and Extend the range and then communicate over longer distances and Yes You can even use carrier pigeons. It's only partly a joke So sneaker networks just put your data on on the flash drive Detach it to a carrier pigeon put it in the mail send it to your friends They put it in and they receive the messages and to end encrypted of course so Like I said we use end-to-end encryption with this authenticated stream cipher there with 256 bit keys We support forward secrecy as well of course, but there's a catch Since data can be transported also through carrier pigeons or whatever means you come up with There can be long delays for messages to arrive. So you cannot roll keys forward so so frequently So each transport has a key rotation period that it uses to establish forward secrecy and When we have transports that have like a very low latency, we can also use ratcheting But this is still something we need to implement unfortunately So but but when you use this kind of encryption use somehow need to Exchange a shared secret that you used to encrypt your messages and Briar does this By forcing you to actually meet with the person you want to talk to and We do this because this is the only way we know of That you can use to prevent men in the middle attacks like enter any crypt is great But if you have a man in the middle and you don't know it like enter and encryption doesn't help you That's why the the other existing messages like signal or WhatsApp allow you to verify the safety numbers after adding people like Briar puts this first There's there is one thing though because people don't like to meet up or cannot meet up So we introduce the possibility to allow a trusted peer to introduce two of their Contacts to each other and then they make a direct connection So there they run a different helmet key exchange through the person and only when both accepted the invitation and acknowledge that they deleted the keys To establish forward secrecy then they start making direct connections to each other and connect are connected in this peer-to-peer network So Briar only connects to your direct peers. It does not use a distributed hash table or something like this this is because we want to be able to run this on our mobile phones and everybody's concerned about battery usage and Distributed hash table is basically like a big chatter going on everybody's talking all the time of everybody and this is burning your battery because you're Sending data even when you're not using it. So that's why we connect only to direct peers Let me advance to the next slide because then you have something to read These are the cryptographic algorithms we use And you see there's one on the left side and arrow to the right side This is what we are migrating to at the moment So we are migrating from Blake to as as a hash and Mac function to Blake to be and Similarly from this brain pool curves. We are migrating to the Edwards curve down there So what can I has internet as well because I was talking only about this Bluetooth and Wi-Fi stuff But you're not always in close range and you don't always have your hemorrhage. You're connected, right? So We here at least we have internet most of the time and we want to be able to use it and so yes You can has internet and How we do this is we use tour So tour is integrated into briar when you install it on your phone. You don't need another app you Just start the app and tour is booting up without you knowing about it And it starts a hidden service on your phone Like I assume that most of you know what a hidden service is but for those who don't let me give just a brief introduction so this this purple cloud is just an abstract way of viewing the tour network and There are Alice and Bob and they both have a hidden service on their phone So they have a connection into the tour network and each of them are basically picking three tour relays and Then they find a rendezvous point in the middle and they establish the connection through this so they never make a Direct TCP IP connection because this would leak metadata directly to any network observers So you would like if you if you look at Alice traffic You would see there was a TCP connection going to Bob But in this case you just see there's a TCP connection going into the tour network and you have a hard time following where it comes out I have to admit though the tour is not perfect like if you have seen yesterday's talk They say tour is good, but it's not alone. There's other solutions, but they also not perfect and there is no anonymity system at the moment that can resist a global passive network observer Which probably the five eyes can do so if they can look see all network traffic They might be able to de-anonymize some of the connections unfortunately, but We can work on this like I said briar is agnostic to the way data is transported So you can just write a data transport plug-in Put it in when the next best thing comes and just all migrate to that Without losing your contacts or any or any of your data. It's just another way to transport data You can also use all at the same time if you want So we don't have too much time to go into into detail, but let me explain how briar works at a little lower level So essentially it's simple You have groups or channels like we're a pipe like we know in internet. It's just a series of pipes and You have messages And these can be can be any anything you want you can put your own data in there in our case we have like some binary data format that we use and we We open for any purpose we need we open the dedicated channel So if you have private messaging you just open a group between two people that only these people exchange messages through But you can expand on that and you can also create groups that where people like in this case They share messages with with other people and then you can also share this group with all your other friends And this is what we call forums In the forum everybody can read and write messages and everybody can share this forum with other people in The private message context you cannot share that you cannot share your private conversation with anybody else It's just between you and your peer and now let's look at this sharing graph. So imagine you have this this forum group with which are essentially the pipes and Then you share it with your friends then every edge on these graph is a sharing relationship and The notes are the the peers and the green ones are the ones that are online at the moment So so these people write messages in the forum They can have conversations and they only exist on people's phones. There is no servers where they can get uploaded to So there's also no single truth of what is the current state of the discussion Because the people that are offline They only get messages when they're online, but they only get them when they have a connection to people who have the messages So if these people have messages, they flow through here arrive on the other side and they get them right away But this unfortunate fellow here in the bottom He's out of luck because he won't get the messages that that are being sent here Unless these people or some people along the sharing graph come online So similarly like when the the connecting point here in the top goes offline and these people keep chatting These people won't read the messages and this is a tricky opens also tricky new problems like What happens when you suddenly get lots of messages how the traditional messaging service do that? They have a linear history and suddenly if you get two day old messages in the top like you are very confused So that's why we we use a threaded Conversation structure where people can can reply to each other in branches and later you can merge these branches back together to have a Continuous and consistent message history where you can also find stuff again So this is a very simplified view of the architecture of briar You see in the bottom the blue box is called what called bramble and this is released as a separate library It gives you the the peers The cryptography the database to store stuff and the messaging colonization through these various data transports the gray boxes We have not yet implemented but plan to do so So here land Bluetooth tour maybe later I to P and Wi-Fi direct and Then on top of this bramble library We have the briar core library which gives you all the features that are just built on top Like the message we have messaging forums blocks groups and an RSS import into the blocks This is like also for for censorship circumvention when you have friends on briar that Share block share RSS feed content with you where because you cannot access it wherever you live Maybe like BBC news in China or something and then on the top we have the actual applications that make use of the libraries So at the moment we have an Android app and we plan to have a desktop program and We structure this this way in libraries So you can build your own peer-to-peer things with this technology without starting from scratch so please go and Decentralize all the things and I'm really serious here When when I started out Like advocating for decentralization. I was always thinking federation is the way to go like we are nerd Let's all build our own servers. Let's put our servers in our houses and and federate with each other and But now I think it's The perspective is a little screwed because we are nerds yes We can do this but we cannot expect other people to do it and federation is great It's an improvement over the status quo, but if we could Migrate the existing services that we use on the internet into a truly peer-to-peer infrastructure, and this is even better Because then we don't need any servers to run We don't need any service to maintain and we even more resistant to censorship and we can just rule it around it And I don't know if you have seen it just before my talk in the salda extra There was a talk about claim chains which enable you to To to also put trust relationships into peer-to-peer networks in a privacy-friendly way So so these kind of new technologies would be great to to enable all sorts of new peer-to-peer application Even if you need trust like in the sharing economy like if you want to do some sort of a peer-to-peer uber or peer-to-peer Airbnb like let's do it, please And I hope briars technology can help you may be doing it so we have at the moment an Android app application that you can get on Google Play or a better asteroid right away and Test it out play with it here on Congress And if you want to meet me mate later here next to the stage and then we go somewhere We can add each other and try how good it works and To anticipate already a question that we get a lot But I have iOS like where's your iOS application And we would like to have some iOS applications because one of our target audience are journalists who need to communicate securely with their sources And these people have iPhones all the time so We looked into it and so for it doesn't look good because iPhone closes all applications quite soon after you put them in the Background and you are not allowed to keep TCP connections open and we need to do this so you can get messages So if you're in an iOS developer and you have some ideas how we can get around this, please get in touch and the source code is of course free software available for everybody to use and we also Working on making it build reproducibly Which is very important because you need to be able to verify that the source code actually matches the binary that we ship And you need to be able everybody need to be able to verify that so nobody can build any backdoors inside So we have always a source binary correspondence and the latest versions Mostly build reproducibly, but there's still some Kingsman you work out unfortunately So I'm at the end of my presentation. Thank you very much for your attention and I hope you have some questions That was awesome. Hey, I'm a big you pardon Questions who has a question there's mics left and right Internet Signal angels. Yep signal angel has a message from the question from the internet. Yeah, go ahead Yeah, the internet wants to know how it's different from Retro share and does it have additional features or some advantage in the protocol? Well, I'm not a retro share expert. So I can tell Like to take this with a grain of salt, but as far as I know retro share uses and DHT infrastructure So it is relaying messages between peers all the time which would burn the battery if used on mobile quite a lot And it basically does does everything, but it doesn't care as far as I know so much about the metadata being leaked and Also as far as I know you cannot use retro share with other kinds of data transports easily like like we do Thank you One sentence with a question mark at the end of it Yeah, I would like to see To know what are actually the difference with the ring project I've heard about the ring projects, which is also a kind of decentralized messaging services Actually, I had a I follow a couple of conference from this project And I saw that a lot of feature were missing because of the structure of it decentralized you don't have the history you cannot have several device that are synchronized together for your own Accounts and these kind of things. So what is your point of view on those kind of feature? Well, I also don't know the rim project But it's great to know that there is more of these things happening and I don't say like use Brian That's the only truth like let's build whatever works, right and Your point about a multiple devices is indeed something also We have not solved because if you are in the peer-to-peer network and you have two devices You need to consider the case where you go online with one device You make one action in the in the application and then you go online in the other device before it is able to Sync this this information and you make a conflicting action like leaving a group and posting a message So it looks like you left, but you're still posting something and how how to resolve this like we haven't solved it yet Okay, thank you We have four more minutes question one sentence question mark you mentioned iOS. What are other ways that people can help briar? Well, there is lots of ways that people can help briar because there's lots of work to be done One thing that would be nice would be to have a desktop client It's essentially we just need the UI on top of the libraries that we already have So this is something where people can get started easily But we also have of course a bug tracker and a feature tracker where people can just say hey I want to implement this and then we help you Signal angel no Yes. Yes. Yes. Go ahead. Okay. The internet wants to know what happens if an attacker gets hold of the device Is there some some card like deniability or something well deniability isn't it's not one of our design goals. However It's an Android application and most people on Android. They don't have a full disk encryption or anything like that so what we do to improve the situation is to encrypt all data that briar stores in its own database With Password key duration function based on the password So whenever you go online you need first to enter your password to to a decrypt database and then there's also a panic button feature like when you have a panic button app you can and you're like I don't know the police is coming to arrest you and you press the panic button Then you can have briar deleting the database or just locking out so that the data address is at least secure Thank you Two more questions one left one right right one starts one. Yeah. Thanks for your talk How do two peers find each other into the in the tour network This is where hidden services help us because the tour hidden service has Has a unique address which is essentially it's public key and there is directory service in the tour network When you come online you get listed there and this is how they find you so you don't need to use any any firewall punching any Netreversal stuff you you just go into tour network and you say I want to connect to this hidden service And if they're online they will respond and if not not Thank you last question from my left here So do you use bluetooth currently to connect but recently there was discovered some important vulnerabilities regarding bluetooth Which makes not advisable to use bluetooth at all in androids. So how do you handle that? Yeah, that's unfortunate and bluetooth is not only has lots of security problems But it's also very flaky and difficult to work with so our response to that was to be more conservative on How long bluetooth needs to be enabled so we try to reduce the time? And it's also possible that you don't need to use it at all There's still some improvements that we do and also we one of our latest contributors He implemented prototype of a Wi-Fi direct plug-in where two phones can connect to each other directly with Wi-Fi without Being in any sort of access point And so maybe when we're lucky in the future. We don't need to use bluetooth at all Okay Let's have a big Seven I have to cut off. I have to cut out. I'm sorry. The next talk is going to be Mark James It's going to be packed like hell and we got to get the people in and out first. So I have to cut off here I'm awfully sorry