The Challenge

3787 followers

How can we strengthen the Internet for free expression and innovation? read the brief

Entry

Secure messaging, anywhere.

We're building a messaging app that's as simple to use as WhatsApp, as secure as PGP, and that keeps working if somebody breaks the Internet.

Briar is a messaging app designed for activists, journalists, and anyone else who needs a safe, easy and robust way to communicate. Unlike traditional messaging tools such as email, Twitter or Telegram, Briar doesn't rely on a central server - messages are synchronized directly between the users' devices. If the Internet's down, Briar can sync via Bluetooth or Wi-Fi, keeping the information flowing in a crisis. If the Internet's up, Briar can sync via the Tor network, protecting users and their relationships from surveillance.
Who are the users or target customers of your project, and what have you learned from them so far? Please give specific examples.

Briar's potential user base includes anyone who's concerned about surveillance and censorship, and anyone with intermittent or unreliable access to the Internet. Within that large potential user base we're concentrating specifically on the following groups:

1. Activist organisations. Activists are subject to intense surveillance, yet their effectiveness depends on their ability to communicate and organise privately. We held a requirements-gathering workshop with environmental and animal rights activists in the UK to understand the communication needs of activist groups.

2. Civil society organisations. Authoritarian states often suppress and monitor civil society groups, regarding them as threats to centralised power. To assess our app's suitability for this user community we're conducting focus group tests in partnership with a US non-profit that works to strengthen civil society in an authoritarian country.

3. News organisations and independent journalists. Surveillance technology has undermined the ability of journalists to communicate privately with sources and among themselves. Our team has experience with training journalists to use information security tools, and we plan to test our app in partnership with the Centre for Investigative Journalism in London.

4. Disaster responders and long-term aid organisations. Aid workers often need to communicate in areas with limited connectivity and across organisational silos. We've worked with the Open Humanitarian Initiative and Taarifa to understand the needs of humanitarian organisations, and to develop a roadmap for decentralised information-sharing tools using the Briar protocol stack.

5. Ordinary citizens who want to discuss political issues or just talk privately with their friends. It's worth noting that while many activists are comfortable with making public statements under their real names (even if they need to organise in private), the communities that activists come from and support find anonymous and secure communication very freeing, as it enables them to discuss the world around them openly and find allies with similar perspectives.

What assumptions are you making in what you propose, and how will you test them?

Our first assumption is that there are people who would like to avoid Internet censorship and surveillance, but who find existing security tools difficult to use or poorly matched to their needs. We know these people exist because we've met them while training activists and journalists to use existing tools. We'll gauge the size of this user community and test whether our app meets their needs by partnering with training organisations to disseminate our software and collect feedback.

Our second assumption is that a mobile app is an effective way to reach our target groups. While we plan to support desktop platforms, we're tackling mobile first for two reasons: the barriers to adopting new apps are low, as demonstrated by the rapid uptake of messaging apps such as WhatsApp and Telegram, and an increasing number of people use smartphones as their primary communication devices (smartphones outsold feature phones worldwide in 2013, and mobile broadband is growing faster than fixed-line broadband). We'll test this assumption by measuring adoption of the app.

Our third assumption is that smartphones and personal computers are suitable platforms for secure communication. This is an assumption we share with many other communication tools, but it's by no means a trivial assumption - sources including the Snowden leaks and Privacy International's Surveillance Industry Index demonstrate the strength and scope of surveillance technology and the vulnerability of popular platforms. A top-to-bottom solution to this problem must encompass application software, operating systems, and hardware. We're only tackling the application layer; we depend on the wider community to continue making progress to secure the other layers.

This is not an assumption that can be tested once and for all; we must continuously evaluate the known threats and decide whether it's responsible to promote smartphones and personal computers as secure communication tools.

How will you get your project in front of the necessary people or organizations?

Within our team we have a fairly extensive network of ties to the user groups this tool is primarily designed to serve. While we want to see our app adopted by the general public, we'll focus first of all on those users in the target groups who receive information security training. We'll partner with training organisations to make those users aware of our project. We're confident that our app's ease of use relative to existing tools such as PGP will make it popular with trainers and trainees, driving wider adoption within the target groups.

In our focus group testing we've pioneered a rapid development-testing-feedback cycle that fixes minor bugs and usability snags within a few days and collects information to guide longer-term development. Closing the loop between developers and users is something that's been missing from previous information security efforts aimed at these groups, and we recognise that ongoing communication with the user community will be crucial to the long-term success of the project.

See also our answer to the question on adoption, below.

What are the obstacles to implementing your idea, and how will you address them?

Briar is a technically innovative project, with no shortage of engineering challenges. However, testing has shown that the basic concept is viable - the remaining challenges can be solved with sufficient development time, including testing on a wide range of devices.

Sustaining the project during this next phase of development is our first obstacle: the project is designed for high-risk user groups, so it would be irresponsible to aim for widespread adoption until we're confident that the software is safe and it has been reviewed by independent experts. On the other hand, development must be guided by real-world testing to ensure we're delivering an appropriate and usable product. Satisfying both requirements will require ongoing testing of new features with real users in safe environments.

Adoption is another major obstacle, as it is for any communication tool: network effects make it hard to displace popular tools. But the recent explosion of mobile messaging apps suggests that this is not an iron law: mobile users appear willing to experiment with new apps side-by-side with established apps, allowing new apps to find niches, especially in communities with specific communication needs. Our target groups are examples of such communities, and we believe that we can aim for adoption within those communities without needing to displace the currently popular apps.

How much do you think your project will cost, and what are the major expenses?

Unlike many circumvention tools, Briar doesn't have large ongoing infrastructure costs, because the communication infrastructure is provided by the users - the main costs of the project are software development, testing, and user support.

To move from beta testing on Android to field deployment on mobile and desktop platforms will take approximately a year, employing three full-time developers and a part-time UX designer, at an estimated cost of $280k.

The software should pass an independent security audit before being deployed, which will cost at least $50k. We'll rely on the user community for translations - we already have volunteers for several languages. To continue the development-testing-feedback cycle we'll need a part-time community manager ($40k) and funding for test hardware and ongoing focus groups ($10k each). This brings the total to $390k.

Until now the project has run on a very tight budget, but we've accumulated debt in areas such as technical documentation that will need to be repaid to keep the project sustainable. To expand the team we'll need to compete with professional salaries.

How will you acquire users? Please give us details on your understanding of the market for this project.

We recognise that user adoption is the single most critical issue for any communication tool. As mentioned above, this issue is particularly tricky for a secure communication tool: we have to strike a careful balance between meeting the needs of real-world users through iterative testing, and protecting high-risk users from immature and potentially unsafe software.

Until now we've achieved that balance by publishing our source code but limiting the distribution of executable builds to focus groups. That will change soon, as we release the first public beta version of our Android app, aiming for field deployment in a year's time. Meanwhile the next version will go through focus group and then public beta testing. This strategy of maintaining parallel 'stable' and 'testing' versions is common for open source projects; it allows each user to choose their own level of exposure to potentially unsafe new features.

We'll use the following methods to drive adoption of the stable version of the app within our target user communities:
  • Outreach to non-institutional communities of high-risk users through partnerships with training organisations
  • Direct training and support work with high-risk institutions, specifically journalism groups
  • Promotion within the Internet freedom community and via its communications with the wider world
  • Targeted applications built on the Briar protocol stack for specific communities, including disaster response, long-term civic management, and reporting structures, where the application can spread via field deployments

Briar's data synchronisation technology has the potential to support a wide variety of use cases beyond those detailed above.  Briar is and always will be free and open source software using open protocols, but that doesn't preclude the possibility of sustaining a stable, long-term development effort by working with commercial partners. This has historically been a successful strategy for infrastructural open source projects such as the Linux kernel and the Apache webserver, where competing commercial entities can benefit from contributing to a shared technological base.
 

Share additional details of your Idea. How will it work? Why do you think it might succeed?

Briar provides private messaging and public forums that are protected against the following surveillance and censorship threats:
  • Metadata surveillance. Briar uses the Tor network to prevent eavesdroppers from learning which users are talking to each other. Each user's contact list is encrypted and stored on her own device.
  • Content surveillance. All communication between devices is encrypted end-to-end, protecting the content from eavesdropping or tampering.
  • Content filtering. Briar's end-to-end encryption prevents keyword filtering, and because of its decentralized design there are no servers to block.
  • Takedown orders. Every user who subscribes to a forum keeps a copy of its content, so there's no single point where a post can be deleted.
  • Denial of service attacks. Briar's forums have no central server to attack, and every subscriber has access to the content even if they're offline.
  • Internet blackouts. Briar can operate over Bluetooth and Wi-Fi to keep information flowing during blackouts.

The first platform we're targeting is Android, but the core of the app is portable to Windows, Mac and Linux. The desktop version of the app will support syncing data via dialup modems and USB sticks in addition to Bluetooth, Wi-Fi and Tor.

Our long-term plans go far beyond messaging: we'll use Briar's data synchronization capabilities to support secure, distributed applications including blogging, crisis mapping and collaborative document editing.
In ONE sentence, tell us about your project to strengthen the Internet for free expression and innovation.
We're building a messaging app that's as simple to use as WhatsApp, as secure as PGP, and that keeps working if somebody breaks the Internet.
Who will benefit from what you propose? What have you observed that makes you think that?
We've spent a lot of time learning to use secure communication tools such as PGP, and training activists and journalists to use them. But hardly anyone uses those tools in their day-to-day life, let alone in a crisis - the tools are too complex, too cumbersome, and they break at the worst possible moment. So we started from scratch, looking at the apps people actually use, and building on what we've learned about surveillance and censorship in the last ten years. As we develop the app, we're testing it with focus groups in several countries to make sure it meets the needs of our target users.
What progress have you made so far?
We've created an open source Android app that supports messaging and forums, synchronized via Bluetooth, Wi-Fi and Tor. It's currently being tested with focus groups, and a public beta will follow soon. The core of the app is portable to Windows, Mac and Linux.
What would be a successful outcome for your idea or project?
Our goal is to enable people in any country to create safe spaces where they can debate any topic, plan events, and organise social movements. We'll consider the project successful if people can use Briar to organise a trade union in China, discuss LGBT issues in Saudi Arabia, or coordinate flood relief in the US.
Who is on your team, and what are their relevant experiences or skills?
Michael Rogers started the Briar project to support freedom of expression, freedom of association and the right to privacy. He has studied and built peer-to-peer systems for over a decade, contributed to Freenet and LimeWire, and is now a postdoc researcher at TU Delft. Eleanor Saitta is a hacker, designer, artist, writer, and barbarian. She has ten years' experience as a security consultant, and makes a living and a vocation of understanding how complex systems operate and redesigning them to work, or at least fail, better. Bernard Tyers is an independent interaction designer and user researcher. He is interested in privacy and applying user-centred design to usable security. He is a long time supporter of the Open Rights Group, Tor and free software projects. Ximin Luo is a software engineer by trade, interested in decentralised systems, cryptography, and network security. He is a long-time supporter of anti-censorship and free software projects, and also contributes to Tor, Debian, and Freenet.
Location
London, UK and New York, NY, USA.

Comments

Join the conversation and post a comment.

Nicholas Alternativlos

April 22, 2014, 13:09PM
How can I make sure that I get notified when the public beta starts?

Michael Rogers

April 22, 2014, 13:10PM
Hi Nicholas,

You can sign up to our announcement mailing list at https://briarproject.org

(Actually that's all you can do on that site right now!)

Michael Rogers

April 22, 2014, 13:58PM
Good call! I've updated the Get Involved page.

Josh Meyer

April 08, 2014, 11:09AM
Michael, thanks for submitting such a timely and important proposal and for taking the time to engage in such a comprehensive back and forth in the comments section. You mention how you've implemented #1 but not #2, in terms of working through mutually trusted contacts. Can you talk a bit more about that, and whether that's something that you think is worthwhile to pursue? Thanks and I look forward to reading future comments (and answers) here.

Michael Rogers

April 08, 2014, 13:41PM
Thanks for the question Josh! We're definitely planning to pursue mutual-contact introductions - actually I was working on the icon for that feature yesterday. :-) The crypto side is fairly straightforward, but there are lots of UX corner cases to think about. For example, if a mutual contact offers to introduce two people, one of them accepts and the other declines, what should each of them see? So this isn't something that's going to be included in the next point release, but it needs to be there before I consider the app feature complete.

Josh Meyer

April 10, 2014, 15:24PM
Excellent. Thanks Michael.

Rebekah Monson

April 05, 2014, 12:38PM
What a cool idea, Michael. Thanks for your submission. Look forward to hearing more on this effort.

Michael Rogers

April 05, 2014, 12:48PM
Thanks Rebekah! Let me know if there's anything you'd like to know about the project.

Sean Bonner

March 28, 2014, 13:40PM
This is really exciting. Thank you!

Michael Rogers

March 28, 2014, 16:47PM
Thanks Sean! It would be great to have your thoughts on the app when we hit beta - I'll keep you posted.

Guido Witmond

March 21, 2014, 11:14AM
How does the Briar-project passes the Greenwald-test? Suppose I had something to blow the whistle for, How can I get the correct public key, knowing the name of the journalist and the paper (s)he writes for? How can I verify that its the correct key?

Michael Rogers

March 21, 2014, 11:36AM
Great question! There are two ways to add someone as a contact:

1. Meet the person face to face and follow a simple procedure that connects your devices via Bluetooth, exchanges keys, and uses six-digit confirmation codes to check that no man-in-the-middle attack took place.

2. Ask a mutually trusted contact to introduce you. With this method you don't have to meet your new contact face-to-face. If you meet them at some future time you can check that you have the correct keys by carrying out a process similar to 1.

In the current prototype we've implemented 1 but not 2.

Guido Witmond

March 21, 2014, 13:16PM
I don't remember that Edward Snowden had a mutually trusted contact with Glenn Greenwald. Snowden chose Greenwald for his reputation as journalist, yet neither of your solutions work in this case.

I would like to introduce my idea on an introduction protocol that might solve the Greenwald-test: https://www.newschallenge.org/challenge/2014/submissions/make-internet-security-easy-to-use-no-brains-needed

Michael Rogers

March 21, 2014, 13:41PM
Thanks, I've heard about your idea, as you know. ;-)

Bear in mind that method 2 can be used more than once: ask A for an inroduction to B, decide whether B is trustworthy, then ask B for an introduction to C. That fits with the way journalists are used to working.

But I take your point: if you can't find a chain of trusted people between you and the person you want to speak with, you can't use Briar to speak with them. It's built on social networks.

Guido Witmond

March 21, 2014, 19:34PM
Please, don't get me wrong, social networks are cool. And privacy protecting ones like Briar are severely needed. Especially when they protect the members against warrantless snooping.

Most social networks I encounter are about excluding those who are not a member, Good when talking to family and friends. To restricted when trying to build a community on a theme, like drumming up support for a common cause.

Your suggestion of repeating step 2 is exactly what Snowden did. He asked Laura Poitras (who knew about PGP) to act as introducer.

What my project is trying to achieve is method no. 3, in addition to your no. 1 and 2: Getting a mr. Snowden to connect to a mr. Greenwald, whatever their names may be next time. Two strangers to each other, needing to communicate over a complete secure and private channel. Without both of them knowing anything about cryptography, yet be completely secure, the first time.

Where my project stops, at introducing people, yours can continue, to keep them safe.

Nicholas Bentley

March 22, 2014, 03:21AM
From an outsiders point of view it appears that these two projects (Briar and Greenwald) are complementary. Good luck to you both.

Michael Rogers

March 22, 2014, 14:15PM
I agree, the projects complement each other well. Thanks for the good wishes!

Helder Ribeiro

March 20, 2014, 18:32PM
Btw, is the anonymity only in the transport (tor-based)? Do the Briar nodes know who they're delivering messages from/to when they're acting as intermediaries?

Michael Rogers

March 21, 2014, 10:49AM
We use Tor to conceal the social graph, not for anonymity between users. Users can create multiple identities, so they can post to forums under identities that are unknown to their contacts, or they can post anonymously if they wish.

A node will only act as an intermediary for content that its owner subscribes to.

Mike Doherty

March 20, 2014, 14:01PM
I was going to ask what plans you have for peer review of your security -- from threat model to implementation -- but I see Eleanor Saitta is involved, so I'm sure you'll have no problem :)

Michael Rogers

March 21, 2014, 10:45AM
Yes, we're hoping that OpenITP's Peer Review Board will take a look at the project when it's ready! In the meantime all our source code is published at http://code.briarproject.org/akwizgran/Briar

Helder Ribeiro

March 20, 2014, 00:55AM
Btw, how is work on it being funded at the moment? Is there anyone working on it full time? It would be great to have easy donation through the website.

Michael Rogers

March 21, 2014, 10:44AM
We have a grant from OpenITP that's supporting development until the end of March. I'm working full-time on Briar until then, and the others are working part-time.

We accept donations via Bitcoin or Flattr at the old website (http://briar.sf.net), and once the new website is live we'll have the same options there. Do you think there are any other options we should support? PayPal is pretty awful politically. :-)

Helder Ribeiro

March 22, 2014, 22:40PM
The US government is also pretty awful politically, and you still take donations in the money they print, right? Add paypal with an option for recurring donations and you'll have a *lot* more resources to push this forward. Worry about PayPal when they cut you off, and use them while they don't.

Michael Rogers

March 25, 2014, 15:00PM
I take your point about the politics of the US government - though I'm not sure using a payment processing company is strictly comparable to using a currency. :-)

BalancedPayments looks like it might be a good ethical alternative to PayPal:
http://balancedpayments.com/

Helder Ribeiro

March 20, 2014, 00:53AM
This is truly amazing. I've been trying to keep an ear out for Briar for some time now and it's great to see all the progress. This is solid stuff and you guys deserve all the support in the world! Love the alternative infrastructure support (including sneakernet if I'm not mistaken, right?) and true decentralization.

Michael Rogers

March 21, 2014, 10:42AM
Thanks for your support Helder! You're right that sneakernet is also supported, though it's not included in the current Android builds. We also have support for dialup modems. Both of these will be available in the Windows/Mac/Linux version.

Helder Ribeiro

March 22, 2014, 22:38PM
That is amazing! You guys are awesome :) Keep it up!
Login
Close
Login to News Challenge
 
or