Privacy

34612 readers

693 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Berty Messenger for iOS and Android - Zero Trust Open Source Peer-to-Peer Messenger based on IPFS protocol (berty.tech)

submitted 2 years ago by [email protected] to c/[email protected]

37 comments fedilink hide all child comments

** Now in Android and iOS app stores **

No Face, No Name, No Number, No SIM card, No Internet! Berty is a messenger that doesn’t require any of your personal data or network connection (using Bluetooth Low Energy BLE). All conversations are encrypted with end-to-end encryption, in a fully distributed network.

It is a peer-to-peer messenger with no servers, no cloud - your data is only stored on the device where Berty is installed and used. No one would be able to access the data or shut the app down, not even the developers.

Being P2P, it means the IP address needs to be available to route messaging, but their site explains a bit about how they've tried to mask this. Whilst Briar is an excellent alternative, it is still Android only. The closest alternative is maybe Jami, but it lacks a non-Internet Bluetooth alternative if I recall correctly. Interestingly, Berty also can use Airdrop (iOS to iOS) and Android's Nearby as alternative protocols.

You can share your details and add contacts via a QR code, public key, or an invite link. It is currently available on both iOS and Android, with desktop clients to follow.

See https://berty.tech/

#technology #messenger #berty #P2P #IPFS #privacy

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 2 years ago* (last edited 2 years ago) (1 children)

Skimming their website, I noticed two issues with their dependencies.

First, https://berty.tech/docs/protocol/ says

*The only non-standard packages used in the Berty Protocol are the following two, although they have been written by experts are widely reviewed by the community:

libp2p/go-libp2p-core/crypto

agl/ed25519/extra25519

Clicking through to ed25519/extra25519, one can see that the upstream author replaced that code two years ago with a readme that says "This repository is unmaintained" and "Uncared for code is not a foundation to build upon". (The part that was merged in to golang's standard crypto library does not include the "extra25519" code that this project requires.)

Second, I see that their Go-Tor-Transport relies on go-libtor which currently is using a year-old snapshot of the -dev branch of upstream tor. (I haven't yet discerned if Tor is fundamental to their design or if it is an optional thing, but i suspect the latter?)

[–] [email protected] 7 points 2 years ago

They do say it is early days still and not fully dependable V1.0. So there is work in progress, and they still want to have an independent security audit done. I think they are pretty open and forthcoming about what is not yet done. They were quite clear to state the product is not ready yet for the Ukraine war for example, and state people should not consider it for that use.

Certainly in principle one does not want to build on unmaintained code (different from code that has not requited an update for any good reason for a while).

So it is really a proof of concept now that is usable, but not yet declared finished as far as the security side goes (implying some of those loose ends mentioned). I gather from that we should not yet be judging it as a finished or production ready product.