Follow

@briar I have a question. If state gets their hands on a phone of some journalist or activist with Briar installed and used for communication, will they be able to access all chats?

In India, the way police access E2EE is that they physically access the phones and clone them. Then they scroll through chats from the cloned phone. They have done it often for WhatsApp and Telegram..

@aseem
All messages are stored locally and are encrypted. When you start Briar, you'll be asked to type a passphrase. This will be used to decrypt your Briar storage. If you close Briar, everything will be encrypted again. There's also a panic option that will every message.

@aseem Briar, as it currently is, does not protect you against cold boot attacks. This attack access the ram, where data is temporarily cached.
en.wikipedia.org/wiki/Cold_boo

Mitigation this issue is done on OS level.

Do you have any knowledge about the cloning process?

@briar Okay. So when Briar is not direct in use, it immediately locks you out of the app?

@briar @aseem
I do not think the Indian Police could do a cold boot attack on a Android device. As Mediatek devices are popular in India, and you can easily read these with SPFlash, that will probably be done.

@rudolf @briar They use some Israeli software provided by Cellebrite company. They provide kits for breaking into phones. The company claims they can break encryptions of more than 60% phones in the market.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.