Hello everyone and thank you for attending my talk on building a peer-to-peer darknet lessons learned On a personal note, I'm very happy to be here today two years ago It wasn't so certain because I had the misfortune of tearing a muscle in my thigh So I would really just like to thank the pharmaceutical industry for my presence here because painkillers are really awesome

But in case I limp or I slur the words, you know the reason why So, my name is Edna Erlingsson, I'm Icelandic and I've worked more or less for eight years as an Android developer

Although more recently, I've actually rejoined academia and I'm working on a PhD in machine learning and high-performance computing But that's not what I'm going to talk about today today I'm going to talk about a project that I joined two years ago Which is called the Briar Project and it's all about secure messaging

So, let me just break it down for you, so the Briar Project is a free and open source software project and Given that it suffers from all of the same things that free and open source software projects suffer from

We have sporadic funding and It's like what I say, it's like the mind is willing but the body needs food and shelter so We've been trying to work on it as much as possible, but unfortunately

The funding hasn't really covered us to work on it full-time But we have a really committed team which I will introduce to you also shortly We have an Android application But it's not only exclusive Android application And a Briar Project is really thought to be a platform

Independent or like being existing on many platforms, but Android is like the first platform that we target But the slogan of Briar is secure messaging everywhere but What really sets Briar apart, the Briar application from other messaging applications

Is that the focus is fully on security and privacy so the thing is There is actually a trade-off between security and usability Now most messaging applications, they want a lot of users So they put the focus on usability and then they try to make it as secure as possible

Briar is really not about that. Briar is not trying to be the next WhatsApp. Briar is just trying to create The most secure messenger, but you see how secure you can make it and It's quite unique in its own way. It's like a unique amalgamation of methods to ensure privacy and security

And today I'm going to talk to you about some of those methods that Briar is employing including peer-to-peer networks and darknet So I just want to do a short shout out to the team which is really awesome. I have the

Privilege of working with really smart people. There are a lot of PhDs there and a lot of people from all over the world I haven't actually met most of these people But it's been really fantastic to work with them

Brazil, New Zealand, Germany, England And it feels really great to Be working on a team so international. It's a lot of fun So just Michael Roger the topmost name is actually the founder of the project and He has worked on it the whole time that the project Briar project started as

like after his thesis on secure messaging and I had the privilege of meeting Julien Dem. He's actually sitting here right now And we also have a countless more people that predate me and countless people that are coming and doing a little bit of work

and then leaving again and Actually, there was another speaker today Marcus Ligie. Is he maybe here? Who also has been really helpful so What financing the financing that we do have in the Briar project is I want to talk a little bit about this because I

Portfolio is really great and speaks speaks for the project. So among our supporters we have organizations and funds that support privacy open source software and digital rights and Stuff like that. So I'm really proud of his portfolio

Okay, let's let's get down to business so I want to talk about three ways that or three methods that Briar is using to protect the users data Now the first is end-to-end end-to-end encryption

but a Few years ago. This would have been something special but today this isn't really special anymore I mean what what's happened? What's app even has end-to-end encryption? So I'm going to focus on the on the other two aspects. So the end-to-end encryption that Briar uses is asymmetric cryptography quite standard stuff

But Briar also uses peer-to-peer communication so Just to explain a bit what what that means is that here's like This is the classical centralized approach Between a client and a server for for a messaging app. So Alice sends Bob a message

But she actually sends it to a server which then relays it to Bob whenever it is convenient for Bob to receive this he maybe gets a notification and Then the message is loaded Whereas a peer-to-peer network is really just circumventing circumventing the server completely and sending the message

directly to Bob through the network so this really is a good example of the trade-off that I mentioned before the trade-off between security and Privacy Now a security story and usability so when you have a server it's much more usable the server can store your message and

Simply wait for Bob to come become online and then he sends the message to him Bob can even switch devices and there's not any problems with that. He can always get his messages all of them Whereas the peer-to-peer network is decentralized which means that the message can only be sent when both parties are online

and Switching devices and stuff like that is is problematic. It's not impossible, but it's problematic now This this can be mitigated in some ways, but it's always at the cost of security. For example, if there's the mutual friend

Then that mutual friend could maybe get the message and hope that He or she can relay it when then Bob comes online if Alice is not online But this is really leaking data. This is revealing relationships between users and stuff leaking metadata, which is something that Briar is

trying to avoid at all cost So coming back to this The third way the third method that Briar is employing is darknet So it's using a peer-to-peer network and the transmission or the the transmission over the mobile network are all through

darknet So what is a darknet? There's a Wikipedia definition of a darknet But basically darknet is actually an an old term from from the 80s as an old terminology basically just in the dark, it doesn't want to be seen there and be visible and

Therefore and today today for me this fulfills This fulfills two things the terminology darknet. It makes it sound suspicious to normal people which Which which is why it's used by some parties and it also it sounds a bit cool to developers at least some developers

So that's that that's my theory on why this is so popular today Now the most widely known Darknet is Tor which is a privacy network. There are also some file sharing that darknets that exist but Tor defines itself as being a

Privacy network and you maybe have heard about the Tor browser Which I understand actually a million people around give or take are using the Tor browser for Privacy reasons, but what does Tor stand for is is it Is it a hammer-wielding Norse Norse god fighting the good fight for privacy?

No, it's the onion router, but you probably knew that already So it turns out that onions are actually a pretty good description about of how Tor works Because Tor is all about layered encryption and decryption much like an onion

So Tor is divided into the computers that Have the Tor services are actually they're called hidden services and Tor provides anonymity, which I will explain in a minute in a moment so

Just roughly how Tor works if Alice is sending Bob a message through the Tor network So Alice is here first Alice has to receive first Alice gets the all all the hidden services Gets information from the internet about all the hidden services and then plots a randomized path or some path with

Arbitrary number of hidden services to send the message to Bob Alice constructs an onion which basically means this layered encryption and using the public key from the different services and then Alice sends the message to the first service which then takes the first layer off and

Then sends it sends it further So each hidden service always takes one layer off and each hidden service only knows about the previous point and the next point and They also don't know the nature of those points. Is it another hidden service? Is it actually Bob?

is it Alice and therefore if if there's a man in the middle attack if somebody is Like grabbing all of this communication and trying to see who's talking to whom He might he will probably only see these two computers in the Tor network that are basically sending messages to each other so the anonymity of the

Sender and the receiver is protected. So what about Tor and Android? The the problem with the Tor network is that it isn't really built with mobile in mind So When you implement Tor on Android, it really drains the battery because it relies heavily on the CPU

because Tor runs tasks every single second second is checking the hidden services updating it And the the path you have chosen to send the messages is there's a lot of stuff going on

We haven't we have been trying to circumvent this but we're basically using a wake lock as well on the app Just just to keep Tor running Because if if Tor disconnects you have a hundred seconds to reconnect if for some reason you drive through a tunnel or For some reason your device loses connectivity. You have a hundred seconds

Otherwise you have to really start from scratch which is an expensive operation takes a lot of time energy etc So if this is so difficult, why why is Briar using Tor? Well, it's because of the anonymity Tor is protecting your metadata and to remind you what metadata is. It's not the content of a

conversation or communication it's Who's talking to who when where etc? But is this data really important the metadata? Well It's pretty important It turns out that

According to this general the the US government is killing people based only on metadata Now this is of course very dramatic. I'm being very dramatic right now, but what this does this speaks volumes For the amount of information that can be extracted from metadata

So let's go to the good stuff. So let's take a look at some Codes and how Briar is using Android So first I wanted to give you a short code overview So at the moment Briar is divided into three different modules the the foundation module we call Bramble and

it takes care of all of the Transport layers here here on the bottom. We have all the great outsells ours is stuff. We haven't done yet So we haven't We intend to implement Wi-Fi direct and I2P which is another type of darknet

Not onions there is actually garlic's So We we have LAN support. We have Bluetooth support. We have tour. There's a message synchronization layer Pierce is your contacts and we crypto the crypto stuff is performed there in a database, which is also heavily encrypted and

On a side note, I could have probably have talked for 20 minutes only about Bluetooth because It's really amazing the the amount of problems due to device fragmentations and also Bluetooth is

sort of a mess, but I'm actually but when it comes to mobile applications, I'm actually pretty old more than 10 years ago I was making Bluetooth applications on Nokia's and Sony Ericsson's and stuff using Symbian and Java micro edition And I can actually tell you that today it's much better than it than what it used to be but it's it's still difficult and there are a lot of unexplained drops of connection and

difficulties in pairing Which seem to stem from fragmentation? Now the next module on top of bramble and Just one one more thing We intend to release bramble eventually to assist other developers in implementing any of these things into their own app

So you don't have to start from scratch There's also another library actually another application called orbit which also connects to tour But there you actually have to download a separate application The next thing is the Briar core which contains Messaging forums blocks groups and our RSS imports. This is all stuff we have right now

We have the Android application and we have a beta version in the Play Store can actually download it right now if you want and We intend to work on a desktop application as well. This is like the next roadmap so to speak

So what are some of the challenges here So one challenge is just simply maintaining a messaging service and Android So remember because we're using a peer-to-peer network through Tor We can't really rely on a server who sends us a nice notification or something like that

We have to do it ourselves. We have to Paul the network keep the connection alive You have to receive the messages and do it all ourselves So in Android you have two types of services which can be suitable you have something called the background service which can run even though your application is not running and

Then you have something called the foreground service which runs only when your application is running now it would seem that we should pick the background service option, but Actually, there are constant operating system restrictions that are due to power savings. So The next generation of batteries they can really not come soon enough. I mean preferably yesterday

So Google is ramping up the control So in lollipop you had the job scheduler which was recommended at the time you didn't have to use it. So instead of Having a background service here that they're recommending you should use the job

scheduler because it's much more effective when it comes to the power management Then there was those and standby modes in Android Marshmallow Which actually can? kill both foreground and background services and then finally in Oreo you actually have real

background service restrictions they force you to use I think the jobs get it or something along those lines So it actually turns out for Briar. We can't use a background service. We need to use a foreground service But using a foreground service for the secure communication has has pros and cons

Okay, it's the good the bad and the ugly The good it's easy to make a foreground service You just extend the service class You add the

You add to the man manifest manifest What is needed for the service and I would like to highlight here? The export it falls here ensures that it can only be used for your application and not any other applications. It's important and

We decided to go for We decided to go for a service that you bind because you can keep that living long in the background It's not attached to any activity or anything like that You can just keep it running in the background and it's really easy to start such a service And it's really easy to bind such a service and then you're basically good to go Then you can receive messages through the network

So what is the bad things about this approach? Well? there's a fixed notification a Foreground service must provide a notification for the status bar. It's just stuck there and it bothers It's not really good user experience. It bothers a lot of people. It's not fatal, but it's not so cool either

There's another bad thing those Must be manually whitelisted now You can assist the user in whitelisting it by adding this to the manifest and then adding this code Which will automatically open this whitelist in the settings?

Which then then basically tells those and stand by leave this app alone, you know, let it run so it can receive messages But the user has to manually say agreed and This is as really as far as we can go and helping the user do that. Are you ready for the ugly?

So have you we've all heard about Android fragmentation, right? It's really I mean I worked on a lot of apps and sometimes this was really no issue at all and sometimes this was a big issue and here it's unfortunately a pretty big issue because Manufacturers they have a different approach to power management. They have their own stuff. It's not only the operating system

There's also stuff from the manufacturers. So you have different stuff so for example UV What we have experienced with them is that? no matter what we do even though it's whitelisted and UV actually has another whitelist there of their own. So even if it's double whitelisted

It 60 minutes max Then they kill Briar the Briar service running in the background receiving messages We're working on it, but we haven't found a solution yet Sony Sony has something called stamina mode which used to be much more aggressive before

Before Google started applying their own OS restrictions, but basically stamina mode. Yes also kills the Briar service There are probably more which we haven't discovered yet we're in the beta phase we have users that are reporting bugs and

We are expecting that there's probably more because power management is always becoming more and more of an issue There are no future guarantees There might the next version of Android the next version of Samsung might

Make more difficulties for running a secure Application like Briar and with a peer-to-peer network What we're working hard to adapt the code and fixing all of this And we have actually made a great progress on a lot of a lot of problems. We had to do the fragment fragmentation

but There are still problems that remain Finally just quickly is there's an user experience challenge that I also want to talk about a chaotic message delivery so You have a bit of unpredictable message delivery due to peer-to-peer networks If if Bob doesn't sign in for a month and then suddenly he signs in and then you get all of the messages

he may be wrote for a month or he gets all of yours and Toor also Toor does not guarantee order of delivery. It's You have different paths and sending messages and that they don't all take as long so it could be that you're actually

Receiving in the present a message that we're supposed to receive in the past like before another message that you've already received So how do you how do you explain this? Well to the user? This is this is a real head scratcher that we had and the best we came up with is basically something like this

Arrows that That Are automatically updated when when Briar receives the messages and say like hey you have here below you which is new You have like seven new messages and above you Hey, you have three and then you can press it and then you jump to those locations so there's a bit diversion out and

Try it and tell us what you think Now I Released the beta version and it was performed by cure 53 which is actually a Berlin specialist

Group or team which performs with penetration tests and security tests of software and applications in the internet and such and Which gave us a great review. So at least when it comes to security it We feel like we're doing something, right? You find out there's a lot of further information about Briar if you're interested some some of our team members are blogging about it

We have a Twitter account you everything is of course online GitLab You can look at all the issue tracker. You can look at all the code. You can check our web page If you want you can get involved You can join the discussion discussion you can help us with the code you can become a tester it's all open to you

Can even add an app translation in your native language If you're not a non English and German speaker that is So I hope I kept you entertained and told you interesting stuff Thank you for listening