Bridgefy, the messenger promoted for mass protests, is a privacy disaster

I have noticed that since the protests began there has been a huge influx of my contacts onto Signal and I've gotten a few questions about how to use PGP. I'm glad folks are starting to take privacy in their messengers more seriously, but a lot of the privacy-focused messengers are pretty bad (with Bridgefy being a particularly egregious case). Unfortunately there seems to be a trade off continuum between user friendliness and privacy in all currently available offerings and for most people I think Signal hits the sweet spot. I'd be interested to hear what other tools people would recommend here, as I haven't used all of them (eg Telegram/Matrix).

From the article these attacks allow for:<p>* deanonymizing users<p>* building social graphs of users’ interactions, both in real time and after the fact<p>* decrypting and reading direct messages<p>* impersonating users to anyone else on the network<p>* completely shutting down the network<p>* performing active man-in-the-middle attacks, which allow an adversary not only to read messages, but to tamper with them as well<p>This app basically allows for the exact opposite of what people are expecting from the app. Doesn&#x27;t that qualify as some sort of fraud or false advertising? If not, I wonder if we need further regulation to protect the public from developers that are either incompetent or straight malicious.

Hi everyone, I&#x27;m Jorge, founder at Bridgefy.<p>We&#x27;re acutely aware of this conversation, and know that we must prioritize the safety of our user base. All of the issues reported on the article are already being fixed, and we should have updates published in the next few weeks.<p>Here&#x27;s our blog post: <a href="https:&#x2F;&#x2F;bridgefy.me&#x2F;bridgefys-commitment-to-privacy-and-security&#x2F;" rel="nofollow">https:&#x2F;&#x2F;bridgefy.me&#x2F;bridgefys-commitment-to-privacy-and-secu...</a><p>As always, we&#x27;re available to keep the conversation going; please refer to the email address included in the blog post.<p>Thanks!

&gt;A key shortcoming that makes many of these attacks possible is that Bridgefy offers no means of cryptographic authentication, which one person uses to prove she’s who she claims to be.<p>Identity is critical in encrypted messaging. Identity is a hard problem in practice. Very few things do an adequate job. The things that do are awkward and require concepts that few people understand.

Does anyone have a design that works for this kind of adhoc meshing network with good privacy guarantees? It seems like a really hard problem to solve, especially the social graph problem because inherently messages will take time to propagate through the network based on proximity. Maybe adding random wait and hop count increments? Efficient routing kind of depends on being able to discover the network graph.

The proposed change to use the signal protocol wouldn&#x27;t seem to address all the metadata issues with their core tech. Their statement mentioned nothing more than &quot;oops we&#x27;re a startup&quot;, the signal change, and an intention to continue to invest in the &quot;mesh&quot;.<p>It does seem like a nice feature for existing platforms to be able to enable in disasters and at events.<p>As for protests, maybe some communication is better than none if the government is shutting things down?

Learn to use radios (in mass balls-to-the-walls protests).

A lot of privacy apps made to spy on people :-(

The only usable tool for any organization of resistance is Telegram. Anything else is garbage. Here&#x27;s why:<p>Bluetooth&#x2F;Mesh based local broadcast apps such as FireChat and Bridgfy are literally extreme low signal to noise streams of thoughts coming from everyone around you. We don&#x27;t even need to get to the privacy or security part to eliminate it due to it being completely unusable in areas with more than a couple people.<p>Signal:<p>Slow, requires phone number to register and access to contacts. Users still receive messages after leaving a group, and the history still remain on the desktop app. Disappearing messages disappeared on the phone you&#x27;ll still get it after it purported it have disappeared.<p>Wire:<p>Extremely slow.<p>Why is Telegram good?<p>* Super fast<p>* Good balance of security and usability.<p>* Early flaws in mtproto has largely been fixed.<p>* You can choose a username, instead of a phone number<p>* Good privacy settings to select who can find you, how to find you, who can call you, who can pull you into group chats etc.<p>* Desktop app has feature parity with the mobile apps. No glaring flaws found in Signal.<p>* Operationally extremely battle tested by successful protests around the world such as Hong Kong, Iran and Belarus.<p>* Any problems found on the ground, when reported, will be fixed in a matter of days to weeks by Telegram. They are that responsive.<p>Words of advise to Silicon Valley companies and security professionals in general. Stop bashing Telegram and actually go and try using your proposed alternatives in protests. Most if not all of these so-called secure chats are completely unusable for any organizations trying to avoid being arrested or be used as evidence against you.