Hong Kong protesters should be smarter about their messaging apps
Apparently there are some major pro-democracy protests going on in Hong Kong right now. The protesters need to be able to communicate with each other, but the government is constantly spying on them (and all residents) by monitoring internet traffic, email traffic, SMS text messages and phone calls. They could probably encrypt email if everyone had public keys and private servers, but that’s way too complicated and problematic. Plus the metadata would still be visible. When the protesters are all near each other, they have hand signals that get passed along the chain for emergencies like getting a helmet for someone or clearing a path for ambulances, but hand signals aren’t sufficient for everything.
As seen in this Forbes article, many of the Hong Kong protesters have started using an app called Bridgefy which doesn’t require a persistent internet connection and instead transfers messages via short-range Bluetooth. To transfer messages across distances longer than 30 feet (or maybe 330ft), the messages hop from phone to phone via Bluetooth in a “mesh” network. In other words, each user’s phone acts as a node or connection point for transferring information. It’s kind of like the “telephone” game some kids play where you line everyone up, one person on the end makes up a message, whispers it to the person next in line, and everyone repeats until the message gets to the end of the line. No internet connection or centralized server required! (It’s just like how the real internet works except each phone is a server/relay.)
That sounds pretty smart, but here’s the problem… Bridgefy requires a connection to a central server when registering your app… and WORSE, it uses your phone number for registration… AND sends an SMS text message to confirm that registration. All three of those things are very bad ideas if you can’t trust your phone carrier to keep your information private.
First of all, the state could easily block internet access to the centralized server that makes Bridgefy app registration possible. It will still work for the people who have already registered of course, but new registrations could easily be disabled.
Next, it’s always a bad idea to put your real phone number into any kind of external database. Who knows what they’ll do with it? And your phone number can easily be used to identify you and track many things that you do with that phone number. (You could also get SIM swapped and lose lots of money and access to many of your other digital accounts, but that’s another story.)
Furthermore, you have no way of monitoring who does what with your phone number! As an aside, if you use email as a personal identifier online, you do have much more control over knowing who does what with that address because you can freely create email aliases for every external database that you register with. Many people do this, not only to understand who sells their contact info to other people/companies, but to also be able to block them by deleting the compromised alias. For example, if I make a specific email alias address for only Facebook use, then I start getting emails from somewhere other than Facebook, now I know that Facebook is the one that shared my contact info. You can’t really do that with phone numbers.
Now back to the original topic… Thirdly, if the government is monitoring SMS messages, then they can easily make a list of all of the mobile carrier account cell phone numbers that are using the Bridgefy app based on who the registration confirmation SMS was sent to. (There is a secret way to skip the SMS verification by repeatedly entering a wrong number until a “skip verification” button appears, but signup still requires registration with a centralized server on the internet.) Then if any of these protesters are using Bridgefy on a mobile phone account that was paid for using their real name or using a credit card registered in their real name, then the government can find out everything about them… call history, family members, purchasing habits, income sources, etc.
At that point, you’re probably not nearly as secure as you would want to be when you’re fighting for freedom.
Why not Briar?
There’s another messaging app called Briar that sounds like it was specifically designed for technological and internet freedom fighting. This app does a similar “mesh network” thing where messages are transferred via Bluetooth without requiring full internet access, but it also supports transferring messages over peer-to-peer WiFi networks as well as the internet-connected onion router network (Tor). With Briar, all messaging is peer-to-peer only with full encryption. None of your information goes to a centralized server.
Furthermore, you don’t have to put any personal information into Briar. All you need is a made-up name and password, and the password isn’t sent anywhere. It’s only there to secure the app on your device.
Well, okay… there is one catch. Since it can’t (shouldn’t) use your phone’s contact list of phone numbers to match you with friends to talk to, it uses a much more secure method of establishing connections between people.
At least for the first contact, both people have to actually physically be face to face in order to make a connection in Briar. You enable a connection by scanning the other person’s QR code that they can display within their Briar app. Then they scan your QR code and the connection is available for as long as you have the app installed. Once you have some real-life contacts added to the app, you and your contacts can “introduce” other contacts within the app without having to physically be standing next to them. This method of contact requests makes it much more difficult for adversaries to infiltrate since you would physically have to know someone in order to be allowed into the network. It also makes it difficult for bad-actors to impersonate others.
Being able to send encrypted messages via an ad-hoc mesh network of WiFi and Bluetooth phone radios is pretty great, but what if someone is further away and out of range? Briar also allows messaging via The Onion Router network. I imagine someone in the mesh network needs to be connected to the internet in order for this to work. The Onion Router network, or Tor, sends internet traffic over numerous relays that each obscure and encrypt different parts of the traffic in order to anonymize the source of the traffic. Tor does not hide the ability for others to see that Tor is being used, so a government could certainly block the Tor circuits within the country’s internet. To get around that, there are also some “bridges” that can be used within Briar. Of course, you can turn off Briar’s ability to use the public internet completely and rely solely on the local mesh network if you want.
Briar even integrates with the Ripple Panic Button software which allows you to create one button that does a series of modifications to whichever apps you choose. With Briar, you can set the panic button to either simply lock and sign out of the app’s connection, or you can also make it completely wipe your Briar account, messages, and contacts from the device. If you delete the account, you (and no one else) will be able to access the messages or contacts, and you’ll have to go meet your friends in real life again in order to add them back.
Both Briar and Ripple are available in the Google Play Store, but it would probably be smarter to install them from an APK download via their websites, or via the F-Droid repository since those are less likely to associate the installations with your personally identifiable Google account. Also, perhaps the caveat that may be preventing the Hong Kong protesters from really taking advantage of Briar may be that it is not available on Apple’s iOS. It only works on Android-based operating systems at the moment. Although, if you’re interested in technology freedom, you probably shouldn’t be using Apple products.
Lead photo source: Lezsander