Yes, but they have their own weaknesses. For instance, Briar exposes your Bluetooth MAC, and there's a bunch of nasty Bluetooth vulns waiting to be exploited. You can't ever perfectly solve for both security and usability, you can only make tradeoffs.
Briar has multiple modes of operation. The Bluetooth mode is not the default mode of operation and is there for circumstances where Internet has been shut down entirely.
For users who configure Briar to connect exclusively over Tor using the normal startup (e.g., for internet-based syncing) and disable Bluetooth, there is no Bluetooth involvement at all, so your Bluetooth MAC address is not exposed.
Both Session and Briar are decentralized technologies where you would never be able to approach a company to get any information. They operate over DHT-like networks and with Tor.
Signal does give out phone numbers when the law man comes, because they have to, and because they designed their system around this identifier.
Signal can still tell law enforcement (1) whether a phone number is registered with Signal, and (2) when that phone number signed up and (3) when it was last active. That's all, and not very concerning to me.
To prevent an enumeration attack (e.g. an attacker who adds every phone number to their system contacts), you can also disable discovery my phone number.
While Session prevents that, Session lacks forward secrecy. This is very serious- it's silly to compare Session to Signal when Session is flawed in its cryptography. (Details and further reading here https://soatok.blog/2025/01/14/dont-use-session-signal-fork/ ). Session has recently claimed they will be upgrading their cryptography in V2 to be up to Signal's standard (forward secrecy and post-quantum security), but until then, I don't think it's worth considering.
I agree that Briar is better, but unfortunately, it can't run on iPhones. I'm in the United States and that excludes 59% of the general population, and about 90% of my generation. It's not at fault of the Briar project, but it's a moot point when I can't use it to talk to people I know.
Yes, but they have their own weaknesses. For instance, Briar exposes your Bluetooth MAC, and there's a bunch of nasty Bluetooth vulns waiting to be exploited. You can't ever perfectly solve for both security and usability, you can only make tradeoffs.
Briar has multiple modes of operation. The Bluetooth mode is not the default mode of operation and is there for circumstances where Internet has been shut down entirely.
For users who configure Briar to connect exclusively over Tor using the normal startup (e.g., for internet-based syncing) and disable Bluetooth, there is no Bluetooth involvement at all, so your Bluetooth MAC address is not exposed.
Neither does Signal.
Both Session and Briar are decentralized technologies where you would never be able to approach a company to get any information. They operate over DHT-like networks and with Tor.
Signal does give out phone numbers when the law man comes, because they have to, and because they designed their system around this identifier.
This changed about two years ago, when they added usernames. ( https://signal.org/blog/phone-number-privacy-usernames/ )
Signal can still tell law enforcement (1) whether a phone number is registered with Signal, and (2) when that phone number signed up and (3) when it was last active. That's all, and not very concerning to me. To prevent an enumeration attack (e.g. an attacker who adds every phone number to their system contacts), you can also disable discovery my phone number.
While Session prevents that, Session lacks forward secrecy. This is very serious- it's silly to compare Session to Signal when Session is flawed in its cryptography. (Details and further reading here https://soatok.blog/2025/01/14/dont-use-session-signal-fork/ ). Session has recently claimed they will be upgrading their cryptography in V2 to be up to Signal's standard (forward secrecy and post-quantum security), but until then, I don't think it's worth considering.
I agree that Briar is better, but unfortunately, it can't run on iPhones. I'm in the United States and that excludes 59% of the general population, and about 90% of my generation. It's not at fault of the Briar project, but it's a moot point when I can't use it to talk to people I know.