ZH version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
48% Positive
Analyzed from 1775 words in the discussion.
Trending Topics
#app#briar#code#users#don#still#security#project#apple#android

Discussion (54 Comments)Read Original on HackerNews
Pretty much every app I have has delayed notifications, and no matter of battery optimization settings can fix it.
I saw it shared at dweb camp and it seemed like a pretty long term serious project for P2P.
If the goal is messaging that avoids government spying or censorship its a lost cause - the government would simply compel Apple to pull the app in their jurisdiction.
Also, how do you avoid leaking the sender? You can avoid giving Apple that information by routing the notification through a server, but then that server would know the sender and recipient.
because without such a critical mass of normal users you get something like tor or grapheneos that the state begins to associate with people engaging in unsavoury activity
This is actually non-trivial. There's an app I was working on where I wanted to have a local first mode that allowed people to use the app for free without an account and there was also a cloud hosted version that allowed for team collaboration, etc.
For this kind of thing to work chunks of the app essentially need to be written twice. So, not fun.
BLE/LoRa/radio/internet mesh with reticulum that combines chat, social and torrents over NOSTR (decentralized protoocol).
Still beta, around August should be stable.
Briar is a messenger app that worked on local networks, over Bluetooth, and over Tor if traveling the Internet. Fully encrypted and the purpose was decentralized, serverless messaging.
I liked the concept, and tested it out a little on my Android devices. But it looked straight out of 2009, and it had the issues described in the post. Still. Thanks for the work. I hope it can get revived or inspire others some day.
P.S. feature request! If Alice, Bob and Charlie are all contacts with each other, and Alice writes an offline message to Charlie, Alice should be able to opportunisticly hand the encrypted message to Bob on their shared network, and Bob can deliver it to Charlie.
This P2P system would probably only work if implemented by Google/Apple themselves and they have zero desire to do so since it's a feature almost no one would want.
This is intentionally only included in Forum-mode chats in Briar. Over direct message, leaking contacts is considered a breach of security. (Your definition of "leak" may differ.) In group messages, only the group admin is considered trusted, and every message must go directly to or come from them.
In every security tradeoff, Briar chose the option that maximizes security, even considering how the airwave transmission times might be fingerprintable as Briar traffic.
Not saying any of this is a good way to make a useable app for wide adoption, but it is intentional and highly opinionated.
The truth is donations do not work for tiny open source projects in the long term and even when Briar was quietly building for many years, it is clear that it is not enough.
Does that negate any of the points?
If these are actually the problems, then why not throw 200 dollars of GPT 5.6 at these instead of shutting it down? Were these systematic problems (Apple/Google hegemony, for example) that couldn't be beat with code?
The locking down of the Android platform, IME, is a massive, decade-long process[2] with "full speed ahead" corporate backing. Even just a few years ago, you could maybe code around some of the restrictions (if supported by users going into settings and tapping some checkboxes); today it's impossible even with root. To get working "push notifications" outside of the official channel, you need to hack the support into the OS - or accept that you probably will get the notification, but it can be anytime from a few minutes to a quarter hour before your app receives it.
[1] In which case, making them use tens of thousands of AI-generated code "for security" is a clear moral hazard you probably don't want to walk into.
[2] I don't want to judge whether it's a move in the right direction or not - that's a separate matter. But it is happening.
To begin with, that 200 dollars need to come from somewhere. Are you going to personally contribute to that 200 dollars? If not, someone needs to find money from somewhere. Then, I can assure you it's going to be much more than 200 dollars before you realize it.
But yeah that's why I was asking if this was a non-code issue? Because they're presenting it as hey, we couldn't figure out the battery life in this post.
I would never say it's "reasonable" to expect anyone (including maintainers) to contribute money or code to an open source project.
Must be easy for you to type these things from your comfortable armchair.