Amid all the conversation about Signal, and the debate over decentralization, one thing has often not been raised: all of these things require an Internet connection.
“Of course,” you might say. “Internet is everywhere these days.” Well, not so much, and it turns out there are some very good reasons that people might want messengers that work offline. Here are some examples:
- Internet-using messengers leak certain metadata (eg, that a person is using it, or perhaps a sophisticated adversary could use timing analysis to determine that two people are talking using it)
- Cell signal outages due to natural disaster, large influx of people (protests, unusual sporting events, festivals, etc), or other factors
- Locations where cell signals are not available (rural areas, camping locations, wilderness areas, etc.)
- Devices that don’t have cell data capability (many tablets, phones that have had service expire, etc.)
How do they work?
These all use some form of local radio signal. Some, such as Briar, may use short-range Bluetooth and Wifi, while others use radios such as LoRa that can reach several miles with low power. I’ve written quite a bit about LoRa before, and its unique low-speed but extreme-distance radio capabilities even on low power.
One common thread through these is that most of them are Android-only, though many are compatible with F-Droid and privacy-enhanced Android distributions.
Every item on this list uses full end-to-end encryption (E2EE).
Let’s dive on in.
Briar
Of all the options mentioned here, Briar is the one that bridges the traditional Internet-based approach with alternative options the best. It offers three ways for distributing data:
- Over the Internet, via Tor onion services
- Via Bluetooth to nearby devices
- Via Wifi, to other devices connected to the same access point, even if Internet isn’t wokring on that AP
As far as I can tell, there is no centralized server in Briar at all. Your “account”, such as it is, lives entirely within your device; if you wipe your device, you will have to make a new account and re-establish contacts. The use of Tor is also neat to see; it ensures that an adversary can’t tell, just from that, that you’re using Briar at all, though of course timing analysis may still be possible (and Bluetooth and Wifi uses may reval some of who is communicating).
Briar features several types of messages (detailed in the manual), which really are just different spins on communication, which they liken to metaphors people are familiar with:
- Basic 1-to-1 private messaging
- “Private groups”, in which one particular person invites people to the chat group, and can dissolve it at any time
- “Forums”, similar to private groups, but any existing member can invite more people to them, and they continue to exist until the last member leaves (founder isn’t special)
- “Blogs”, messages that are automatically shared with all your contacts
By default, Briar raises an audible notification for incoming messages of all types. This is configurable for each type.
“Blogs” have a way to reblog (even a built-in RSS reader to facilitate that), but framed a different way, they are broadcast messages. They could, for instance, be useful for a “send help” message to everyone (assuming that people haven’t all shut off notifications of blogs due to others using them different ways).
Briar’s how it works page has an illustration specifically of how blogs are distributed. I’m unclear on some of the details, and to what extent this applies to other kinds of messages, but one thing that you can notice from this is that a person A could write a broadcast message without Internet access, person B could receive it via Bluetooth or whatever, and then when person B gets Internet access again, the post could be distributed more widely. However, it doesn’t appear that Briar is really a full mesh, since only known contacts in the distribution path for the message would repeat it.
There are some downsides to Briar. One is that, since an account is fully localized to a device, one must have a separate account for each device. That can lead to contacts having to pick a specific device to send a message to. There is an online indicator, which may help, but it’s definitely not the kind of seamless experience you get from Internet-only messengers. Also, it doesn’t support migrating to a new phone, live voice/video calls, or attachments, but attachments are in the works.
All in all, a solid communicator, and is the only one on this list that works 100% with the hardware everyone already has. While Bluetooth and Wifi have far more limited range than the other entries, there is undeniably convenience in not needing any additional hardware, and it may be particularly helpful when extra bags/pockets aren’t available. Also, Briar is fully Open Source.
Meshtastic
Meshtastic is a radio-first LoRa mesh project. What do I mean by radio-first? Well, basically cell phones are how you interact with Meshtastic, but they are optional. The hardware costs about $30 and the batteries last about 8 days. Range between nodes is a few miles in typical conditions (up to 11km / 7mi in ideal conditions), but nodes act as repeaters, so it is quite conceivable to just drop a node “in the middle” if you and contacts will be far apart. The project estimates that around 2000 nodes are in operation, and the network is stronger the more nodes are around.
The getting started site describes how to build one.
Most Meshtastic device builds have a screen and some buttons. They can be used independently from the Android app to display received messages, distance and bearing to other devices (assuming both have a GPS enabled), etc. This video is an introduction showing it off, this one goes over the hardware buttons. So even if your phone is dead, you can at least know where your friends are. Incidentally, the phone links up to the radio board using Bluetooth, and can provide a location source if you didn’t include one in your build. There are ideas about solar power for Meshtastic devices, too.
Meshtastic doesn’t, as far as I know, have an option for routing communication over the Internet, but the devices appear to be very thoughtfully-engineered and easy enough to put together. This one is definitely on my list to try.
Ripple-based devices
This is based on the LoRa Mesh Radio Instructables project, and is similar in concept to Meshtastic. It uses similar hardware, a similar app, but also has an option with a QWERTY hardware keyboard available, for those that want completely phone-free operation while still being able to send messages.
There are a number of related projects posted at Instructables: a GPS tracker, some sensors, etc. These are variations on the same basic concept.
These use the Ripple firmware, which is not open source, so I haven’t pursued it further.
GoTenna
For people that want less of a DIY model, and don’t mind proprietary solutions, there are two I’ll mention. The first is GoTenna Mesh, which is LoRa-based and sells units for $90 each. However, there are significant community concerns about the longevity of the project, as GoTenna has re-focused on government and corporate work. The Android app hasn’t been updated in 6 monnths despite a number of reviews citing issues, and the iOS app is also crusty.
Beartooth
Even more expensive at $125 each is the Beartooth. Also a proprietary option, I haven’t looked into it more, but they are specifically targetting backwoods types of markets.
Do not use: Bridgefy
Bridgefy was briefly prominent since it was used during the Hong Kong protests. However, numerous vulnerabilities have been demonstrated, and the developers have said they are re-working the app to address them. I wouldn’t recommend it for now.
Alternatives: GMRS handhelds
In the USA, GMRS voice handhelds are widely available. Although a license is required, it is simple (no exam) and cheap ($35) and extends to a whole family. GMRS radios also interoperate with FRS radios, which require no license and share some frequencies, but are limited to lower power (though are often sufficient).
Handheld GMRS radios that use up to 5W of power are readily available. A voice signal is a lot harder to carry for a long distance than a very low-bandwidth digital one, so even with much more power you will probably not get the same kind of range you will with something like Meshtastic, and they don’t come with any kind of security or encryption at all. However, for basic communication, they are often a useful tool.
@jgoerzen thank you. There is interest in adding support for #LoRa, even so it is in this moment not actively worked on it. You find a git issue about that here: https://code.briarproject.org/briar/briar/-/issues/1742
lora
Using LoRa frequencies to leverage the reach of briar (#1742) · Issues · briar / briar
@briar Oh interesting! It would be absolutely fantastic to have a communicator that could switch between Tor, Bluetooth, Wifi, and even #LoRa!
lora
@jgoerzen Yes! Hopefully some time in future.
@jgoerzen @briar Thank you so much for posting this! I would love to try out all of these. Now, if only some friends would decide that they are also interested…
@KolokokoBird @briar The eternal problem, yes. To be sure, none of these have the polish of Signal (which has integrated video calling, photo attachments, etc) so getting non-techies to use them day-to-day may be a challenge.And yet, there was a time when I was the only one I knew using Signal, and now my contact list there is full.In any case, you could make a STRONG case for this when going to a concert, festival, campsite, etc. “Works when cell is unavailable”
@jgoerzen you missed scuttelebutt, which can also sync over local wifi or bluetooth
My main concern about Scuttlebutt is that it spreads around the internet a permanent, signed record of everything you do—posts, follows, likes, etc.—, making it good for uncensorable publication, but not so good for private communication. Perhaps Briar has the same problem, though perhaps to a lesser extent, since (I think) it doesn’t require all of a person’s previous messages in order to verify that their latest one is valid. But I think even messages to private groups are signed, so if the founder of the private group later invites the Chinese Communist Party (for example) to join, then they’ll have a verifiable record of what you said, if I understand correctly.
@joeyh Oh good to know! I definitely will check that out. Does it have mobile clients also?
@jgoerzen @briar bluetooth works only few meters why do i need a messenger if I can use my mouth to talk?
@raimondaslapinskas @briar There are cases, but perhaps the most compelling here would be if they have Internet on their device but you don’t, or can store it on their device before they drive into town, etc. Briar supports this.
@jgoerzen yes, manyverse is one mobile client with bluetooth
@jgoerzen @briar a downside with #Briar tho is it is Android only which is fine for me but stops me communicating with anyone on iOS….
briar
It would be great if these apps also had support for audio communication in the range outside human hearing.
@joeyh Thanks, I will check it out tonight! I had previously thought of #Scuttlebutt as more of a social network, but this is an interesting use case.
scuttlebutt
There is also “Meshenger”: https://github.com/meshenger-app/meshenger-android
“Voice- and video calls without any server or Internet access. Simply scan each others QR-Code and call each other. This works in many local networks such as community mesh networks, company networks or at home.
Meshenger exchanges the contact name, public key and MAC/IP/DNS address via QR-Code. By default, only a MAC address is transferred as address and then used to create an IPv6 link local address to connect to the contact. This does not even need a DHCP server. The exchanged public key is used to authenticate/encrypt signaling data to establish a WebRTC session that can trasmit audio and video.”
Neat, thanks Bill! It doesn’t look like a mesh (at first glance?) but for people all sharing a LAN, it could be nice.
@jgoerzen @briar one of the biggest challenges is not you (general “you” here for us techies), the techie, privacy-oriented guru. It is your family, relatives, friends, people you need communications with and all they know is how to turn on their iPhones. I know I’m not bringing up anything new here, but I think we need to keep remembering to focus on this… somehow. #privacy #encryption
encryption
privacy
@jrss @briar You are absolutely right. It’s why, despite the legit flaws people point out, I still suggest #Signal to people. Unlike #Matrix/#Element, there is no un-encrypted mode. It has secured voice and video calls. Elon Musk aside, it is reliable and works where people expect it to.I’m excited about possibilities of these systems. None of them are ready to knock off Signal yet, but there is plenty of room for them to grow in that direction in the future.
Matrix
Signal
@jrss @briar And some of them are extremely useful for situations where NONE of the traditional messengers work: where there’s no Internet. I understand that is a niche use case in the industrialized West, but still it has its uses.
2/ #Signal brings #encryption and #privacy to meet people where they’re at, not the other way around. People don’t have to choose a server, it can automatically recognize contacts that use Signal, it has emojis, attachments, secure voice and video calling, and they all just work (Musk aside). It feels, and is, a polished, modern experience with the bells and whistles they are used to.
Signal
encryption
privacy
3/ I am a huge fan of #Matrix/#Element and even run my own instance. It has huge promise. But it is Not. There. Yet. Some reasons:#Synapse, the only currently viable Matrix server, is not ready. My Matrix instance hosts ONE person, me. Synapse uses many GB of RAM and 10+GB of disk space, with little tuning for either. It’s caused OOMs more than once. And this is AFTER extensive tuning. It cannot be hosted on a Raspberry Pi or even one of the cheaper VPSs.
Matrix
synapse
4/ Choosing a #Matrix instance. Well you could just tell a person to use matrix.org. But then it spent a good portion of last year unable to federate with other popular nodes due to Synapse limitations. Or you could pick a random node, but will it be up when someone needs to say “my car broke down?” Some are run from a dorm computer, some by a team in a datacenter, some by one person with EC2, and you can’t really know. Will it be stable and long-lived? Hard to say.
Matrix
5/ Voice and video calling is not there yet. Matrix has two incompatible video calling methods (Jitsi and built-in), neither work consistently well, both are hard to manage, and both have NAT challenges.
6/ #Matrix is so hard to set up on a server that there is matrix-docker-ansible-deploy https://matrix.org/docs/projects/other/matrix-docker-ansible-deploy/ . This makes it much better but it is STILL terribly hard to deploy, and very simple things like “how do I delete a user” or “let me shrink down this 30GB database” are barely there yet, if at all.
Matrix
matrix-docker-ansible-deploy | Matrix.org
7/ Encryption is not mandatory in #Matrix. E2EE has been getting DRAMATICALLY better in the last few releases, but it is still optional, especially for what people would call “group chats” (rooms). Signal is ALWAYS encrypted. Always. (Unless, I guess, you set it as your SMS provider on Android). You’ve got to take the responsibility off the user to verify encryption status and make it the one and only way to use the ecosystem.
Matrix
8/ Again, I LOVE #Matrix. I use it every day to interact with Matrix, IRC, Slack, and Discord channels. It has a TON of promise. But would I count on it to carry a “my car’s broken down and I’m stranded” message? No.
Matrix
9/ What about some of the other options out there? #Briar is fantastic and its offline options are novel and promising. But in common usage, it can’t deliver a message unless both devices are online simultaneously, and doesn’t run on iOS (though both are being worked on). It also can’t send photos or do voice or video calling.
Briar
10/ Some of those same limitations apply to most of the alternatives also. Either that, or they are encryption-optional, or terribly hard to set up and use. Just today, I boosted a post about #Status, which shows a ton of promise also. But it’s got no voice or video calling capabilities. How about #Scuttlebutt? Fantastic protocol, extremely difficult onboarding (lengthy process, error-prone finding a sub, multi-GB initial download, etc)
scuttlebutt
status
11/ So #Signal gives people: dead-simple setup, store-and-forward delivery, encrypted everything, encrypted voice/video calls, ability to send photos/video encrypted. If you are going to tell someone “it’s so EASY to get your texts away from Facebook and AT&T”, THIS IS THE THING you’ve got to point them to. It may not be in 2 years, but for now, it is. Do not let the perfect be the enemy of the good. It advances the status quo without harming usability, which nothing else does yet.
Signal
12/ I am aware of all of the very legitimate criticisms of #Signal. They are real and they are why I am excited that there are so many alternatives with promise, some of which I use actively. Let us technical people use, debug, contribute, and evangelize the alternatives.And while we’re doing that, tell Grandma to contact us on Signal./END
Signal
@jgoerzen great exposition, most comprehensive address to my objections. still: i don’t want to give my phone number to people i don’t trust (that is moxie and openwhisper and all who can grab it from the discovery process, like the police, the state, fascists, etc). i don’t want them to have my kid’s phone number either, nor my friends and comrades. 1/
@jgoerzen fascism is here, all around us already, in various forms. those phone numbers will be in many databases comprising a graph of relations of everyone on signal. available to all future police and repressive regimes. unacceptable
@zeh I totally agree with that!! But how about using a burner number from the internet for sign up? Then set a strong registration lock password. You won’t need access to the number after that anymore. Of course, it would be nice to do that without a workaround, but still…Btw, your phone number is sent to the server only in a hashed form. So I imagine plain text retrieval by a third party a very hard task to accomplish…@jgoerzen
@zeh I think you and I are pretty much in agreement about Signal’s weaknesses. But for the vast majority of people, the choice is not “Signal or #Element“, it’s “Signal or SMS/Whatsapp”. And the reason is that Signal is the only thing that they are going to be able to easily learn, use, and understand.Give them Status or Element and it’s going to get tried out for 10 minutes and then ignored or deleted, by the vast majority of people. Either that or they will stumble into plaintext.
Element
@zeh 2/ As I reflect on this, I’m going to make a bold and possibly wrong assertion: #Signal is the first and only system the world has seen that makes strong cryptography easy to adopt correctly for everyone.I was using #PGP in the 90s, still use #GPG, and of course there’s #TLS, but none of these are easy to get right.Signal isn’t perfect but it’s better than the alternatives people are used to, and that right there is huge.
Signal
gpg
pgp
tls
@jgoerzen Additionally, I find it remarkable, that it’s the first (I’d say since decades) direct #opensource competition to large enterprise (FB/Google) software that is actually standing a chance in the #mainstream.@zeh
OpenSource
mainstream
@jgoerzen Thank you for the great summary!! 🙂 I think you really hit the core of that question very well. In many discussions about that topic, tech users don’t consider the average user enough, or even at all, or have a wrong image of them.
@jgoerzen you are defending that we should compromise on metadata security. i refuse that. metadata is as important (or even more important than data, since it’s analysis can be automated). they arrest, torture and kill based on metadata. i will not recommend a communication system that is an absolute dead end wrt metadata protection and will not say it is “more secure” when compared to whatsapp/sms – as that is deceptive and will put them in danger.
@jgoerzen Nice writeup! I totally agree!This is not the first of the calls for us “techies” to push our families and friends over to Signal.What I have not yet seen, is examples of what to send. How did you convince your family? Let’s help eachother and share these messages!I understand that this message should be tweaked to the recipients specific concerns, but a broad list of examples could really help lower the barrier to start this work!#pushsignal ?
pushsignal
@kingannoy Good question, and I think the answer has to be personal. For basic SMS users, maybe it’s, “Hey, look at these checkmarks so you know if it actually arrived on their phone” and “Look, you can just tap a single button to go from texting to video.” For iMessage users, “You can talk to Android users the same as iOS with all these features.” To some, “this reduces the power of mega corporations” is convincing.
@zeh Not really. What I’m saying is if you take the “all or nothing” attitude, and “all” is hard to use correctly, is crypto-optional, or doesn’t have features people want, they will go to “nothing” instead (or use “all” incorrectly), which is WORSE.Fundamentally, every “instant” system is vulnerable to a timing analysis by sophisticated state actors anyway (whenever person A sends a packet, person B gets one).
@zeh There is absolutely a need for things like #Meshtastic that don’t even use the Internet, and other things that tilt the balance further away from usability. But advocating their use in such strong terms now is counter-productive at lifting the global average level of privacy, because they are hard to use correctly and don’t have the features people expect.
meshtastic
@jgoerzen can’t wait until my mom can use matrix but yeah it isn’t there yet
@kingannoy @jgoerzen This is the first message I send my friends :)
@kingannoy @jgoerzen And this is what I replied after getting the serious question: “Why are you quitting WhatsApp?”
@Erik @kingannoy @jgoerzen Uhm je hebt het over decentraal , maar dan zou je eigenlijk ook niet op de hoofd server matrix.org mogen zitten ;)
@jgoerzen honestly if it wasn’t for signal being my SMS app I wouldn’t be using it. The number of my contacts that use it is so low it would be hard to justify.
@jgoerzen @zeh I’m almost certain 50 MILLION people have never used secure telecommunications ever before last week.
@zeh @jgoerzen Saying that Signal is not more secure than SMS is ridiculous.
@jgoerzen IMO the biggest issue with Signal currently is the lack of a client for mobile Linux. There has been discussion of how to solve that on the Purism forum: https://forums.puri.sm/t/signal-silence-on-gnu-linux-a-comprehensive-summary-librem-5-app/5002
Signal / Silence on GNU+Linux : A comprehensive summary | Librem 5 app
@rd @jgoerzen When it comes to online privacy the Asian countries are basically one of the least developed regions. Here those who advocate tools to avoid centralized services are often regarded as just geeks. That is what I would like to change at first.