Briar

P2P encrypted messaging over Tor. Works when the internet doesn't.

Open source

Strong

https://briarproject.org · Reviewed 2026-04-02 · Editorial assessment by Mike Schneider — based on public security research and audits

What should journalists know about Briar?

Briar is the most resilient messenger available. When Iran shut down the internet on January 8, 2026 — cutting off 85 million people mid-protest — Briar kept people connected via Bluetooth and WiFi mesh. No other messenger can do that. It routes over Tor when internet exists, falls back to Bluetooth/WiFi/USB when it doesn't, and stores nothing on any server because there are no servers. The Bramble protocol suite provides E2E encryption with forward secrecy across every transport layer. Two independent security audits (Cure53 in 2017, Radically Open Security in 2023) found no critical vulnerabilities. The tradeoffs are real: Android-only on mobile, no iOS (and none planned), both devices must be online simultaneously to sync unless you run Briar Mailbox. Desktop is still beta. But Briar isn't trying to replace Signal for daily use — it's the tool you need when Signal's servers are blocked or the internet is gone entirely.

Best for

Communication during internet shutdowns. Reporting in countries where Signal, WhatsApp, and Telegram are blocked. Bluetooth/WiFi mesh coordination at protests. Source communication when metadata protection matters more than convenience.

Not for

Daily messaging (no iOS, limited desktop). Large group coordination (sync requires both devices online). Anyone unwilling to accept UX friction for security gains.

Security & Privacy

Encryption in transit Yes

Data is scrambled while being sent to their servers

Encryption at rest Yes

Data is scrambled when stored on their servers

Data jurisdiction Local only. No servers exist. Data never leaves participating devices. Messages stored in encrypted database on-device.

Where servers are located — affects which governments can request your data

Security rating Strong

No servers means no data collection, no metadata, no logs. Messages sync directly between devices over Tor, WiFi, or Bluetooth. Nothing is stored anywhere except on participants' devices in an encrypted local database. Contact lists are encrypted on-device. Even the Briar Mailbox (asynchronous relay) only buffers encrypted messages between a user and their contacts — no third-party access.

How to protect yourself:

Exchange contacts in person when possible — Briar uses QR codes for contact verification, which is the strongest authentication model. Understand that messages only sync when both devices are online simultaneously, unless you set up Briar Mailbox on a spare Android device for asynchronous delivery. Keep the app updated; the small team ships critical fixes promptly (three CVEs in 2023 were patched within weeks). For desktop use, Briar Desktop 0.6.5-beta is available for Linux, Windows, and macOS but limited to 1:1 messaging — no groups or forums yet.

Fully decentralized architecture eliminates server-side attack surface entirely. Bramble protocol suite provides E2E encryption with forward secrecy across Tor, Bluetooth, WiFi, and USB transports. Tor routing by default hides metadata (who talks to whom). Two independent audits — Cure53 (2017, 12 findings, no critical) and Radically Open Security (2023, 6 findings, no critical) — confirm strong implementation. Three CVEs in 2023 were responsibly disclosed by ETH Zurich and patched quickly. Open source, reproducible builds via F-Droid. 3.6M+ Google Play downloads. No comparable tool exists for internet-shutdown resilience.

Who Owns This

Owner Briar Project (open-source community, founded 2011 by Michael Rogers and Eleanor Saitta)

Funding Grants from Open Technology Fund ($361K as of 2018), NLnet Foundation (NGI Assure/NGI Zero), Access Now, Small Media Foundation, Internews, Prototype Fund, ISC Project, eQualit.ie. No corporate backing.

Business model None. Volunteer and grant-funded open-source project. No revenue model, no ads, no data monetization. Sustainability depends entirely on continued grant funding — a real risk for a tool this important.

Known issues

No iOS app, and the project has stated none is planned — iOS background restrictions make Briar's architecture fundamentally incompatible. Briar Desktop (0.6.5-beta as of February 2026) supports only 1:1 messaging; no forums, groups, or blogs. Three CVEs disclosed in 2023: CVE-2023-33980 (message duplication in forums/groups, fixed in 1.4.22), CVE-2023-33981 (crash via invalid messages, fixed in 1.4.22), CVE-2023-33982 (Bramble Handshake Protocol not forward-secure when adding contacts via links, fixed in 1.5.3 — impractical to exploit because BHP runs over Tor v3 hidden services). Radically Open Security audit (Sept-Oct 2023) found six additional issues: one moderate (overlay attack on Android <12), five low-risk. Four of six resolved by March 2024 retest. Grant-dependent funding model creates long-term sustainability risk. Small development team — roughly 3-5 core contributors. Both devices must be online simultaneously for message sync without Briar Mailbox.

Pricing

Free. Open source (GPLv3).

This is an editorial assessment based on publicly available information as of 2026-04-02, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.

Something wrong or outdated? Report it.