Don’t Use Bridgefy for Messaging During Protests
Readers who regularly attend protests are likely familiar with the Bridgefy messaging app and may even be using it. The application was originally conceived as a “stand-alone” communication network for use in rural communities, during high network congestion (for example, at sports events) or even during natural disasters. The app uses Bluetooth and network routers to create autonomous communication systems between devices that operate outside of mobile and Wi-Fi networks.
All in all, this is a great idea and the app has been downloaded over 1.7 million times. But after the CEO of Bridgefy began arguing that the app was a secure, fully encrypted messaging tool that couldn’t be tampered with by outside forces, it quickly became a communication resource for many activists and protesters.
Unfortunately, these privacy statements seem unfounded.
A team of cybersecurity researchers at Queen’s University of London, Holloway, released a paper Monday detailing several critical bugs and missing features the group discovered in April. Vulnerabilities still exist in the application even after researchers reported bugs to Bridgefy and demonstrated their severity.
You can read this document here , and for a full explanation of application bugs and the threats they pose to users, check out Ars Technica’s report on this document . But in short, unprotected vulnerabilities can be used to:
- Decrypt, read, modify and send messages
- Disclose identities and even impersonate other users
- Monitor and collect data on user interactions in real time and retroactively
- Turn off entire networks
There is no evidence that such attacks took place, but Royal Holloway research proves that they are not difficult to carry out. This puts protesters, journalists and activists who rely on Bridgefie at risk, and in places where demonstrators work against openly hostile oppressors, the risks are much higher than even arrest, jail time , tear gas or pepper spray .
Given the potential risks, Bridgefie is not safe for the protesters.
Which alternative is safer? We have the resources to keep ourselves , our data and other protesters safe during protests . This includes recommendations for proven messaging apps with true end-to-end encryption if you need it to be built specifically for communicating anonymously. Many, like Signal, include additional privacy features such as automatic deletion of messages and files , PIN security , and a blur photo tool . There are also several applications for encrypted voice and video chat .
[ Ars Technica ]