Until a proper Briar mailbox is available, you can hack your own always-on Briar node with devices like the Raspberry Pi. The official binary provided by The Briar Project only works on Linux x86 devices so far, but at the end of the article you can find a Git patch to build your own binary that runs everywhere.
Note: You can seriously lower the security of your Briar communications when following this guide. Only do this if you know what you’re doing!
Download the briar-headless linux-x86 binary and check that its fingerprint matches e.g. the one used in Briar GTK’s flatpak:
wget https://briarproject.org/jar/briar-headless-1.2.12.jar -O briar-headless.jar sha512sum briar-headless.jar echo "8b0f5081b96094a3b563c26739034448c0b42d68c4ebf23ab7fe854ec47c5b720fdddced2852e2e0291a6c34bde6bfcfae41aefcec3c044898845052b5cc9bd8"
Make sure to always use the latest available version!
Ramp up the server following the docs:
java -jar briar-headless.jar
This will ask you for your password (and a username on the first start). To start it in the background, exit the current process (ctrl + c) and use nohup:
(echo -e "password\n" | nohup java -jar briar-headless.jar) &
You need to wait a bit after this for Briar to start up the server.
If you want to kill the process:
ps -aux | grep briar-headless kill <id>
Allow tunneling in the SSH config:
AllowTcpForwarding yes PermitTunnel yes
Don’t forget to restart SSH with
sudo systemctl restart sshd.
Copy the authentication token to your local device (note that there must not be a newline at the end of the file):
You can also upload your local Briar account to the server. However, it’s really important that you delete the Briar account on your local computer to prevent some sort of attacks!
rsync -r ~/.briar user@server:/home/user/ rm -r ~/.briar
From your local computer, create an SSH tunnel to the server:
ssh -L localhost:7000:localhost:7000 user@server
When starting Briar GTK, you should now be able to login using a random password (since we already logged in on the server).
To get Briar running on ARM devices like the Raspberry Pi, you need to patch briar-headless with briar-ship-no-tor-binary.patch. This will disable Briar’s own Tor binary, allowing you to use your own:
Users can provide their own binary in ~/.briar/tor:
sudo apt install tor tor-geoipdb obfs4proxy cp /usr/bin/tor ~/.briar/tor/tor cp /usr/bin/obfs4proxy ~/.briar/tor/obfs4proxy cp /usr/share/tor/geoip ~/.briar/tor/geoip
The file ~/.briar/tor/torrc should contain:
ControlPort 59051 CookieAuthentication 1 DisableNetwork 1 RunAsDaemon 1 SafeSocks 1 SocksPort 59050
You can apply this patch with
git am < briar-ship-no-tor-binary.patch
If you want to stay informed about what happens to the outer Briar universe, make sure to subscribe to this rss feed which will keep you up-to-date on everything happening around Briar on this blog.
All content in this blog post got released under a CC0 1.0 Universal Public Domain Dedication. Feel free to share it with your peers!