Don’t Use Bridgefy for Messaging at Protests

Readers who regularly attend protests are likely familiar with the Bridgefy messaging app, and may even use it. The app was initially envisioned as an “offline” communication network for use in rural communities, at times of high network congestion (like sporting events), or even amid natural disasters. The app uses Bluetooth and meshed router networking to create self-contained, inter-device communication systems that work outside of mobile and wifi networks.

It’s a great idea in general, and the app has racked up over 1.7 million downloads. But after Bridgefy’s CEO started claiming the app is a safe, fully-encrypted messaging tool that can’t be disrupted by outside forces, it quickly became a go-to communication resource for many activists and protestors.

Unfortunately, those privacy claims appear to be unfounded.

A cybersecurity research team from the Royal Holloway University of London published a paper on Monday detailing several critical bugs and missing features the team found in April. The vulnerabilities still exist in the app, even after the researchers disclosed the bugs to Bridgefy and demonstrated their severity.

You can read the paper here, and for a full explanation of the bugs in the app and the threats they pose to its users, check out Ars Technica’s report on the paper. But in brief, the unpatched vulnerabilities can be used to:

• Decrypt, read, tamper with and send messages

• Reveal identities and even impersonate other users

• Monitor and collect user interactions in real-time and retroactively

• Shut down entire networks

There’s no evidence that such attacks have occurred, but Royal Holloway’s research proves they’re not difficult to pull off. That puts protestors, journalists and activists who rely on Bridgefy at risk—and in places where demonstrators are working against openly hostile oppressors, those risks are much higher even than arrest, jail time, tear gas or pepper spray.

Given the potential risks, Bridgefy isn’t safe for protestors.

How to Protest, With Activists L.A. Kauffman and Charlene Carruthers Read More

What’s a safer alternative? We have resources for keeping yourself, your data and your fellow protestors safe while protesting. That includes recommendations for time-tested messaging apps with true end-to-end encryption if you need one built specifically for anonymous communication. Many, like Signal, include additional privacy features such as auto-deleting messages and files, PIN security and a photo-blurring tool. There are also several encrypted voice and video chat apps as well.

[Ars Technica]