It's ironic that this update plays up how Briar "hides metadata" when the audit found that the application deanonymizes its users by exposing DNS lookups during RSS updates.
Indeed. On the plus side, I found the audit very readable, and a great source for some good Android security advice.
I do wonder what plans are in place for migrating user data and identities - of all electronic devices, the one most likely to be lost, stolen, broken has to be the phone - and it's not really great if loss of the device means loss of access to the network and built-up web-of-trust.
I see there's a mechanism to introduce contacts to each other - perhaps that could be implemented (technically) similar to pgp key signing/web-of-trust - that would still require a means to backup ones secret key, in order to regain access though.
This is the first public beta, so presumably anyone testing the software were well aware of the risks, and they would fix the vulnerabilities found before making the release.
I do wonder what plans are in place for migrating user data and identities - of all electronic devices, the one most likely to be lost, stolen, broken has to be the phone - and it's not really great if loss of the device means loss of access to the network and built-up web-of-trust.
I see there's a mechanism to introduce contacts to each other - perhaps that could be implemented (technically) similar to pgp key signing/web-of-trust - that would still require a means to backup ones secret key, in order to regain access though.