Bridgefy’s commitment to privacy and security
Bridgefy has been used by more than 1.7 million people around the world. As the app grows, our company must grow to meet new challenges.
Over the past year, we’ve learned a very valuable lesson: users decide how an app is best used, not us. Our primary focus has always been to provide users with a reliable way of communicating without the Internet and while we never expected to become the default “protest app,” our user base did. We’re thankful that so many people have chosen Bridgefy as a communication tool to tackle some of the most important issues of our time.
Bridgefy is great for communicating with your friends during crowded concerts, sports events, and schools, but we soon discovered that people were using Bridgefy in situations that warranted taking extra caution, especially with respect to political discourse and action. Our users asked if Bridgefy was completely safe and private, and we ultimately found the answer did not satisfy our vision.
Bridgefy is encrypted, but not enough to keep people as safe as they needed to be. We realized that Bridgefy’s security model was appropriate for a small startup, but not for the scale it has achieved today and the growth we want in the future.
Trying not to reinvent the wheel, we searched for an existing solution that we could use and was already validated by security experts, and so we decided to start implementing the Signal Protocol, a robust end-to-end encryption library. Adopting Signal will let us feel confident about users’ safety and well-being.
The main issues we are fixing are:
- A third person will no longer be able to impersonate any other user
- Man-in-the-middle attacks done by modifying stored keys will no longer be possible
- One-to-one messages sent over the mesh network will no longer contain the sender and receiver IDs in plain text
- A third person will no longer be able to use the server’s API to learn others’ usernames
- All payloads will be encrypted
- Historical proximity tracking will not be possible
What does this mean in plain English? it means using Bridgefy will now be much, much safer!
We would like to thank our users for understanding our mission to empower people to communicate no matter what — and for sticking with us as we learn, adapt, and grow. Without your feedback and support, we wouldn’t exist. We’d also like to thank the research team at Royal Holloway University of London for working with us to address the aforementioned issues. Your help has proven to be invaluable in helping us grow and improve.
We are confident that we will be able to deploy and publish a new version of the Bridgefy App and SDK by mid- or late-October, 2020. As a small startup trying to improve the world and the way people communicate, it excites us to think about the future. We can’t wait to hear about the creative ways that people will use Bridgefy!
If you have any questions or concerns, please visit the Bridgefy blog or write to us at contact [at] bridgefy.me
The Bridgefy Team