Bridgefy App Protest

Zina Leonova/Shutterstock Bridgefy (Licensed) Ana Valens

Bridgefy blew up during the Hong Kong uprising. Should Americans use it, too?

What happens if the internet goes down?

Nov 3, 2020, 12:31 pm*

IRL

Ana Valens 

Ana Valens

How do we communicate without the internet? That question may not be on most Americans’ minds, but it should. Phone outages happen, Wi-Fi networks go down, and natural disasters can make the internet difficult or impossible to reach. And if you’re an activist, organizer, or protester (AOP), you may be faced with another problem: an internet outage caused by police or federal agents.

Advertisement Hide

As COVID-19 increased Americans' reliance on the internet to communicate, it also sparked heightened fears around what would happen if network infrastructures were pulled. During widespread civil unrest, that's a real possibility; the Brooking Institute's Visiting Fellow Tom Wheeler writes President Donald Trump could "shut down radio, television, both wireless and wired phone networks, and the internet" thanks to the Communications Act. Chloe Hadavas at Slate, on the other hand, reports that police have previously shut down cell service to blackout protesters in San Francisco in 2011, and tribal leaders claimed their phones were jammed during the Standing Rock protests in 2016. Should police officers or federal agents shut down communications infrastructure, Hadavas warns, the impact would be devastating for our healthcare systems, our first-responder networks, and even our cities' economic health.

Advertisement Hide

So, if the internet goes down, why not communicate over Bluetooth? That's the premise behind Bridgefy, one of the most popular "offline messaging" apps for mobile devices. On Oct. 30, Bridgefy published an update that added end-to-end encryption via the Signal protocol, according to a press release by the app. Bridgefy now relies on advanced encryption to protect "every single message," a technical article on the subject explains.

"With the new security model in place, we are much more confident that users will feel safe and protected when using our chat app or any of our clients’ apps, regardless of the scenario they’re using it in," Bridgefy writes in its article. "Users will now enjoy end-to-end encryption and the greater sense of privacy this brings, especially when they engage in activities that may put their lives and their privacy at significant risk."

Advertisement Hide

This is a gamechanger for AOPs across the world. And it begs the question of whether Americans should give the app a try, too, given the civil unrest the nation could face after Tuesday's presidential election.

What is Bridgefy?

Bridgefy is an instant message-based iOS and Android mobile app that lets users chat with one another via Bluetooth. To use Bridgefy, download the app when you have internet access and complete your profile setup. Once you're done, you can communicate with nearby Bridgefy users without a Wi-Fi connection nor data plan. As long as you're in range of each other, you can message each other.

Advertisement Hide

Bridgefy can connect users within 330 feet of each other. If multiple Bridgefy users are in an area, they can create a self-healing mesh network, or a decentralized communications network based on close-range distance. No need for a constant internet connection, and no need to be in the same room or area. As long as you're in range of a connected mesh network user, your phone operates as a node on a much larger interconnected network.

Let's say four Bridgefy users are standing in a straight line across 1,200 feet. The front of the line and the bottom of the line are both communicating with each other, despite being over 1,000 feet apart. Their messages rely on the two people in the middle, who (unknowingly) lets their responses "hop" from endpoint to endpoint. This turns the 1,200 foot line into a "bridge," hence the name Bridgefy.

Advertisement Hide

Now expand that line into a group of people across a whole mile, each of which using Bridgefy. Suddenly, that whole contingent can stay in touch with each other, regardless of whether their cell phone network goes down. This is particularly easy to do, by the way: Bridgefy lets users broadcast messages en masse over Bluetooth. And now, all of that communication is end-to-end encrypted via the same communications protocol that powers Signal messenger, making it a far more secure way to chat with others nearby.

"The amount of 'hops' is unlimited, meaning you can cover an unlimited distance and use an unlimited amount of phones," Bridgefy writes in a blog post on mesh networks. "This is useful for dating, gaming, and social media apps, in which you want to share information, images, or game-moves privately. The people found in the middle won’t even realize that they’re participating in the mesh network."

Advertisement Hide

Bridgefy also has a product called the "Bridgefy SDK." Bridgefy's messaging app is just one part of a larger ecosystem the company is building. The start-up wants to help developers create their own apps, from games and dating apps to weather alerts and traffic reports, that only require Bluetooth connectivity to operate.

"The Bridgefy SDK is currently being integrated by more than 40 companies, including: payments, messaging, gaming, social media, dating, and natural disaster apps," Rios told the Daily Dot. "Specifically to activists: we're working closely with 2 African organizations that are publishing encrypted messaging apps for activists and protestors to use in their countries. We're also ready for any activity that might surge from protests in the USA after the elections, and are open to collaborating with whoever might find Bridgefy useful."

Hong Kong Protest Bridgefy
Studio Incendo/Flickr (CC-BY)
Advertisement Hide

It all started during 2019's Hong Kong protests, Chelsea Manning, a network security expert, told the Daily Dot. During the city's democratic uprising, protesters switched to Bridgefy out of fears of an internet shutdown. Self-healing mesh networks weren't necessarily new on mobile phones, Manning said, but Bridgefy was available on the iOS and Google Play app stores when protesters needed it most. This made it easily accessible to Hong Kong protesters when other apps weren't.

"It wasn't that Bridgefy was the best of a large toolbox of tools so much as it is that Bridgefy was the one item on the shelf that kind of fit the need for the level of suppression and censorship, using technical means, that was actually occurring in Hong Kong last summer," Manning told the Daily Dot.

Bluetooth itself exists not unlike Wi-Fi: It's range-based and wireless. That means it can also be used as a networking tool. Security flaws are baked into it, Manning warns, such as Bluetooth spoofing, or pretending to be someone or something else to gain access to a device without permission. But for Hong Kong protesters, Bridgefy's benefits outweighed its risks. When the Hong Kong government was working with Chinese authorities to shut down cell networks, Bridgefy was an option readily available to resist, Manning said.

Advertisement Hide

"You could go home, go on your Wi-Fi internet and download Bridgefy as a tool and then sync up peoples' phones using it," she told the Daily Dot. "People started to learn how to use it and it became a sort of app of last resort."

Bridgefy App Review
An example conversation through Bridgefy. Communication took place via Airplane Mode across two iPhones.

This was huge for Bridgefy, which was downloaded 200,000 in Hong Kong, followed by an additional 200,000 downloads worldwide as press coverage and recognition spread, Rios said. Last year, users from Iran, Turkey, Kashmir, and Mexico also began downloading and using Bridgefy.

The popularity has continued: The app saw widespread viral recognition on Twitter this year as activists in Nigeria and Thailand encouraged their fellow AOPs to download it. Rios notes both protests caused spikes for Bridgefy. So did another event: Black Lives Matter protests in the U.S. this summer.

Advertisement Hide

"We already had success in helping people get organized during BLM protests in Minnesota, Oregon, California, and N.Y., to name a few, and expect there to be a lot of turmoil in the U.S. once the elections happen," Rios said. "We're ready to help through support and quick updates. We feel honored to be able to help during tough situations, and constantly strive to build a better and more valuable product."

Cybersecurity experts quickly pointed out that Bridgefy was not designed for protests. In August, researchers warned Bridgefy had a number of glaring security risks linked to it, letting hackers theoretically accomplish everything from revealing private messages to carrying out potential man-in-the-middle-attacks.

Advertisement Hide

Bridgefy's new security update assures these issues are fixed, the app notes in a blog post: Messages are end-to-end encrypted via Signal, third-person users will no longer be able to impersonate others, man-in-the-middle attacks via modified stored keys are no longer possible, sender/receiver metadata is no longer held in plaintext, and all payloads will be encrypted, among other changes. The app developer also claims to have "no evidence, technological or from our users, that any of the pre-existing vulnerabilities were exploited or ever happened."

Nonetheless, it's understandable some AOPs may not be comfortable with Bridgefy yet, given how its long-standing security risks were only recently patched up. Even Bridgefy was taken off-guard by the app's popularity with protesters.

"[AOPs] shifted our development focus because we never intended Bridgefy to be used for protests. It was originally made for large music/sports events and natural disasters, so security wasn't as top a priority as usability back then," Rios told the Daily Dot. "When we started getting all of this amazing amount of downloads, we realized our responsibilities had changed. We now owed it to our users to keep them safe and their information private, so we focused all efforts into making Bridgefy as safe as Whatsapp, Signal, Skype, and Facebook Messenger."

Advertisement Hide

Should American protesters download Bridgefy?

Bridgefy's end-to-end encryption is available now as part of its Oct. 30 platform-wide update, and the app plans to roll out end-to-end encrypted, internet-based communication in four to six weeks, Rios said. This means Bridgefy will offer full end-to-end encrypted messaging across Bluetooth and web-based communication via Signal.

In theory, this makes Bridgefy a powerful tool for protesters. But Bridgefy's security update is very new, and its previous security concerns were a well-documented problem. Because Bridgefy's encryption capabilities lack field-testing, AOPs should treat Bridgefy as an emergency communications app, one American AOP source told the Daily Dot. The source compared Bridgefy to a portable radio, in that both are useful for protesters in emergency circumstances—but only if the user is aware of the risks.

Advertisement Hide

In the meantime, Bridgefy has a very specific use case for AOPs: staying in touch with protesters should their cell connection go down, their internet go offline, or networks speeds are throttled due to high traffic. In this regard, AOPs in hotspots like Portland and Philadelphia should download and consider using Bridgefy, as long as they keep its security risks in mind, the source said. But Signal Messenger itself, which the source considers a must-use, has a tried-and-true reputation that makes it far more trustworthy for general communication.

When asked about the hesitation to adopt Bridgefy, Rios said the developer welcomes feedback and hopes to improve security and stability with each update.

"We're working very hard to prove that Bridgefy can be trusted, and plan on achieving that through building high-quality products that use top-of-the-industry protocols like Signal," Rios said. "Having said this, we're not considering Bridgefy as a security tool, but as a way of sharing information when there's no access to the Internet; security is a (very large) bonus!"

Even if you aren't in Portland or Philadelphia, you may want to have Bridgefy on your phone. You never know when you may need to communicate with others in case of an emergency. Just do your research, and never post your address or social security number over it.

Advertisement Hide

Read more about net neutrality

Either way, 2020 could end the net neutrality fight forever
FCC doubles down on net neutrality repeal in partisan vote
What is zero-rating?
Biggest names in net neutrality join fight to save California law
Will Kamala Harris push Joe Biden on net neutrality?

Share this article
*First Published: Nov 3, 2020, 6:00 am