In November 2019, the Iranian government cut off internet access nationwide for roughly six days during protests. In 2021, Myanmar's military government did the same after the coup. Belarus, Iraq, Kazakhstan, Sudan, and dozens of other states have used network shutdowns as a protest-suppression tool. The pattern is now common enough that Access Now publishes an annual report tracking it.
Standard encrypted messengers — Signal, WhatsApp, Telegram, iMessage — all stop working the moment the network goes down. Their threat model implicitly assumes infrastructure is available, just untrusted. When infrastructure becomes deliberately hostile, the assumption breaks.
A small category of messaging tools is built for the opposite assumption: that the internet may be unavailable, censored, or actively surveilling participants. They achieve this through mesh networking — direct peer-to-peer transport between nearby devices.
What Mesh Networking Means Here
In its general sense, "mesh" describes any network topology where nodes route traffic for each other rather than relying on dedicated infrastructure. In the context of messaging apps, it usually means three transport channels:
- Bluetooth (BR/EDR and BLE) — short range, typically 10 meters; works fully offline, no internet required
- Local WiFi (Wi-Fi Direct, hotspot, or shared LAN) — medium range; sometimes works without internet access, depending on the radio mode
- Tor or Internet (when available) — long range; only when network access is restored
The user's experience is supposed to be invisible: the app picks whichever transport is available and routes messages through it. If two participants are in the same room, Bluetooth carries the traffic directly. If they're in different cities and the internet works, traffic goes over Tor.
Briar's Design
Briar is the most mature implementation of this model. It's an Android messenger (a desktop version exists but is limited) that has been actively developed since 2014, and it's funded by the Briar Project — a not-for-profit organization that has received support from organizations including the Open Technology Fund.
The core design choices are deliberate:
No central server
Briar has no account registration, no phone number requirement, and no identity registry. Each user generates a long-term identity keypair on their device. Contact addition happens out-of-band: either via QR-code exchange in person, or by exchanging short identity strings (called "links") over another channel.
There is no Briar account to subpoena because no Briar account exists in any centralized sense. The "account" is just a keypair stored on your phone.
Pull-based delivery, not push
Briar doesn't have push notifications in the conventional sense — there's no central server to push from. Instead, the app maintains background connections to known contacts when transports are available, and messages are delivered opportunistically. This has a real cost in battery life and in delivery latency, and the project documentation acknowledges this trade-off explicitly.
Store-and-forward, when relevant
If you're connected to a mutual contact who is also connected to your final recipient, Briar can route through them. This is store-and-forward routing — useful in low-connectivity environments where direct end-to-end paths are intermittent.
Briar's contact-addition friction (in-person or QR exchange) is the security feature, not a bug. Any messenger that lets you add strangers from a directory has built a directory that can be subpoenaed.
What Mesh Buys You
The properties that mesh networking provides are different from what conventional E2EE messengers provide, and they're worth being precise about:
| Property | Conventional E2EE | Mesh (Briar) |
|---|---|---|
| Works during internet shutdown | No | Yes (Bluetooth/WiFi) |
| Resists network-level blocking | With Tor/proxy | Yes (local transports) |
| No phone number required | Some (Threema, Session) | Yes |
| No central infrastructure to subpoena | No | Yes |
| Battery efficient | Yes | No |
| Works at any distance | Yes | Only with internet/Tor |
What Mesh Doesn't Buy You
Mesh networking is not a privacy panacea. Several specific limitations matter:
Bluetooth fingerprinting. Bluetooth radios broadcast identifiers that can be used to track devices, even when not actively connected. Modern phones rotate Bluetooth MAC addresses, but the rotation is imperfect and an adversary capable of correlating advertisements over time can reconstruct device identities. If you're using Bluetooth mesh in a setting with hostile surveillance equipment, you are emitting trackable signal.
Physical presence becomes metadata. Two phones using mesh transport to communicate must be within Bluetooth or WiFi range. That's a very strong physical-location signal: you and your contact were within ~10 meters at a known time. For a journalist meeting a source, this may be exactly the metadata you wanted to avoid.
Adoption matters more than usual. A messenger is useful in proportion to who else uses it. Signal works because most of your contacts have Signal. Briar's user base is much smaller, which means in most countries the realistic use case is "small group of people who all install Briar in advance for a specific purpose."
Devices are still seizable. Mesh networking does nothing about a soldier at a checkpoint demanding to see your phone. Device privacy at borders is its own problem, addressed by encryption-at-rest and operational measures, not by mesh.
Where This Actually Matters
Mesh messaging is not a replacement for conventional encrypted chat in normal conditions. It's a specialized tool for specific threat models:
- Protest organizing in countries with internet shutdowns. The 2019 Hong Kong protests saw widespread adoption of FireChat (an early, less secure mesh tool) for exactly this reason. Briar fills the same niche with better cryptographic properties.
- Journalism and source protection in censored environments. Where any traffic to known privacy services is itself suspicious, mesh provides a channel that doesn't require contacting "suspicious" servers.
- Disaster scenarios. Earthquakes, hurricanes, and other infrastructure-destroying events leave people unable to reach each other. Mesh works as long as devices have power.
- Activist coordination at events. When you're physically together with a group, mesh can keep coordination off the cellular network and away from IMSI catchers.
Briar Versus Alternatives
Briar isn't alone in this design space. Bridgefy uses Bluetooth mesh and was widely adopted in the Hong Kong protests, but security researchers found significant flaws in its early implementation; it has since improved its protocol substantially. Berty takes a similar peer-to-peer approach but with different transport priorities. Meshtastic uses long-range LoRa radios rather than Bluetooth and reaches kilometers but requires dedicated hardware.
The honest comparison is that Briar has the longest track record of independent security review, the most explicit and conservative threat model documentation, and the most stable software. If mesh messaging matches your threat model, it's the default starting point. If you need longer range than Bluetooth provides, Meshtastic is the next tool to look at, with the trade-off of buying dedicated hardware.
Where Haven Fits
Haven is not a mesh messenger. We're built on the assumption that internet access is available — that's the trade-off we made to provide a single-app experience covering both encrypted email (which is fundamentally an internet protocol) and real-time chat with anyone in your contact list.
For most users in most contexts, that trade-off is the right one. If your threat model genuinely includes deliberate internet shutdowns, Haven should not be your primary tool — it should be paired with something like Briar for the conditions where mesh wins. Pairing tools to threats is almost always better than searching for one tool that does everything.
Related reading: our piece on secure comms for journalists covers tool selection across different threat profiles in more depth.