Skype Co-Founder's Wire app gets end-to-end encryption
The communication application Wire, produced by former Skype, Apple and Microsoft employees and funded by Skype's co-founder Janus Friis, has received an update that introduces full end-to end encryption to the application.
Wire was one of the many communication applications that came to live after the Snowden revelations of global surveillance programs, but did not support end-to-end encryption back then.
The new version promises to encrypt chat, audio and video messages, the latter setting it apart from most comparable services.
Wire
The protocol used to implement the encryption for text messagesw and pictures is called Axolotl, and since it is open source, it is not only used by Wire but also by other "secure" communication applications like Signal or Silent Phone.
Voice and video calls on the other hand make use of WebRTC, and there DTLS for key negotiation and authentication, and SRTP for encrypted media transport.
If you compare Wire to Signal, you will notice several differences. Wire supports video chat, a desktop client, and multi-device support for end-to-end encryption which Signal does not support (multi-device is in Beta). Signal on the other hand is fully open source and discloses how it is making money (from user donations).
Wire is free as well, but the company has yet to reveal how it intends to finance development of the software.
In addition, Wire states in its privacy policy that it stores "the content of your chat conversation" and logs other information "such as the time and date of your conversations", and that it does not collect and store call content.
Wire is provided as a desktop application for Windows, and as a web service. It requires that you create an account by providing Wire with an email address and password. You may give permissions to upload an address book to the service to gain access to your contacts when you are using the application, but is it not an requirement and usually not a good idea as you will provide the service with information about all contacts of the address book even those that don't use Wire and people you won't contact using the service.
The company operates from Switzerland, one of the most privacy friendly countries in the world.
Now You: Are you using a secure messaging application?
Late to the party, but tried to follow the money, ie Iconical Investment Holdings Ltd. They do not use https on their site. :P I found Richard Woundy
VP at Comcast. Hearing Comcast in the same sentence as encrypted, just makes my skin crawl & I do not know this person, I am simply going by Comcast’s reputation.
Danger …***HockeyApp is owned by MICROSOFT*** http://techcrunch.com/2014/12/11/microsoft-buys-hockeyapp-to-add-developer-tools-to-its-mobile-effort/
4.4 Third-party services: “Some of the usage data is stored on external services. Crash reports are stored on HockeyApp [2]. All other types of usage data are stored on the Localytics [1] service.
Your personal information is collected, stored, used and shared in accordance with European privacy laws.”
6.2 Updates. The Company may require that you download and install updates to the Apps from time to time. You acknowledge and agree that the Company may update the Apps with or without notifying you and add or remove features or functions to the Apps at any time in its sole discretion.
3.2 Metadata “Conversation names are not encrypted.”
I’ve tried to get my family and friends to use either Telegram or Wired instead of Skype for over a year now. It’s a no go. “Everyone else is on Skype.” “I don’t want to use another app.” “I don’t care if anyone is watching me. Privacy is dead, and I have nothing to hide.”
Telegram, Wired, Signal, et al. may be great, but they’re useless if no one uses them.
So what if he sold it to Ms? It was secure before it was sold. Used by mafia etc to avoid FBI NSA etc listening in. It wasn’t until Ms took over, that government agencies got access. So this just talks FOR wire being dedicated to privacy, not against it.
In the security verses privacy debate a friend told me “it’s like getting undressed : you don’t take your clothes off in front of a stranger (phantasms aside) unless the stranger is a doctor. Ask yourself if you consider government data collectors as a doctor or not”
I don’t know, to be frank. What I do know is that I’m much more aware of targeted advertisement and business oriented data collectors than I am of Big Ears, but also that I have no trusted information to know if government and business data collectors are tied.
Let’s put it this way : should I happen to discover that an email, a chat, words expressed on a blog, visited sites were listened to, especially if occasionally only, by an automatic routine delivering that information to a government server and then read/analyzed by a bureaucrat … I wouldn’t be excessively offended when such tracking would prove on another hand to contribute to defeating *real* state and society issues (terrorism, child pornography and so on in the chapter of horror). I see it, in theory, as a balance. The point is theory and practice/facts are known to often diverge.
To resume even further : I care less of being spotted than by the effects of having been followed : as long as i don’t get hammered with post-tracking nuisance my emotional tolerance has not reached a point of hysteria based on dogma.
I remember here in France people shouting because police operations when searching for a bad guy asked to investigate their car. Frankly this behavior is not mine and never will be.
“should I happen to discover that an email, a chat, words expressed on a blog, visited sites were listened to, especially if occasionally only, by an automatic routine”
That ship has sailed. We know that spy agencies now routinely have long lists of words that are flagged for follow-up inspection. Here is an article discussing a 2011 instruction manual for US spies: http://www.huffingtonpost.com/2012/02/24/homeland-security-manual_n_1299908.html
The list is distubring. It includes such dangerous words as “daisy”, “anonymous”, and “replay”. And that was in 2011….
Obama will force them to put a backdoor in the app.
“The question we have to ask is if technologically it is possible to make an impenetrable device or system where the encryption is so strong there’s no key, there’s no door, at all, then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot? What mechanisms do we have available to even do simple things like tax enforcement if in fact you can’t crack that at all. If the government can’t get in, everyone is walking around with a Swiss bank account in their pocket.”
“I suspect that the answer’s going to come down to how do we create a system where the encryption is as strong as possible, the key is as secure as possible, it is accessible by the smallest number of people as possible, for a subset of issues that we agree are important…â€
Any#1 know if I can handle Skype contacts, I mean use normal Skype contacts + I can chat/skype with them or is this just another ‘closed’ system. Thanks guys.
Sounds promising, but it is not truly free in my opinion. They are making use of WebRTC and other open technologies which were meant to be used program-independent, and after all this is sadly another walled garden. Or why is there no server software available? Of course it is great that they are publishing the client as open source, but with their server, they still have ultimately the last word in doing what they want. In my opinion, if companies truly care about privacy, they would build an awesome open source Jabber / XMPP client, as Jabber is an open protocol and not dependent on single companies or servers (you could host your very own Jabber chat server!). But so far almost no one really cares about it.
Never heard about this before.
“No popups, takeovers, banners or anything like that. Your conversations belong to you. We can’t read anything, and neither can anyone else. As opposed to many messaging apps, we never sell usage data to advertisers.”
And that comes from people who sold their business to MS – sorry guys, that’s not very convincing. And the fact that company operates from Switzerland doesn’t mean anything; the originating country doesn’t guarantee that whole business model of some company won’t be harmful for their users/clients.
“And that comes from people who sold their business to MS”
Exactly my same thought. Maybe they changed their attitude, but honestly, I don’t think so.
No micro, no cam here, not that this is a policy but I’ve never got decided to switch from writing to talking and appearance on the screens. But this Wire app may well trigger a decision to live with my time. Pity the company keeps logs when full encryption is so dedicated to privacy. Nothing is perfect.
I did not know about this tool, thanks Martin.
Only have installed on my PC, gonna try on my Android, so far is good.
looks like it could have been useful, the support pages on ebsite give a good run down of features by icon description.
Sadly this one is iOS8+ so my old phone can’t use it.
who the hell read these fucking tech articles
who the hell comments on articles asking who the hell reads these articles?
i love reading tech articales .
are you talking about me