Daily go-to Secure Messaging Apps for Better Privacy
Warning: This section of The Crypto Paper is outdated. Wire went through some severe Privacy policy changes: In late 2019, Wire holding moved from Luxembourg to the US, which according to ThinkPrivacy and other critics made it unclear how much jurisdiction the United States will have over Wire data. Some people considered this especially problematic as Wire stores unencrypted meta data for every user. At the time of the transfer Wire also changed its privacy policy from "sharing user data when required by law" to "sharing user data when necessary", which was seen by critics as a more unclear determination that could also mean increasing profits, co-operation with law enforcement or any other reason. The Wire Group Holding moved back to Germany as of 2020. Source
Wire is a company based out of Switzerland that was founded in 2012. I donât have much information about the application before the huge kick it had in July of 2016 when I decided to start using it, but I do know that for like 2 years it wasnât open-source and didnât provide many of the features it does currently. On the opposite end of the spectrum to my reference above, because Wire is open-source, we can validate the intentions of the developers and administrators behind the app on a greater scale. They would have to put some serious work into designing a backdoor to hand over information to an agency like the NSA considering the app is reproducible with the OSX and Windows versions.
Unlike many of the other apps in its category however, Wire is jam packed full of features and seems to be listening to user suggestions and really pushing out updates with new content on a regular basis. In the last 3 weeks since installing it, I think I have seen 4 new features that I found useful alongside getting open-sourced completely in that time (https://github.com/wireapp/wire). Some of the bigger features that Wire has going for it are:
- Messaging that is end-to-end encrypted and forward secure to thwart big data compromise from man-in-the-middle attacks
- Group chats with up to 128 people that are also end-to-end encrypted and forward secure
- Encrypted audio (group as well) and videos calls
- Support for encrypted attachments, photo sharing, GIFS, drawings, voice changing on audio messages, sending your location, and pinging other contacts
- Fingerprint verification
- Multi-device encrypted pushing so you receive all your content on all your devices
- Registration with either an email, phone number, or both
- Phone number is not viewable by other Wire users or by the Wire server and email is viewable to both. This provides a layer of anonymity over Signal and allows a user to share their email linked to Wire for discovery
- Ephemeral (Expiring) Messages for greater privacy
The only downside to the encryption used by the application is that it is sort of a knock of version of the current Signal Protocol. The developers of Wire took the Axolotl implementation and modified the ratchet calling it âProteusâ and using it strictly in Wire. The basics of encryption are ChaCha20 for the stream cipher, HMAC-SHA256 as MAC, and Curve25519 for the key exchange. Should still be considered secure encryption by anyoneâs standard. For encrypted audio calls, Wire uses a mixture of HTTPS for call signaling and SRTP-encrypted media sessions. Keys and parameters are negotiated through a DTLS handshake. You can find out more about the encryption used here in their security whitepaper.
I am very happy with the direction that Wire is going and really proud to say I would prefer this mode of communication to anything else currently in the abundance of secure communication methods out there. The support is wonderful, they are very active with their followers on Twitter, and give me the biggest vibe that they truly care about our privacy in this ever-changing digital world.
See: Encrypted and Secure Instant Messaging on PrivacyTools.io