Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Privacy Government Microsoft Network Security Software United States News Apple Technology Your Rights Online

Skype Co-Founder Launches End-To-End Encrypted 'Wire' App (reuters.com) 52

An anonymous reader writes: A group of former Skype technologists, backed by the co-founder of the messaging platform, has introduced a new version of its own messaging service that promises end-to-end encryption for all conversations, including by video. Wire, a 50-person start-up mostly made up of engineers, is stepping into a global political debate over encryption that pits privacy against security advocates, epitomized by the standoff between the U.S. government and Apple. Wire, which is headquartered in Switzerland and Germany, two of the most privacy-friendly countries in the world, relays communications through its network of cloud computers where user communications are stored, in encrypted form, on their own devices. It delivers privacy protections that are always on, even when callers use multiple devices, such as a phone or desktop PC simultaneously. For voice and video calls, Wire uses the same DTLS and SRTP encryption standards found in the peer-to-peer WebRTC protocol. Rivals such as Facebook's Messenger and WhatsApp or Telegram offer encryption on only parts of a message's journey or for a specific set of services, the company said. "Everything is end-to-end encrypted: That means voice and video calls, texts, pictures, graphics -- all the content you can send," Wire Executive Chairman Janus Friis told Reuters.
This discussion has been archived. No new comments can be posted.

Skype Co-Founder Launches End-To-End Encrypted 'Wire' App

Comments Filter:
  • by Sax Russell 5449D29A ( 4449961 ) <sax.russell@protonmail.com> on Friday March 11, 2016 @07:21PM (#51682005)

    Using the Service to communicate by chat, our servers store the content of your chat conversation and log other information such as the time and date of your conversations, and the other user or users with whom you are communicating.

    Kind of awkward if that means what I think it means.

    • Oh don't worry about it. They probably just do that so they can wordfilter 'allahu akbar' to read 'we love America'.

      Oh, look over there! A puppy!
    • by Anonymous Coward

      i can't find " our servers store the content of your chat conversation" in their privacy policy or security policy... source please.

      • by Anonymous Coward

        https://wire.com/legal/#what-information-do-we-collect [wire.com]

        2.3 Shared information you post in chats. Using the Service to communicate by chat, our servers store the content of your chat conversation and log other information such as the time and date of your conversations, and the other user or users with whom you are communicating.

        So yeah, it's there. They also tried to access my phone's camera via Firefox when I visited their site. Rather strange and not comforting at all.

        • by KGIII ( 973947 )

          Does it do more than qTox?

          Also, I'm pretty sure qTox has been doing this sort of thing (end-to-end encryption) for quite a while unless I'm missing something.

          If anyone is unfamiliar with it, you can read about it here [tox.chat].

          • At first glance that looks a lot like the old privacy-oriented chat/file-sharing client WASTE [wikipedia.org]. It was a really interesting piece of software, but rather difficult to set up and use. I wonder if qTox has avoided similar shortcomings.

            • by KGIII ( 973947 )

              I had no issues getting it installed. Configuration was point and click, it's pretty simple and supports portable use as well as installation. 'Tis pretty simple, really. Give it a shot, if you're interested.

          • Does it do more than qTox?

            Well, it has an iOS client for one.

        • by whopub ( 1100981 )

          All the US government has to do to sort this whole encryption thing is to get ahead of the game. Use a company like this as a front, develop a trully 'safe' system (it can very well be 'unbreakable' as they'll have a backdoor) and problem solved. It becomes popular, it's free or dirt cheap, everyone uses it and they're set. It's something like having the KGB be your phone operator.

          • All the US government has to do to sort this whole encryption thing is to get ahead of the game. Use a company like this as a front, develop a trully 'safe' system (it can very well be 'unbreakable' as they'll have a backdoor) and problem solved. It becomes popular, it's free or dirt cheap, everyone uses it and they're set. It's something like having the KGB be your phone operator.

            Right up until the time, through data sharing, some law enforcement organization forgets to use parallel construction and the details about the program come out in a court proceeding before the Feds can seal the transcript.

    • As of this posting, I found and read the following in their policy:

      When using the Service to make or receive calls, our servers log and collect time and date of your calls, and the other user or users with whom you are communicating. We do not collect and store content of the calls.

      So it does store the meta data, which can be very dangerous in and of itself.

      Of course, even though parts of the app are open source, it's still a proprietary app. No way to be sure the app isn't sending your keys to the service.

      • by rtb61 ( 674572 )

        End to end is a lie. It can not be end to end, if your end is corrupted via the OS. So M$ windows anal probe 10 can send the 'er' telemetry straight to their servers monitored by government for a fee, in conjunction with the completely futilely encrypted message to the other end user. The other end user, decrypts and just to make sure their M$ windows anal probe 10 operating system sends it's 'er' telemetry to the servers monitored by the government for a fee, so they can compare the message? Rest assured

    • by Burz ( 138833 )

      TFA is awkward, too... It waves away Signal's open source status because they think video is so much more important, going so far as to proclaim Wire "the best" on that basis. Lets also forget that Skype's original closed protocol (i.e. from same coder) was cracked.

      Uh, no...

    • by teller ( 4495757 )
      Good catch. It was a case of our legal docs not being in sync with our technology. Both our Terms of Use and Privacy Policy have been updated confirming our commitment to privacy and security. We do relay messages via our server but as said, all content is end-to-end encrypted and it’s impossible for us to see the contents of the messages. wire.com/legal
    • In 2012, My partner and I were selling an encryption software using the SPYRUS key. We did not use the SPYRUS for doing the encryption, but we used it to store a one kilobyte set of pseudo key data.
      The keys consisted of a table of bytes, prepared by the corp security specialist and with our salting algorithm. To encrypt a message, the SPYRUS had to be logged into by individual, which in turn allowed the software to use four integers, integers indexed into this table to retrieve the keys. That sequence of

  • by Anonymous Coward on Friday March 11, 2016 @07:27PM (#51682035)

    If it gets popular they'll just sell it out to some company that will gut the shit out of any privacy it has.

    JUST LIKE SKYPE.

    Go fuck yourself dude. Fooled us once already.

    • Re: (Score:1, Interesting)

      Oh please! Tell me you won't take a billion or two. And so what? They're making another service. If they sell it, they might make another after that, turtles all the way down. Just move to the next service they create. If I remember right, Skype encryption was difficult to break. So call this one version 2, and ignore Microsoft's version.

      • Do you even realize how much effort that takes, especially when other people are involved? It's not just one person making a switch. It's their friends, their family. And if those people consider it too much of a hassle to switch, then either you have to stop using that medium to talk to them, or you have to maintain multiple clients.

        We've already walked down this road before, with the billion and one IM clients that are currently available. Constantly hopping from one provider to another is a massive P

  • by turkeydance ( 1266624 ) on Friday March 11, 2016 @07:28PM (#51682045)
    promises to attract who is "of interest" to Signals Intelligence.
  • Yeah right (Score:2, Interesting)

    by Anonymous Coward

    and we know how "secure" Skype was
    http://www1.cs.columbia.edu/~s... [columbia.edu]

    looking at the Skype binary its obvious that even MS cant see inside the box as their "enhancements" are tacked around the original encrypted binary.

    just remake the original Skype like it was, ie firewall traversal, p2p, ee encryption, crystal clear audio/video oh and this time fully open source (unlike this Wire).

  • by Burz ( 138833 ) on Friday March 11, 2016 @07:35PM (#51682071) Homepage Journal

    Wire appears to compete with [theintercept.com] Signal. And there are others, some of which the EFF has reviewed: https://www.eff.org/secure-mes... [eff.org]

  • by Anonymous Coward

    And to think, the NSA still bugs the network feeds at both ends, if it wants, under super-NDA, without a court-order or any other kind of oversight at all, really.

    Idiots?

  • Business model? (Score:5, Informative)

    by NotInHere ( 3654617 ) on Friday March 11, 2016 @08:10PM (#51682231)

    1. They claim that wire is free (as in beer).

    2. They claim that wire protects your data and privacy.

    3. They claim that wire runs no ads.

    4. They run a profit oriented company, not an open source foundation, and I have heard nothing about their business model

    Its easy to confirm claims 1, 3 and 4. Its very hard to confirm claim 2. What do they want to make money with?

    Am I supposed to believe they are altruist?

    • by Anonymous Coward

      What do they want to make money with?

      Startup 101. Three easy steps.

      1. create 'free' service, attracting massive userbase and generating much free publicity for being the next big thing
      2. acquire venture capital based on you being the trendy new flavor of the month and that massive userbase
      3. sell out for billions before the buzz dies and vc dries up.

      you need no plan for creating profit.. figuring out how to make money off what you created is the job of the company that buys you.

    • Like Twitter, they make it up in volume.

  • Just don't look at the bit in the middle, but both ends are encrypted.
  • Surprised didn't have a seizure just scrolling down their main page.
    • Its better after you remove their #animation div. Shakes head.
      • They are trying to sell this so hard. Matrix style animations, links to security "white papers". Its just end to end encryption. Any 2nd year CS student can write this.
        • They are trying to sell this so hard. Matrix style animations, links to security "white papers". Its just end to end encryption. Any 2nd year CS student can write this.

          So why aren't we awash in a sea of available programs? Maybe they could but do they? An entire repository full of non-existent programs is worth "doodly squat".

  • 4.2 Types of Usage Data

    Wire client applications collect several types of usage data:

    + Crash Reports

    + Viewed screens data

    +Aggregated usage statistics

    +App events data

    4.2.1 Crash reports

    4.2.2 Aggregated usage statistics

    Ummm... WTF happened to the description paragraph for Viewed Screens Data?

  • Skype has a huge installation base despite it being insecure since Microsoft's purchase of Skype. I cannot get anyone in my social circle to dump Skype in favour of any already out there encrypted IM or video chat.

    Apart from that, Skype is a load of bloated junk on Windows, and on Linux, it hasn't been updated in years.. maybe a good thing in some respects. It doesn't get proper integration with PulseAudio and KDE, and is still a 32 bit only install (for non-Deb installs). Skype is the only 32 bit applicati

  • I'll believe it when they release the source code. (Because obviously they're going to do that, right?)
  • When AES was first introduced, the entire encryption / decription was done in RAM. That RAM execution meant that to discover the keys would require many computers running in parallel, in a divide and conquer approach.

    And then along came Intel with the integrated AES instruction. Substantially faster than the RAM version, so much so, that now, instead of say 50 computers to break the AES encryption, it could be done with 25. And with Skylake, (I7), used in a bank of computers, my gut feeling is that any

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...