Skype Co-Founder Launches End-To-End Encrypted 'Wire' App (reuters.com) 52
An anonymous reader writes: A group of former Skype technologists, backed by the co-founder of the messaging platform, has introduced a new version of its own messaging service that promises end-to-end encryption for all conversations, including by video. Wire, a 50-person start-up mostly made up of engineers, is stepping into a global political debate over encryption that pits privacy against security advocates, epitomized by the standoff between the U.S. government and Apple. Wire, which is headquartered in Switzerland and Germany, two of the most privacy-friendly countries in the world, relays communications through its network of cloud computers where user communications are stored, in encrypted form, on their own devices. It delivers privacy protections that are always on, even when callers use multiple devices, such as a phone or desktop PC simultaneously. For voice and video calls, Wire uses the same DTLS and SRTP encryption standards found in the peer-to-peer WebRTC protocol. Rivals such as Facebook's Messenger and WhatsApp or Telegram offer encryption on only parts of a message's journey or for a specific set of services, the company said. "Everything is end-to-end encrypted: That means voice and video calls, texts, pictures, graphics -- all the content you can send," Wire Executive Chairman Janus Friis told Reuters.
From Theri Privacy Policy (Score:4, Informative)
Using the Service to communicate by chat, our servers store the content of your chat conversation and log other information such as the time and date of your conversations, and the other user or users with whom you are communicating.
Kind of awkward if that means what I think it means.
Re: (Score:3)
Oh, look over there! A puppy!
Re: (Score:1)
i can't find " our servers store the content of your chat conversation" in their privacy policy or security policy... source please.
Re: (Score:1)
https://wire.com/legal/#what-information-do-we-collect [wire.com]
2.3 Shared information you post in chats. Using the Service to communicate by chat, our servers store the content of your chat conversation and log other information such as the time and date of your conversations, and the other user or users with whom you are communicating.
So yeah, it's there. They also tried to access my phone's camera via Firefox when I visited their site. Rather strange and not comforting at all.
Re: (Score:2)
Does it do more than qTox?
Also, I'm pretty sure qTox has been doing this sort of thing (end-to-end encryption) for quite a while unless I'm missing something.
If anyone is unfamiliar with it, you can read about it here [tox.chat].
Re: (Score:2)
At first glance that looks a lot like the old privacy-oriented chat/file-sharing client WASTE [wikipedia.org]. It was a really interesting piece of software, but rather difficult to set up and use. I wonder if qTox has avoided similar shortcomings.
Re: (Score:2)
I had no issues getting it installed. Configuration was point and click, it's pretty simple and supports portable use as well as installation. 'Tis pretty simple, really. Give it a shot, if you're interested.
Re: (Score:2)
Ah, now that I see that there's an ncurses client, how could I ever resist trying it. :-)
Re: (Score:2)
Does it do more than qTox?
Well, it has an iOS client for one.
Re: (Score:1)
All the US government has to do to sort this whole encryption thing is to get ahead of the game. Use a company like this as a front, develop a trully 'safe' system (it can very well be 'unbreakable' as they'll have a backdoor) and problem solved. It becomes popular, it's free or dirt cheap, everyone uses it and they're set. It's something like having the KGB be your phone operator.
Re: (Score:2)
All the US government has to do to sort this whole encryption thing is to get ahead of the game. Use a company like this as a front, develop a trully 'safe' system (it can very well be 'unbreakable' as they'll have a backdoor) and problem solved. It becomes popular, it's free or dirt cheap, everyone uses it and they're set. It's something like having the KGB be your phone operator.
Right up until the time, through data sharing, some law enforcement organization forgets to use parallel construction and the details about the program come out in a court proceeding before the Feds can seal the transcript.
Re: (Score:2)
As of this posting, I found and read the following in their policy:
When using the Service to make or receive calls, our servers log and collect time and date of your calls, and the other user or users with whom you are communicating. We do not collect and store content of the calls.
So it does store the meta data, which can be very dangerous in and of itself.
Of course, even though parts of the app are open source, it's still a proprietary app. No way to be sure the app isn't sending your keys to the service.
Re: (Score:1)
End to end is a lie. It can not be end to end, if your end is corrupted via the OS. So M$ windows anal probe 10 can send the 'er' telemetry straight to their servers monitored by government for a fee, in conjunction with the completely futilely encrypted message to the other end user. The other end user, decrypts and just to make sure their M$ windows anal probe 10 operating system sends it's 'er' telemetry to the servers monitored by the government for a fee, so they can compare the message? Rest assured
Re: (Score:2)
TFA is awkward, too... It waves away Signal's open source status because they think video is so much more important, going so far as to proclaim Wire "the best" on that basis. Lets also forget that Skype's original closed protocol (i.e. from same coder) was cracked.
Uh, no...
Re: (Score:1)
Re: (Score:3)
It's nice to see you are actively scanning general discussions for areas in need of improvement, that's a big bonus.
Re: (Score:2)
In 2012, My partner and I were selling an encryption software using the SPYRUS key. We did not use the SPYRUS for doing the encryption, but we used it to store a one kilobyte set of pseudo key data.
The keys consisted of a table of bytes, prepared by the corp security specialist and with our salting algorithm. To encrypt a message, the SPYRUS had to be logged into by individual, which in turn allowed the software to use four integers, integers indexed into this table to retrieve the keys. That sequence of
Yeah... so fucking what (Score:5, Interesting)
If it gets popular they'll just sell it out to some company that will gut the shit out of any privacy it has.
JUST LIKE SKYPE.
Go fuck yourself dude. Fooled us once already.
Re: (Score:1, Interesting)
Oh please! Tell me you won't take a billion or two. And so what? They're making another service. If they sell it, they might make another after that, turtles all the way down. Just move to the next service they create. If I remember right, Skype encryption was difficult to break. So call this one version 2, and ignore Microsoft's version.
Re: (Score:1)
Do you even realize how much effort that takes, especially when other people are involved? It's not just one person making a switch. It's their friends, their family. And if those people consider it too much of a hassle to switch, then either you have to stop using that medium to talk to them, or you have to maintain multiple clients.
We've already walked down this road before, with the billion and one IM clients that are currently available. Constantly hopping from one provider to another is a massive P
Re: (Score:1)
Or maybe he dumped it on a couple of suckers, and the new version is better. Being end-to-end is an improvement for what it's worth. It would be silly not to take the deal when you're giving up something already obsolete. Damn thing could be a honeypot, who knows? I wouldn't use a damn computer if I wanted privacy anyway. Please, save save the righteous indignation for the big screen. It's so overdone.
until it's not (Score:3)
Re: (Score:3)
It's software. Without trusted hardware to run the app on, the security can be circumvented.
Yeah right (Score:2, Interesting)
and we know how "secure" Skype was
http://www1.cs.columbia.edu/~s... [columbia.edu]
looking at the Skype binary its obvious that even MS cant see inside the box as their "enhancements" are tacked around the original encrypted binary.
just remake the original Skype like it was, ie firewall traversal, p2p, ee encryption, crystal clear audio/video oh and this time fully open source (unlike this Wire).
Whisper System's "Signal" already available (Score:5, Informative)
Wire appears to compete with [theintercept.com] Signal. And there are others, some of which the EFF has reviewed: https://www.eff.org/secure-mes... [eff.org]
Encrypted in NEW 256 bit AES! (Score:2, Insightful)
And to think, the NSA still bugs the network feeds at both ends, if it wants, under super-NDA, without a court-order or any other kind of oversight at all, really.
Idiots?
Business model? (Score:5, Informative)
1. They claim that wire is free (as in beer).
2. They claim that wire protects your data and privacy.
3. They claim that wire runs no ads.
4. They run a profit oriented company, not an open source foundation, and I have heard nothing about their business model
Its easy to confirm claims 1, 3 and 4. Its very hard to confirm claim 2. What do they want to make money with?
Am I supposed to believe they are altruist?
Re: (Score:1)
Startup 101. Three easy steps.
1. create 'free' service, attracting massive userbase and generating much free publicity for being the next big thing
2. acquire venture capital based on you being the trendy new flavor of the month and that massive userbase
3. sell out for billions before the buzz dies and vc dries up.
you need no plan for creating profit.. figuring out how to make money off what you created is the job of the company that buys you.
Re: (Score:1)
Like Twitter, they make it up in volume.
End to end (Score:2)
What is up with their flickery as f**k website (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
They are trying to sell this so hard. Matrix style animations, links to security "white papers". Its just end to end encryption. Any 2nd year CS student can write this.
So why aren't we awash in a sea of available programs? Maybe they could but do they? An entire repository full of non-existent programs is worth "doodly squat".
Seriously murky shit in the "privacy" whitepaper (Score:2)
4.2 Types of Usage Data
Wire client applications collect several types of usage data:
+ Crash Reports
+ Viewed screens data
+Aggregated usage statistics
+App events data
4.2.1 Crash reports
4.2.2 Aggregated usage statistics
Ummm... WTF happened to the description paragraph for Viewed Screens Data?
Too late (Score:2)
Skype has a huge installation base despite it being insecure since Microsoft's purchase of Skype. I cannot get anyone in my social circle to dump Skype in favour of any already out there encrypted IM or video chat.
Apart from that, Skype is a load of bloated junk on Windows, and on Linux, it hasn't been updated in years.. maybe a good thing in some respects. It doesn't get proper integration with PulseAudio and KDE, and is still a 32 bit only install (for non-Deb installs). Skype is the only 32 bit applicati
End-to-end encryption, you say? (Score:2)
Is AES easily hacked? (Score:2)
When AES was first introduced, the entire encryption / decription was done in RAM. That RAM execution meant that to discover the keys would require many computers running in parallel, in a divide and conquer approach.
And then along came Intel with the integrated AES instruction. Substantially faster than the RAM version, so much so, that now, instead of say 50 computers to break the AES encryption, it could be done with 25. And with Skylake, (I7), used in a bank of computers, my gut feeling is that any