Delisting Wire from PrivacyTools.io

It has recently come to the attention of the PrivacyTools team that Wire, the popular end-to-end encryption messaging platform had been sold or moved to a US company. After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.


This is a companion discussion topic for the original entry at https://blog.privacytools.io/delisting-wire/

My biggest problem is, that I like(d) wire! and I was telling people to switch to it, because I do like it more then signal (because they don’t require a phone number, and they do have desktop clients so people who choose to live without a smartphone can be part of the chats as well …)

And now I am more or less stuck here.

Signal is 100% under a US company, completely under US jurisdiction (unlike Wire) and still PrivacyTools puts it #1 as a suggested encrypted messenger. Why all this sudden temper against Wire?

3 Likes

We feel we do know, and the answer was that it was wrong. Privacy and security are not built solely on strong technology, but on trust. Yes, we can review Wire’s open source code on GitHub, but we can’t ever be sure that code is the same exact code that runs on their servers in practice. Yet, we have trusted them in the past because Wire had built a trustworthy reputation for themselves. We now feel that Wire has lost this reputation. By deciding to withhold information regarding its ownership and policies from its users, Wire has broken the trust our community has placed in it, and worse yet sounds almost dismissive of the worries voiced by the privacy community that had long held them in high regard.

If this is ok for you, feel free to use it. It’s still my no.1 messenger/voip service. But I trust no one

2 Likes

I don’t understand the logic here. The point of end to end encryption is that you don’t have to trust the server. It shouldn’t matter who runs them.

If you do care about that, Telegram is the right choice since their track record is excellent (never sold or leaked user data, not US-based, and even has an active ecosystem of open source clients and libraries). Not that I would recommend Telegram to anyone who is looking for privacy tools, and I don’t think you would either, so clearly that’s not the requirement.

As others pointed out already, Signal and Keybase are also US-based, so they should also be delisted if that is the main reason for delisting Wire. Especially since one can’t actually verify the end to end encryption in Keybase as far as I’ve been able to find (there is no way to display any encryption key, you just have to trust that the Keybase servers sent you the right one), so that’s more like opportunistic encryption. (You know who also does opportunistic encryption? WhatsApp! Let’s list a Facebook service!)

The privacy policy change… you can read a lot into that, or not. I think the change is minor given that the whole point of the service is that they have nothing on you anyway. Now if it had said that they’re going to sell all your metadata, it would be worth keeping in mind, but then Wire-the-software can still be recommended separately of Wire-the-service. Since both the server and the clients are open source, you could run your own.

It’s kind of weird to list both software (like XMPP clients) and services (like Keybase, which you can’t self host because the server is closed source). Of course software is perfectly privacy preserving if you host it on your own server and it uses TLS or you access it through a VPN or whatever, so lots of those can be (and are) listed. For consistency, Wire should be listed as software that can be used for this, even if you are disappointed in the phrasing of the privacy policy of Wire-the-service. Or, alternatively, only services and no self-hosted-only software should be listed. The way it is now, it’s entirely arbitrary and feels like it’s just based on your gut feeling of perceived niceness rather than actual risks.

Oh and what was that? “Yes, we can review Wire’s open source code on GitHub, but we can’t ever be sure that code is the same exact code that runs on their servers in practice”? How in the world is Keybase still recommended when their server source code isn’t even published to begin with? How are you going to verify that then?

None of this adds up.

1 Like

Hi Luc,

I agree with you, but the main reason why Wire is de-listed is that they didn’t present all these changes to their users, so they lost trust. And they officially don’t advertise their service to private users. From privacy and security point of view (almost) nothing changed. It’s still the same as it was.

If I were responsible for this list, I would at least put it in “Worth Mentioning” section. Threema also. But please have in mind that all these PTIO recommendations are just that - their recommendations for average users. Not all people have the same threat models. IMO, Wire is still the best service for me and my contacts (friends and family), even though I also use Keybase, Signal, XMPP, Riot… And I would still recommend Wire to others, as long as they keep service for private users as it is. I also think that Signal is the best Whatsapp replacement, but I don’t like it that much since it’s lacking many of the features other clients have (but it’s better than WA)

Actually, Telegram does leak user data:

https://securechatguide.org/centralizedapps.html#telegram

They are not US based, but are UK based, so apples to apples there when you get down to it.

Also, while you can turn on E2EE encryption, all your chats are stored in Telegrams cloud and they have access to your keys, so if pressured by a court, they can unlocked your messages.

Did you read the article at all? I only ask because this wasn’t the main reason at all, which I made very clear. Are you ignoring that their move to the US (without telling anyone) and that they are partners with the US gov’t is a massive red flag?

You’re not completely right about Keybase, and comparing it to WhatsApp and Facebook is really foolish and makes me think I should dismiss the rest of the your argument from here on out on that basis.

And “none of this adds up” because you got the entire argument wrong from the beginning and don’t seem to understand encryption or messengers.

1 Like

I don’t want to dive too deep into Telegram since that’s a whole other discussion, but just for this point, I think you may have misunderstood the page you linked to. It looks like what you’re referring to is “Telegram stores regular cloud chats encrypted on their servers but they control all the encryption keys.” This sentence is about the “regular cloud chats”, not the chats where you turned on E2EE encryption. But maybe you mean something else (in that case, please actually point out what you mean), or maybe the mtproto encryption keys are actually sent to the server somewhere (I’d like to think that would be super major news and I would have heard of it).

Fun fact: I applied to be on their volunteer support team when it was brand new, but was rejected because I didn’t want to lie about the security of non-mtproto chats. (To an example support query, I replied that standard chats are readable by Telegram. That is apparently false, according to Telegram themselves. “No, we’re partially blind, we can read our own keystores or our encrypted message stores but not both at the same time except when returning data to one of your clients!” would have been a correct answer :D). I feel like we agree about Telegram to a large extent.

Again, you link a resource without pointing out what part of it you refer to. I know Keybase chat uses all sorts of crypto as the page describes, but I can’t verify any of it as a user. To do E2EE, the server has to send me keys from my contacts (like a public key or diffie-hellman numbers). What the server sends me isn’t shown anywhere. I have to either compile it myself with added debug output, or maybe I can view internal state with root access, but there is no built-in mechanism to display keys to verify that (assuming all chat participants have trustworthy APKs) Alice and Bob use the right encryption keys and are not being MitM’d. Unless I’m overlooking some very obscure menu, this is not end to end encryption because my client believes whatever the server says and I can’t verify it.

Since claiming that “even Telegram or WhatsApp do better in this particular regard” is apparently perceived as foolish and make you stop reading, let’s take Signal: there I can view the “safety number” to see that I have Alice’s or Bob’s real key. A malicious server (the thing E2EE protects against) is detectable by out of band comparison of this number.

Well, since I replied in the way that I did, apparently that wasn’t that clear to me.

I guess this is what I mean by the decision to delist Wire being gut feelings: a number of reasons are mentioned, and for each of them it’s literally impossible to tell how the risk changed. Neither of us can tell. What you perceive as biggest risk, may feel different to me.

Yes, it is concerning to change the privacy policy in this manner without telling anyone, but the point of Wire is that you don’t have to trust the server. So then what does it really tell us about whether the software and the service, as a whole, is trustworthy? It’s quite a subjective matter. One could argue that the company is clearly bad, or one could argue that they messed this up and that they at least have a clear profit model (namely paid subscriptions (should I disclose that I have one of these? It doesn’t give me stake or anything though)) and other things going for them. I can’t tell which side is more right, but I can tell how I feel.

Silently changing jurisdiction, silently accepting money from a US investor, having the US government as a customer: neither of us knows whether this investor bribed them to build in backdoors, it just doesn’t seem very likely to me. (Note the word “seem”: I don’t know, but neither do you.)

The biggest deal for me is moving to the USA. It’s yet another service controlled by a US entity, and it seems like we (as western European countries) cannot get away from being wholly dependent on a specific other country. Wire is something one does not have to self-host and still get strong encryption, so it could have replaced something USA-based like Signal. Now, that benefit of not sending your metadata to the USA (or at least, the USA being able to obtain it through legal means) has been removed. Since the silent jurisdiction move is apparently the reason that triggered the delisting, I assumed we both found that the most concerning. Apparently it was not the main concern for you, but that wasn’t clear to me, and that doesn’t change that most of these reasons are mostly subjective (the most objective impact, as far as I see, being that the USA can now legally require Wire Swiss GmbH, as well as all other chat services popular in Europe, to disclose their metadata).

1 Like

However there is still metadata that is not encrypted and Wire has damaged the trust towards them by these not transparent changes and I don’t know if they can be trusted with the unencrypted metadata anymore.

This is also the same that FACEBOOK applications collect when you use E2EE (except that as far as I know of, it doesn’t support groups).

Telegram has not leaked user data, because they attribute all leaks to other parties and it’s mostly related to SMS hijacking.

The open source situation of Telegram is horrible, have you ever looked into Telegram Android commits?

Which results to

which again seems to be somewhat behind.

Personally I also believe that the server is not open source (regardless of the promises), because it would reveal that they are able to read everything regardless of talking about how encrypted it is.

If it’s really encrypted, how can it be decrypted by getting a SMS/Telegram code (what prevents them from giving that to themselves?) and if there is a 2FA password, what prevents them from resetting it if they ask for email address for that purpouse when you first enable it?

If you look into Keybase’s documentation and the audit, you will learn that the Keybase client has a lot of verifications that the server is not lying.

2 Likes

If parties A and B with to communicate, and they do so through some service C, the fundamental idea of E2EE is that the decryption key for the messages is only known to A and B. Since C relays everything, A and B have to verify (out of band) that C relayed the correct information and is not performing some kind of attack.

This is a fundamental principle of cryptography. If someone figured out a way to establish a shared secret between A and B without needing out of band verification, we wouldn’t need certificate authorities anymore and we would run the web on whatever Keybase uses. Much safer than trusting hundreds of third parties. Now, since that hasn’t happened…

You guys keep suggesting I don’t understand or read things. I know Keybase does lots of crypto and I’m sure the Android app verifies everything diligently under the hood or NCC would have remarked upon it. But it can only verify whatever the server sends it, so if the server sends the wrong public key, the app can’t help but trust that this is the right one. The chat’s security relies on the sigchain, and the sigchain is something I can’t view in the app (if I can, the documentation doesn’t mention it and I can’t find it either after looking carefully together with the friend whose key/sigchain I wanted to verify). The documentation says I can view the sigchain through the API or on the website, but a malicious server would return the valid sigchain when inspected on the website or API and run a MitM to the mobile app. There is no way to verify that the mobile app uses the right keys.

Of course, the most important metadata can also be found by looking at network traffic. I’m not saying that protecting metadata (either on a protocol level or by using a trustworthy company) is useless as it makes it harder to obtain, but it seems equally likely to me that other US-based entities turn over metadata when asked.

If you’re referring to the delayed publications of this specific Android client, then yeah that would be horrible. But have you seen projects like telegram-cli which are easy to interface with (many projects use that cli application to build on top of)? Telegram allows anyone to build clients that talk to their network. You could probably make an OTRv3 client and they’d be perfectly fine with that. Compare that to Signal…


Anyway, I’m kind of done talking when most of it goes ignored anyway.

I already mentioned the fundamental E2EE issue with Keybase, but instead of responding to what I wrote, you tell me to go and read the documentation. (I really don’t think it’s me who hasn’t given this a critical look.)

And nobody ever responded to the discrepancy between services and software, like why Wire-the-software is not listed but multiple XMPP clients are. Do we think Wire-the-company is more capable of including underhanded crypto in Wire-the-software than other software developers? Did the Wire audits not spot the backdoor?

Or why it’s a minus point for Wire that we can’t verify what software runs on their servers when the same goes for literally every other service, and goes doubly so for some of the services on the list (at least Keybase, but I don’t know Status or Kontalk) whose server isn’t open source to begin with.

Let me add a new point. I had a hunch that other privacy policies are no better than what Wire put in there. The first one I check (since I’m on their site anyway) is Keybase. Indeed: in case of a “business transaction” (so, any sort of deal made between two companies?), they may “disclose and/or transfer information [Keybase has] collected” to the other party. So they can sell your data at will, right? The context suggests the only purpose is to complete some sale, but it does not say that they will require a contract where the receiver deletes the data after having made the purchasing decision. This clause where they allow themselves to disclose anything may not have been a silent change, but this sounds a lot worse than what the article says Wire has in there. Now I don’t have the time to go and check every privacy policy of every service on your recommendations list, so I don’t know if I’ll discover something even worse if I open Wire’s, but whatever I check and whatever stone I turn over, I just don’t see how Wire is different from the rest. At least, my gut feeling isn’t worse with them than with any of the alternatives, even if your gut feeling is that they’re evil for some reason.

XMPP clients generally allow you to specify which server you want to use and you can generally communicate with all of your contacts, even if they are on a different server.

In case of Wire, while the server is open source and you can setup a server, you also need to fork the client to change the server address (or at least I haven’t seen an option to specify a server) and all your contacts need to use the same server as you. I think that if we listed Wire, the majority of users going there would use the main server.

Wire Server does have an open issue about federating over XMPP which would change this situation and maybe then it could be recommended again, but I am personally not very optimistic towards either happening.

Judging by Kontalk’s GitHub page they are using the Tigase XMPP server and both appear to be open source. Status.im again appears to be listed as a worth mentioning P2P app, so there is no server.

1 Like

I completely agree with you, you can read here the reasons.

1 Like

Except you left out that Wires own policy states if you’re inside the US they will comply with US requests, so that’s zero advantage to Signal, and given that Wire encrypts less metadata than Signal, I’d say its a point to Signal.

Also, Signals policy clearly states in which circumstances they work with law enforcement and Wire added “necessary” to their circumstances without explaining what they will deem necessary.

So not only did Wire hide the fact they moved to the US, they also signed a partnership with the feds, then added “necessary” to their privacy policy and even remove the word privacy from their motto.

Signal is rolling out signups without a phone number in their beta apps, which for all intents and purposes will give Wire zero advantages (besides a better UI).

The article closes by saying users need to be willing to change services when they no longer adhere to the privacy of its users, it seems a lot of Wire users aren’t willing to consider their service of choice is longer serving their needs any longer.

1 Like

Please read here.

Except you left out that Wires own policy states if you’re inside the US they will comply with US requests, so that’s zero advantage to Signal, and given that Wire encrypts less metadata than Signal, I’d say its a point to Signal.

Wire jurisdiction is Swiss and servers are based in EU. Signal jurisdiction is USA and servers are based in USA. By considering USA only, they are equal. Even if signal is (slightly) better than wire about metadata, in both case, you can retrieve users identity if you are not using a VPN. Wire allows anonymous registration via email, so if you are using a VPN, nobody can retrieve your identity. Signal requires phone number, so you need a burner phone plus a VPN.

Signal is rolling out signups without a phone number in their beta apps, which for all intents and purposes will give Wire zero advantages (besides a better UI).

When signal will add such feature, wire will have MLS federation protocol something that signal will never adopt.
Moreover, wire is fully audited both protocol and applications while signal has only protocol.

The article closes by saying users need to be willing to change services when they no longer adhere to the privacy of its users, it seems a lot of Wire users aren’t willing to consider their service of choice is longer serving their needs any longer.

The article is full of inconsistencies and clearly biased.

1 Like

Being connected to a VPN doesn’t make you anonymous but shifts trust from your ISP to a VPN provider.

E-mail addresses and phone numbers are both personal data. And it isn’t anonymous.

MLS (The Messaging Layer Security (MLS) Protocol) is currently a draft, developed by Google, Cisco, Facebook, Inria, the University of Oxford, and Wire. It isn’t ready to use, and nobody knows when it will be ready. Besides, Signal uses a modern, widely adopted security protocol.

We neither are proponents nor opponents of Wire but such statements look like “I don’t have any objective arguments, so let’s call it BS.”

1 Like

E-mail address can be anonymous though, right?

But the main problem in this decision I see in fact that Keybase is (still) recommended, and their privacy policy is even worse than Wire’s and they collect more metadata (and are also US company, backed by VC)

If we agree that good E2EE implementation, 3rd party audit and being FOSS is enough to recommend centralized service, than Wire should be on the list. Even with note: “For non-US users only” :d But to be honest, neither Signal, Wire or Keybase are FOSS friendly as they claim

As I said, the main question is - Will they keep their service for private users as it is? If that is true, then there is really no reason not to use it, even in US

The main problem I see in Wire is that they shift completely towards business users, and IMO, Matrix (Riot) is better and cheaper for business use :slight_smile:

1 Like

Being connected to a VPN doesn’t make you anonymous but shifts trust from your ISP to a VPN provider.

A good VPN provider (mullvad) is more reliable than any ISP. Absolute security does not exist and will never exist.

E-mail addresses and phone numbers are both personal data. And it isn’t anonymous.

No, email address can by anonymous. There are providers that do not require any personal data and do not log any data (for instance protonMail).

MLS (The Messaging Layer Security (MLS) Protocol) is currently a draft, developed by Google, Cisco, Facebook, Inria, the University of Oxford, and Wire. It isn’t ready to use, and nobody knows when it will be ready. Besides, Signal uses a modern, widely adopted security protocol.

MLS will be ready by 2021. The servers federation is something that signal will never adopt, at least according to its creator. Signal and wire use the same protocol but a different implementation (the Axolotl protocol is not standardized).

We neither are proponents nor opponents of Wire but such statements look like “I don’t have any objective arguments, so let’s call it BS.”

I reported a lot of references that clearly show how PTIO is biased and inconsistent toward this decision. I know that you do not like to admit the truth of the facts.

A primary target audience of this site is normal non technical people looking for privacy solutions. The vast majority of people will not go out of their way (or even know how) to get a totally anonymous email. They will use their existing email. Yes you can work around the email requirement to make it anonymous but that is not the way it will be used most of the time.

Also it is important to point out that Morten Brøgger is the CEO of both Wire Swiss GmbH and the US based Wire Holdings Inc. That ties the everyday direction and management of Wire Swiss to both jurisdictions.

A primary target audience of this site is normal non technical people looking for privacy solutions. The vast majority of people will not go out of their way (or even know how) to get a totally anonymous email. They will use their existing email. Yes you can work around the email requirement to make it anonymous but that is not the way it will be used most of the time.

Well, if the target audience is normal non technical people, it is at least two times simpler using an anonymous email like protonMail or tutanota (wire) than buying or configuring a burner phone number (signal).

Also it is important to point out that Morten Brøgger is the CEO of both Wire Swiss GmbH and the US based Wire Holdings Inc. That ties the everyday direction and management of Wire Swiss to both jurisdictions.

This is wrong. Wire is a Swiss GmbH, Untermüli 9, CH-6300 Zug (“Wire”) is committed to protecting your information. Wire does not rent or sell your data to third parties. Moreover, the service jurisdiction is still based in Swiss and the servers are still based in UE (out of 14 eyes).
Wire blog:
In connection with the financing, our holding company moved from Luxembourg to the U.S., as we believe this will be helpful in future fundraising necessary to support our strong growth. Notwithstanding the foregoing, our current and future customers are licensed and serviced from Wire Switzerland, our software development team remains in Berlin, Germany, and our hosting is European-based. Our enterprise customers can deploy their own instance of Wire in their own data center.

1 Like

The facts are:
PTIO came to a reasonable decision. Now you try to revert it by whatever means, mainly citing the company that got delisted and adding an unsupported and unfinished protocol draft as a benefit.

1 Like