Delisting Wire from PrivacyTools.io

I don’t want to dive too deep into Telegram since that’s a whole other discussion, but just for this point, I think you may have misunderstood the page you linked to. It looks like what you’re referring to is “Telegram stores regular cloud chats encrypted on their servers but they control all the encryption keys.” This sentence is about the “regular cloud chats”, not the chats where you turned on E2EE encryption. But maybe you mean something else (in that case, please actually point out what you mean), or maybe the mtproto encryption keys are actually sent to the server somewhere (I’d like to think that would be super major news and I would have heard of it).

Fun fact: I applied to be on their volunteer support team when it was brand new, but was rejected because I didn’t want to lie about the security of non-mtproto chats. (To an example support query, I replied that standard chats are readable by Telegram. That is apparently false, according to Telegram themselves. “No, we’re partially blind, we can read our own keystores or our encrypted message stores but not both at the same time except when returning data to one of your clients!” would have been a correct answer :D). I feel like we agree about Telegram to a large extent.

Again, you link a resource without pointing out what part of it you refer to. I know Keybase chat uses all sorts of crypto as the page describes, but I can’t verify any of it as a user. To do E2EE, the server has to send me keys from my contacts (like a public key or diffie-hellman numbers). What the server sends me isn’t shown anywhere. I have to either compile it myself with added debug output, or maybe I can view internal state with root access, but there is no built-in mechanism to display keys to verify that (assuming all chat participants have trustworthy APKs) Alice and Bob use the right encryption keys and are not being MitM’d. Unless I’m overlooking some very obscure menu, this is not end to end encryption because my client believes whatever the server says and I can’t verify it.

Since claiming that “even Telegram or WhatsApp do better in this particular regard” is apparently perceived as foolish and make you stop reading, let’s take Signal: there I can view the “safety number” to see that I have Alice’s or Bob’s real key. A malicious server (the thing E2EE protects against) is detectable by out of band comparison of this number.

Well, since I replied in the way that I did, apparently that wasn’t that clear to me.

I guess this is what I mean by the decision to delist Wire being gut feelings: a number of reasons are mentioned, and for each of them it’s literally impossible to tell how the risk changed. Neither of us can tell. What you perceive as biggest risk, may feel different to me.

Yes, it is concerning to change the privacy policy in this manner without telling anyone, but the point of Wire is that you don’t have to trust the server. So then what does it really tell us about whether the software and the service, as a whole, is trustworthy? It’s quite a subjective matter. One could argue that the company is clearly bad, or one could argue that they messed this up and that they at least have a clear profit model (namely paid subscriptions (should I disclose that I have one of these? It doesn’t give me stake or anything though)) and other things going for them. I can’t tell which side is more right, but I can tell how I feel.

Silently changing jurisdiction, silently accepting money from a US investor, having the US government as a customer: neither of us knows whether this investor bribed them to build in backdoors, it just doesn’t seem very likely to me. (Note the word “seem”: I don’t know, but neither do you.)

The biggest deal for me is moving to the USA. It’s yet another service controlled by a US entity, and it seems like we (as western European countries) cannot get away from being wholly dependent on a specific other country. Wire is something one does not have to self-host and still get strong encryption, so it could have replaced something USA-based like Signal. Now, that benefit of not sending your metadata to the USA (or at least, the USA being able to obtain it through legal means) has been removed. Since the silent jurisdiction move is apparently the reason that triggered the delisting, I assumed we both found that the most concerning. Apparently it was not the main concern for you, but that wasn’t clear to me, and that doesn’t change that most of these reasons are mostly subjective (the most objective impact, as far as I see, being that the USA can now legally require Wire Swiss GmbH, as well as all other chat services popular in Europe, to disclose their metadata).

1 Like

However there is still metadata that is not encrypted and Wire has damaged the trust towards them by these not transparent changes and I don’t know if they can be trusted with the unencrypted metadata anymore.

This is also the same that FACEBOOK applications collect when you use E2EE (except that as far as I know of, it doesn’t support groups).

Telegram has not leaked user data, because they attribute all leaks to other parties and it’s mostly related to SMS hijacking.

The open source situation of Telegram is horrible, have you ever looked into Telegram Android commits?

Which results to

which again seems to be somewhat behind.

Personally I also believe that the server is not open source (regardless of the promises), because it would reveal that they are able to read everything regardless of talking about how encrypted it is.

If it’s really encrypted, how can it be decrypted by getting a SMS/Telegram code (what prevents them from giving that to themselves?) and if there is a 2FA password, what prevents them from resetting it if they ask for email address for that purpouse when you first enable it?

If you look into Keybase’s documentation and the audit, you will learn that the Keybase client has a lot of verifications that the server is not lying.

2 Likes

If parties A and B with to communicate, and they do so through some service C, the fundamental idea of E2EE is that the decryption key for the messages is only known to A and B. Since C relays everything, A and B have to verify (out of band) that C relayed the correct information and is not performing some kind of attack.

This is a fundamental principle of cryptography. If someone figured out a way to establish a shared secret between A and B without needing out of band verification, we wouldn’t need certificate authorities anymore and we would run the web on whatever Keybase uses. Much safer than trusting hundreds of third parties. Now, since that hasn’t happened…

You guys keep suggesting I don’t understand or read things. I know Keybase does lots of crypto and I’m sure the Android app verifies everything diligently under the hood or NCC would have remarked upon it. But it can only verify whatever the server sends it, so if the server sends the wrong public key, the app can’t help but trust that this is the right one. The chat’s security relies on the sigchain, and the sigchain is something I can’t view in the app (if I can, the documentation doesn’t mention it and I can’t find it either after looking carefully together with the friend whose key/sigchain I wanted to verify). The documentation says I can view the sigchain through the API or on the website, but a malicious server would return the valid sigchain when inspected on the website or API and run a MitM to the mobile app. There is no way to verify that the mobile app uses the right keys.

Of course, the most important metadata can also be found by looking at network traffic. I’m not saying that protecting metadata (either on a protocol level or by using a trustworthy company) is useless as it makes it harder to obtain, but it seems equally likely to me that other US-based entities turn over metadata when asked.

If you’re referring to the delayed publications of this specific Android client, then yeah that would be horrible. But have you seen projects like telegram-cli which are easy to interface with (many projects use that cli application to build on top of)? Telegram allows anyone to build clients that talk to their network. You could probably make an OTRv3 client and they’d be perfectly fine with that. Compare that to Signal…


Anyway, I’m kind of done talking when most of it goes ignored anyway.

I already mentioned the fundamental E2EE issue with Keybase, but instead of responding to what I wrote, you tell me to go and read the documentation. (I really don’t think it’s me who hasn’t given this a critical look.)

And nobody ever responded to the discrepancy between services and software, like why Wire-the-software is not listed but multiple XMPP clients are. Do we think Wire-the-company is more capable of including underhanded crypto in Wire-the-software than other software developers? Did the Wire audits not spot the backdoor?

Or why it’s a minus point for Wire that we can’t verify what software runs on their servers when the same goes for literally every other service, and goes doubly so for some of the services on the list (at least Keybase, but I don’t know Status or Kontalk) whose server isn’t open source to begin with.

Let me add a new point. I had a hunch that other privacy policies are no better than what Wire put in there. The first one I check (since I’m on their site anyway) is Keybase. Indeed: in case of a “business transaction” (so, any sort of deal made between two companies?), they may “disclose and/or transfer information [Keybase has] collected” to the other party. So they can sell your data at will, right? The context suggests the only purpose is to complete some sale, but it does not say that they will require a contract where the receiver deletes the data after having made the purchasing decision. This clause where they allow themselves to disclose anything may not have been a silent change, but this sounds a lot worse than what the article says Wire has in there. Now I don’t have the time to go and check every privacy policy of every service on your recommendations list, so I don’t know if I’ll discover something even worse if I open Wire’s, but whatever I check and whatever stone I turn over, I just don’t see how Wire is different from the rest. At least, my gut feeling isn’t worse with them than with any of the alternatives, even if your gut feeling is that they’re evil for some reason.

XMPP clients generally allow you to specify which server you want to use and you can generally communicate with all of your contacts, even if they are on a different server.

In case of Wire, while the server is open source and you can setup a server, you also need to fork the client to change the server address (or at least I haven’t seen an option to specify a server) and all your contacts need to use the same server as you. I think that if we listed Wire, the majority of users going there would use the main server.

Wire Server does have an open issue about federating over XMPP which would change this situation and maybe then it could be recommended again, but I am personally not very optimistic towards either happening.

Judging by Kontalk’s GitHub page they are using the Tigase XMPP server and both appear to be open source. Status.im again appears to be listed as a worth mentioning P2P app, so there is no server.

1 Like

I completely agree with you, you can read here the reasons.

1 Like

Except you left out that Wires own policy states if you’re inside the US they will comply with US requests, so that’s zero advantage to Signal, and given that Wire encrypts less metadata than Signal, I’d say its a point to Signal.

Also, Signals policy clearly states in which circumstances they work with law enforcement and Wire added “necessary” to their circumstances without explaining what they will deem necessary.

So not only did Wire hide the fact they moved to the US, they also signed a partnership with the feds, then added “necessary” to their privacy policy and even remove the word privacy from their motto.

Signal is rolling out signups without a phone number in their beta apps, which for all intents and purposes will give Wire zero advantages (besides a better UI).

The article closes by saying users need to be willing to change services when they no longer adhere to the privacy of its users, it seems a lot of Wire users aren’t willing to consider their service of choice is longer serving their needs any longer.

1 Like

Please read here.

Except you left out that Wires own policy states if you’re inside the US they will comply with US requests, so that’s zero advantage to Signal, and given that Wire encrypts less metadata than Signal, I’d say its a point to Signal.

Wire jurisdiction is Swiss and servers are based in EU. Signal jurisdiction is USA and servers are based in USA. By considering USA only, they are equal. Even if signal is (slightly) better than wire about metadata, in both case, you can retrieve users identity if you are not using a VPN. Wire allows anonymous registration via email, so if you are using a VPN, nobody can retrieve your identity. Signal requires phone number, so you need a burner phone plus a VPN.

Signal is rolling out signups without a phone number in their beta apps, which for all intents and purposes will give Wire zero advantages (besides a better UI).

When signal will add such feature, wire will have MLS federation protocol something that signal will never adopt.
Moreover, wire is fully audited both protocol and applications while signal has only protocol.

The article closes by saying users need to be willing to change services when they no longer adhere to the privacy of its users, it seems a lot of Wire users aren’t willing to consider their service of choice is longer serving their needs any longer.

The article is full of inconsistencies and clearly biased.

1 Like

Being connected to a VPN doesn’t make you anonymous but shifts trust from your ISP to a VPN provider.

E-mail addresses and phone numbers are both personal data. And it isn’t anonymous.

MLS (The Messaging Layer Security (MLS) Protocol) is currently a draft, developed by Google, Cisco, Facebook, Inria, the University of Oxford, and Wire. It isn’t ready to use, and nobody knows when it will be ready. Besides, Signal uses a modern, widely adopted security protocol.

We neither are proponents nor opponents of Wire but such statements look like “I don’t have any objective arguments, so let’s call it BS.”

1 Like

E-mail address can be anonymous though, right?

But the main problem in this decision I see in fact that Keybase is (still) recommended, and their privacy policy is even worse than Wire’s and they collect more metadata (and are also US company, backed by VC)

If we agree that good E2EE implementation, 3rd party audit and being FOSS is enough to recommend centralized service, than Wire should be on the list. Even with note: “For non-US users only” :d But to be honest, neither Signal, Wire or Keybase are FOSS friendly as they claim

As I said, the main question is - Will they keep their service for private users as it is? If that is true, then there is really no reason not to use it, even in US

The main problem I see in Wire is that they shift completely towards business users, and IMO, Matrix (Riot) is better and cheaper for business use :slight_smile:

1 Like

Being connected to a VPN doesn’t make you anonymous but shifts trust from your ISP to a VPN provider.

A good VPN provider (mullvad) is more reliable than any ISP. Absolute security does not exist and will never exist.

E-mail addresses and phone numbers are both personal data. And it isn’t anonymous.

No, email address can by anonymous. There are providers that do not require any personal data and do not log any data (for instance protonMail).

MLS (The Messaging Layer Security (MLS) Protocol) is currently a draft, developed by Google, Cisco, Facebook, Inria, the University of Oxford, and Wire. It isn’t ready to use, and nobody knows when it will be ready. Besides, Signal uses a modern, widely adopted security protocol.

MLS will be ready by 2021. The servers federation is something that signal will never adopt, at least according to its creator. Signal and wire use the same protocol but a different implementation (the Axolotl protocol is not standardized).

We neither are proponents nor opponents of Wire but such statements look like “I don’t have any objective arguments, so let’s call it BS.”

I reported a lot of references that clearly show how PTIO is biased and inconsistent toward this decision. I know that you do not like to admit the truth of the facts.

A primary target audience of this site is normal non technical people looking for privacy solutions. The vast majority of people will not go out of their way (or even know how) to get a totally anonymous email. They will use their existing email. Yes you can work around the email requirement to make it anonymous but that is not the way it will be used most of the time.

Also it is important to point out that Morten Brøgger is the CEO of both Wire Swiss GmbH and the US based Wire Holdings Inc. That ties the everyday direction and management of Wire Swiss to both jurisdictions.

A primary target audience of this site is normal non technical people looking for privacy solutions. The vast majority of people will not go out of their way (or even know how) to get a totally anonymous email. They will use their existing email. Yes you can work around the email requirement to make it anonymous but that is not the way it will be used most of the time.

Well, if the target audience is normal non technical people, it is at least two times simpler using an anonymous email like protonMail or tutanota (wire) than buying or configuring a burner phone number (signal).

Also it is important to point out that Morten Brøgger is the CEO of both Wire Swiss GmbH and the US based Wire Holdings Inc. That ties the everyday direction and management of Wire Swiss to both jurisdictions.

This is wrong. Wire is a Swiss GmbH, Untermüli 9, CH-6300 Zug (“Wire”) is committed to protecting your information. Wire does not rent or sell your data to third parties. Moreover, the service jurisdiction is still based in Swiss and the servers are still based in UE (out of 14 eyes).
Wire blog:
In connection with the financing, our holding company moved from Luxembourg to the U.S., as we believe this will be helpful in future fundraising necessary to support our strong growth. Notwithstanding the foregoing, our current and future customers are licensed and serviced from Wire Switzerland, our software development team remains in Berlin, Germany, and our hosting is European-based. Our enterprise customers can deploy their own instance of Wire in their own data center.

1 Like

The facts are:
PTIO came to a reasonable decision. Now you try to revert it by whatever means, mainly citing the company that got delisted and adding an unsupported and unfinished protocol draft as a benefit.

1 Like

Your examples for email are still too technical for most people, to signup for either of these services without using a credit card or some other form of identifying data. Forget about them using cryptocurrency to pay. And the simple hassle of yet another online account for them to manage is too much.

This promise does not trump the law. They will now possibly be required to comply when compelled by California and US laws.

1 Like

The facts are:
PTIO came to a reasonable decision. Now you try to revert it by whatever means, mainly citing the company that got delisted and adding an unsupported and unfinished protocol draft as a benefit.

What? Please read here and here.
I’m just trying to show what are the facts not opinions, but I see once again how much you are biased.

Your examples for email are still too technical for most people, to signup for either of these services without using a credit card or some other form of identifying data. Forget about them using cryptocurrency to pay. And the simple hassle of yet another online account for them to manage is too much.

The same apply for a burner phone. Moreover, do not forget that protonMail and tutanota provide a free account that does not require any personal information. It is a simple registration process…

This promise does not trump the law. They will now possibly be required to comply when compelled by California and US laws.

Wire is a Swiss company under Swiss jurisdiction (USA users exception) and EU servers.

If you feel comfortable that you are protected under Swiss law then that is just fine. We differ in this opinion and you are standing by yours which I respect. I think Wire is a great product.

However my concern is that under the USA CLOUD Act it does not matter where in the world servers are physically located if a company is in US legal jurisdiction. I feel there is a real possibility given recent history that US intelligence agencies will use any power they can try to use to obtain information they want. Wire Swiss GmbH is owned by Wire Holdings Inc, which is based in USA. Therefore the argument can be made that since ownership of Wire Swiss GmbH was freely and deliberately put under full control of a new US corporation (as they themselves say to increase the ease of getting investments by specifically aligning the corporate structure within the US) then Wire management fully accepts the jurisdiction implications of such a move to the US.

I think this is also the opinion and concern of others here at PTIO. To me a promise by Wire not to share information they do have is not enough. They made a risk/reward decision to align the corporate structure from the top down under a US legal entity to gain more venture capital funding and future business opportunities. I wish them luck, but my data is now more at risk (my own opinion) so that risk is now over my threshold for tolerance and I am exiting.

If you feel comfortable that you are protected under Swiss law then that is just fine. We differ in this opinion and you are standing by yours which I respect. I think Wire is a great product.

It is not question of personal preferences or personal opinions, it is question of facts.

  • Protocol and cryptography: signal and wire use the same protocol, but different implementation. Both are fully e2e encrypted.
  • Open source: both signal and wire are fully open source.
  • Business model: Signal Messenger is a company supported by a non-profit foundation while Wire is a European GmbH company whose profit is linked to subscriptions for companies and users with advanced features.
  • Registration and contacts: signal requires a phone number to sign up and to operate while wire allows anonymous sign up via email and provides username. Both signal and wire allow to not sync contacts.
  • Metadata: signal stores in its servers the date and time of registration and the date of last connection. Moreover, it provides masking the sender of a message or data while leaving visible the date and time, sender and recipient IP. Wire stores in its servers the date and time of registration and IP geographical coordinates; it also stores the date and time of creation, creator, name and list of participants of a conversation for 72 hours.
  • Vulnerability: wire is fully audited both protocol and applications. Thank to the audit, wire has not any CVE according to NIST NVD database. Signal has an audit of protocol, but not for the applications. Moreover, there are well known corrected vulnerabilities in applications according to the NIST NVD database (NVD NIST database).

Facts clearly show that wire is more secure and private than signal in all aspects except metadata. On both services you can recover the user identity by using metadata for the normal user while the advanced user can prevent the problem as I described earlier.
So if PTIO maintains listed signal, it should list again wire. Otherwise, both need to be removed. It is a question of coherence, fairness.

However my concern is that under the USA CLOUD Act it does not matter where in the world servers are physically located if a company is in US legal jurisdiction. I feel there is a real possibility given recent history that US intelligence agencies will use any power they can try to use to obtain information they want. Wire Swiss GmbH is owned by Wire Holdings Inc, which is based in USA. Therefore the argument can be made that since ownership of Wire Swiss GmbH was freely and deliberately put under full control of a new US corporation (as they themselves say to increase the ease of getting investments by specifically aligning the corporate structure within the US) then Wire management fully accepts the jurisdiction implications of such a move to the US.

Please do not make confusion again. Wire blog:
In connection with the financing, our holding company moved from Luxembourg to the U.S., as we believe this will be helpful in future fundraising necessary to support our strong growth. Notwithstanding the foregoing, our current and future customers are licensed and serviced from Wire Switzerland, our software development team remains in Berlin, Germany, and our hosting is European-based. Our enterprise customers can deploy their own instance of Wire in their own data center.
So wire is a Swiss company not an USA company as signal. Wire is subject to Swiss laws and EU laws (GDPR) not USA laws (exception for USA users). Finally, if your are concerned about USA influences, you should worried about signal that is fully based in USA (5 eyes).

I think this is also the opinion and concern of others here at PTIO. To me a promise by Wire not to share information they do have is not enough. They made a risk/reward decision to align the corporate structure from the top down under a US legal entity to gain more venture capital funding and future business opportunities. I wish them luck, but my data is now more at risk (my own opinion) so that risk is now over my threshold for tolerance and I am exiting.

Wire cannot share nothing except some metadata after a request that needs to comply Swiss and EU laws (except USA users). Finally, signal can share metadata too after a request that needs to comply USA laws.

But again - what makes Keybase more trustful than Wire? It is everything Wire is, with more metadata collection, not 100% FOSS, worse privacy policy and less transparent funding (i.e. source of income)

My Keybase metada is under same law (CLOUD Act) as Wire’s. So I need to trust them. And we have to have in mind that collecting more or less metadata is usually related to available features. So for me it is ok that Riot, Keybase or Wire collect more, since they offer more than Signal

IMO, it’s ok to delist Wire, but in that case Keybase should’t be on the list also. Maybe even Riot.

I accept the risk, and use Wire (and Keybase, Riot & Signal). Cause threat model is also what should be considered when recommending or choosing IM/VoIP service. If I were hiding from US, UK, Swiss… government, I wouldn’t use any of those. So, what is the threat model of average PTIO visitor? Answer to that question is the answer whether Wire should be on the list or not. At least in Team Chat Platform section, since that’s what it is now

1 Like

You continually quote Wire’s blog as if it proves some point, but Wire does not get to create the laws of the US. Wire is 100% owned by a US company, which makes it subject to US laws. It doesn’t matter where they physically are located and are operating, it matters where they are legally incorporated. This makes them subject to a multitude of US regulations, such as the CLOUD Act (which requires “U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.”)

Additionally, as you apparently refuse to acknowledge, there are a multitude of other reasons Wire was delisted from PTIO, all of which were explained in the blog, but I will rehash them here for you anyways.

The Privacy Policy Change

Here we have two separate issues. The first is most obvious, they changed their privacy policy to say they can share user data (this includes the metadata we’ve referred to, such as every user you have ever communicated with) whenever they deem it “necessary”. Previously they stated they would only share this data when required by law.

Necessary is a weak word in this context, because it can be used in virtually any situation. Wire could say it was necessary to share your information to avoid business problems. If they didn’t share your information with advertisers for example, they might go out of business. Therefore it was necessary to share your data to continue offering the service. This is obviously only a hypothetical, and a highly unlikely one at that, but it shows that the new wording can be construed in any context.

But I think you may understand that. The second issue which you haven’t recognized is the fact that…

Wire decided not to disclose this policy change to its users, and when asked why, Brøgger was flippant in his response, stating: “Our evaluation was that this was not necessary. Was it right or wrong? I don’t know.”

This is an issue for a number of reasons. Firstly, of course this was a change that needed to be more clearly communicated, because as stated above it has a direct impact on the type of data sharing Wire is allowed to do. And, as you have stated yourself, Wire is worse than most other messengers when it comes to things like metadata, data that has already been well established as virtually-just-as-useful as content data itself, to advertisers and government parties alike.

Secondly, the fact that Wire, a company creating a privacy-focused messenger, and its CEO did not even consider the possibility that this was an issue is alarming. If we can’t trust them as a company to perform basic tasks like this, how are they a good recommendation?

Jurisdiction

I will again reiterate this point: Wire being US-based is not the only reason they were delisted and is not a reason to delist other US-based organizations like Signal.

However, Wire obfuscating their jurisdiction by continually stating their operations are Swiss-based while they are wholly owned by an American company is misleading at best. It’s something you and presumably many others will fall for, which is not really acceptable behavior from the Wire team. They should be more clear about their obligations.

Wire being Swiss-based and US-owned means it is subject to both the US and EU regulations. Typically we’d like to see less jurisdictional power over a service, not more of it.

Privacy

Wire has — for several years now in fact — been pivoting away from the privacy space as a whole. Sometime in late 2017 they removed all mention of even the word “privacy” from their homepage, where it was previously proudly displayed.

The shift from the “full privacy” Wire messenger of Oct 2017 to the “secure messenger” of Nov 2017 marked the first in this series of business changes from Wire. The only mention of “privacy” on the homepage now was on the fact they were subject to European privacy laws, text they changed to “European data protection laws” in Feb 2018. This to me demonstrates a cultural shift at Wire from a messenger that respects your privacy to a messenger that protects your data. These are similar but distinct concepts. The former to me at least seems like more of a commitment to user control over how their data is used when using their app, the latter seems like a mere commitment to hiding information from third-parties.

Personal Use

In a similar shift to the one above, Wire has been slowly but surely pivoting away from personal use of their app entirely, preferring to cater to the — presumably more lucrative — business communication segment, targeting Slack and Skype for Business users.

Go to Wire.com today and you will find no mention of their free Personal plan at all, not under their Solutions navbar menu, and no longer even on their pricing page. This to me is a problem for two reasons:

  1. Of course, as a general-purpose instant messenger we’re recommending, the free plan is a requirement, because there are many other services (Signal, Keybase, Matrix) that provide as-good or better functionality at no cost. When we recommend Wire (even though it technically does have a free plan), many users may not recognize this when they visit the site and will choose to purchase Wire Pro to use it, or worse, give up on it and stick with whatever they were using before because “oh no the private solutions cost too much!!1” — The former is obviously Wire’s goal, but we believe that is misleading.

  2. Perhaps more importantly, these gradual changes appear to put the personal plan in jeopardy altogether. Changes to the personal plan in general appear to have been put on the back burner in favor of more business-friendly modifications, and their slow removal of any evidence it even exists is the obvious first step towards removing it altogether.

As a company, Wire obviously no longer cares about their individual users, and that is something we need to take into account when we recommend their product. Yes, their personal plan still technically works, but that isn’t exactly comforting long-term.

Final Thoughts

I want to say that this is all — of course — fine for Wire to do and I’m fine with the fact that they’ve found a sustainable business model. But regarding them having a sustainable business model…

Their new business model will undoubtedly be great for them as a company. It just isn’t something PrivacyTools can recommend any longer, and it isn’t a pivot the privacy community in general should be accepting of.

5 Likes