You continually quote Wire’s blog as if it proves some point, but Wire does not get to create the laws of the US. Wire is 100% owned by a US company, which makes it subject to US laws. It doesn’t matter where they physically are located and are operating, it matters where they are legally incorporated. This makes them subject to a multitude of US regulations, such as the CLOUD Act (which requires “U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.”)
Additionally, as you apparently refuse to acknowledge, there are a multitude of other reasons Wire was delisted from PTIO, all of which were explained in the blog, but I will rehash them here for you anyways.
Necessary is a weak word in this context, because it can be used in virtually any situation. Wire could say it was necessary to share your information to avoid business problems. If they didn’t share your information with advertisers for example, they might go out of business. Therefore it was necessary to share your data to continue offering the service. This is obviously only a hypothetical, and a highly unlikely one at that, but it shows that the new wording can be construed in any context.
But I think you may understand that. The second issue which you haven’t recognized is the fact that…
Wire decided not to disclose this policy change to its users, and when asked why, Brøgger was flippant in his response, stating: “Our evaluation was that this was not necessary. Was it right or wrong? I don’t know.”
This is an issue for a number of reasons. Firstly, of course this was a change that needed to be more clearly communicated, because as stated above it has a direct impact on the type of data sharing Wire is allowed to do. And, as you have stated yourself, Wire is worse than most other messengers when it comes to things like metadata, data that has already been well established as virtually-just-as-useful as content data itself, to advertisers and government parties alike.
Secondly, the fact that Wire, a company creating a privacy-focused messenger, and its CEO did not even consider the possibility that this was an issue is alarming. If we can’t trust them as a company to perform basic tasks like this, how are they a good recommendation?
I will again reiterate this point: Wire being US-based is not the only reason they were delisted and is not a reason to delist other US-based organizations like Signal.
However, Wire obfuscating their jurisdiction by continually stating their operations are Swiss-based while they are wholly owned by an American company is misleading at best. It’s something you and presumably many others will fall for, which is not really acceptable behavior from the Wire team. They should be more clear about their obligations.
Wire being Swiss-based and US-owned means it is subject to both the US and EU regulations. Typically we’d like to see less jurisdictional power over a service, not more of it.
Wire has — for several years now in fact — been pivoting away from the privacy space as a whole. Sometime in late 2017 they removed all mention of even the word “privacy” from their homepage, where it was previously proudly displayed.
The shift from the “full privacy” Wire messenger of Oct 2017 to the “secure messenger” of Nov 2017 marked the first in this series of business changes from Wire. The only mention of “privacy” on the homepage now was on the fact they were subject to European privacy laws, text they changed to “European data protection laws” in Feb 2018. This to me demonstrates a cultural shift at Wire from a messenger that respects your privacy to a messenger that protects your data. These are similar but distinct concepts. The former to me at least seems like more of a commitment to user control over how their data is used when using their app, the latter seems like a mere commitment to hiding information from third-parties.
In a similar shift to the one above, Wire has been slowly but surely pivoting away from personal use of their app entirely, preferring to cater to the — presumably more lucrative — business communication segment, targeting Slack and Skype for Business users.
Go to Wire.com today and you will find no mention of their free Personal plan at all, not under their Solutions navbar menu, and no longer even on their pricing page. This to me is a problem for two reasons:
Of course, as a general-purpose instant messenger we’re recommending, the free plan is a requirement, because there are many other services (Signal, Keybase, Matrix) that provide as-good or better functionality at no cost. When we recommend Wire (even though it technically does have a free plan), many users may not recognize this when they visit the site and will choose to purchase Wire Pro to use it, or worse, give up on it and stick with whatever they were using before because “oh no the private solutions cost too much!!1” — The former is obviously Wire’s goal, but we believe that is misleading.
Perhaps more importantly, these gradual changes appear to put the personal plan in jeopardy altogether. Changes to the personal plan in general appear to have been put on the back burner in favor of more business-friendly modifications, and their slow removal of any evidence it even exists is the obvious first step towards removing it altogether.
As a company, Wire obviously no longer cares about their individual users, and that is something we need to take into account when we recommend their product. Yes, their personal plan still technically works, but that isn’t exactly comforting long-term.
I want to say that this is all — of course — fine for Wire to do and I’m fine with the fact that they’ve found a sustainable business model. But regarding them having a sustainable business model…
Their new business model will undoubtedly be great for them as a company. It just isn’t something PrivacyTools can recommend any longer, and it isn’t a pivot the privacy community in general should be accepting of.