I’ve read some posts in reddit that says wire now may store data on users. But their messenger is still E2E encrypted right? Is wire insecure as of 2023??
We’re all using their Personal version. I read somewhere that they delete undelivered messages at the 72hour mark, as well as any metadata. However, just as for Signal* and other client-server apps, some metadata is required just to keep the connection alive. And other metadata is looked at but not necessarily saved, just to set things like browner/app resolution, language, and things like that. It’s not necessarily all malicious. And metadata is not your message content. *Signal is just less open about it, calling it “other” information in their fine-print.
However, the Enterprise (paid) version now has a feature called legal hold, so that companies required by law, to maintain documentation, audit-trails, and whatnot, including of all their communications, are now able to satisfy those legal requirements. When placing a message thread onto that status in the Enterprise version only, they are able to keep the conversation. They’ve also upgraded private/personal users to Enterprise for free - and I don’t know if it has anything to do with that feature, or a warrant, or if it was just them being nice to people who have some chatrooms to manage.
Although it’s all e2ee, quantum computing for all agencies is just around the corner. So I don’t know if we should be concerned or not.
As for Wire version 4, it no longer has ephemeral messages, it doesn’t let you unfriend or leave groups. You can no longer edit your username (I used to post a temporary edit, that I’d change back after, so that anything posted online doesn’t link to me). With the mess of an app that they’ve deployed prematurely through forced updates, I’ve dropped Wire and have reverted back to WhatsApp with those I know, while exploring other replacement apps.
I tried Session for a bit, but don’t like certain shortcomings and workarounds that they implemented and which totally contradict their stance on privacy (for example their centralized server in Canada for file transfers and calls, and them abandoning perfect-forward-secrecy). I’m going to give Skred a try next. It’s totally anonymous, distributed(p2p), collects no metadata at all. Has message recall. It’s not open-source, but neither were Wire, Wickr, or Signal, years ago - and that didn’t make them bad.
Wire jurisdiction: Wire falls under Swiss law, and their server farm is in Germany (for performance - minimal lag, quickest ping and highest data transfer rates in the world). I don’t know if an international warrant can force them, under Swiss law, to start just saving everything as they can if it were in the US. Even if it is e2ee, quantum computing is coming.
One has to wonder.
In software development, there is under-development, alpha (which is pre-beta), then beta releases for testing by the public, then a final release. This is pre-alpha, where not all features are yet implemented, and they’ve forced it onto all users. Heck, they couldn’t even be bothered to add dark mode back into it (it’s of minor “importance”, but they have the color translations already figured out from the previous version, so it’s not like it’s hard or resource-consuming that it had to be pushed to the bottom of priorities).
None of the peer security reviews of the past are valid anymore, so, since features are missing, it’s still under development, I believe it has to be considered unsafe.
Look into Skred guys. (and I hear it has more downloads than Wire, Wickr, Element, Trillian _combined_)
But on the other side they allow pseudonymous accounts right?
What do you use it for? On an adult (hey, I has no shame about my past times) site I frequent, I’ve seen some people drop their username on some sites. Just tryin to peak outta my shell wondering about how others found their way to wire.
Simplex tells you how necessary a p2p is to privacy, and then go using a central server in Canada for your file transfers. in Canada of all places! a 5-eyes country! can you believe it?
You can’t make voice or video calls - unless you try the beta. But because blockchhain is so laggy (3seconds is typical), these calls might be getting routed through that same server farm as the file transfers, in Waterloo Ontario. And no word on whether voice and video calls are being encrypted or not. If someone has committed information from Session, please let me know so I can add more details.
So in Simplex’s own words, central is bad, central compromises your security. Therefore, it can be inferred that Simplex compromises your security with their file transfers through a central server. See how that works?
How’s simplex for privacy?
Leave
r/onions386,155 membersJoin
i’m looking into Skred, and it sounds perfect, but why so little suggestions for it and so little users?
that sounds quite original: a private blockchain peer to peer, to protect privacy, so that you can compromise your privacy by publishing personal stuff.
Sorry to state the obvious, but what is the point of this, if everything you post on social media are personally-identifying things?
You can just as well get a fake phone number verification on facebook, and use it over Orbot or any other VPN, to remain private. But what’s the point? As long as advertisers can’t link to your real phone. Or use a unique email that you don’t use anywhere else, to register, if they’re still allowing email only. Facebook won’t allow you to post anything illegaI anyways, so it’s not like you have to to the world’s best job at hiding yourself. (and if you needed to do that, that defeats the purpose of a social network anyways - distributed or not).
they tried very hard to implement PFS (perfect forward secrecy). I remember reading about their progress on their blog. At first, it was a promise and commitment. But in the end, they gave up on the idea. it was too uncertain because of the nature of blockchain and their p2p: if a single node was offline, when a message was deleted, that node would broadcast it all back when it came back online. that was only one of the issues.
Now instead, Session devotes much efforts to reassure you that they have other measures to mitigate risks. Uh ok, but so do other messengers - who still have PFS.