Skype Co-Founder Launches End-To-End Encrypted 'Wire' App (reuters.com)

← Back to Stories (view on slashdot.org)

Skype Co-Founder Launches End-To-End Encrypted 'Wire' App (reuters.com)

Posted by BeauHD on Friday March 11, 2016 @12:13PM from the private-conversations dept.

An anonymous reader writes: A group of former Skype technologists, backed by the co-founder of the messaging platform, has introduced a new version of its own messaging service that promises end-to-end encryption for all conversations, including by video. Wire, a 50-person start-up mostly made up of engineers, is stepping into a global political debate over encryption that pits privacy against security advocates, epitomized by the standoff between the U.S. government and Apple. Wire, which is headquartered in Switzerland and Germany, two of the most privacy-friendly countries in the world, relays communications through its network of cloud computers where user communications are stored, in encrypted form, on their own devices. It delivers privacy protections that are always on, even when callers use multiple devices, such as a phone or desktop PC simultaneously. For voice and video calls, Wire uses the same DTLS and SRTP encryption standards found in the peer-to-peer WebRTC protocol. Rivals such as Facebook's Messenger and WhatsApp or Telegram offer encryption on only parts of a message's journey or for a specific set of services, the company said. "Everything is end-to-end encrypted: That means voice and video calls, texts, pictures, graphics -- all the content you can send," Wire Executive Chairman Janus Friis told Reuters.

36 of 52 comments (clear)

Min score:

Reason:

Sort:

From Theri Privacy Policy by Sax+Russell+5449D29A · 2016-03-11 12:21 · Score: 3, Informative

Using the Service to communicate by chat, our servers store the content of your chat conversation and log other information such as the time and date of your conversations, and the other user or users with whom you are communicating.
Kind of awkward if that means what I think it means.

--
-SR
1. Re:From Theri Privacy Policy by kheldan · 2016-03-11 12:28 · Score: 2
  
  Oh don't worry about it. They probably just do that so they can wordfilter 'allahu akbar' to read 'we love America'.
  
  Oh, look over there! A puppy!
  
  --
  Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
2. Re:From Theri Privacy Policy by Anonymous Coward · 2016-03-11 12:42 · Score: 1
  
  i can't find " our servers store the content of your chat conversation" in their privacy policy or security policy... source please.
3. Re:From Theri Privacy Policy by UnderCoverPenguin · 2016-03-11 13:10 · Score: 1
  
  As of this posting, I found and read the following in their policy:
  
  When using the Service to make or receive calls, our servers log and collect time and date of your calls, and the other user or users with whom you are communicating. We do not collect and store content of the calls.
  
  So it does store the meta data, which can be very dangerous in and of itself.
  Of course, even though parts of the app are open source, it's still a proprietary app. No way to be sure the app isn't sending your keys to the service.
  
  --
  Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
4. Re:From Theri Privacy Policy by Anonymous Coward · 2016-03-11 13:12 · Score: 1
  
  https://wire.com/legal/#what-information-do-we-collect
  
  2.3 Shared information you post in chats. Using the Service to communicate by chat, our servers store the content of your chat conversation and log other information such as the time and date of your conversations, and the other user or users with whom you are communicating.
  So yeah, it's there. They also tried to access my phone's camera via Firefox when I visited their site. Rather strange and not comforting at all.
5. Re:From Theri Privacy Policy by Burz · 2016-03-11 14:11 · Score: 1
  
  TFA is awkward, too... It waves away Signal's open source status because they think video is so much more important, going so far as to proclaim Wire "the best" on that basis. Lets also forget that Skype's original closed protocol (i.e. from same coder) was cracked.
  Uh, no...
6. Re:From Theri Privacy Policy by KGIII · 2016-03-11 19:47 · Score: 1
  
  Does it do more than qTox?
  Also, I'm pretty sure qTox has been doing this sort of thing (end-to-end encryption) for quite a while unless I'm missing something.
  If anyone is unfamiliar with it, you can read about it here.
  
  --
  "So long and thanks for all the fish."
7. Re:From Theri Privacy Policy by whopub · 2016-03-12 04:22 · Score: 1
  
  All the US government has to do to sort this whole encryption thing is to get ahead of the game. Use a company like this as a front, develop a trully 'safe' system (it can very well be 'unbreakable' as they'll have a backdoor) and problem solved. It becomes popular, it's free or dirt cheap, everyone uses it and they're set. It's something like having the KGB be your phone operator.
8. Re:From Theri Privacy Policy by Fnord666 · 2016-03-12 06:28 · Score: 1
  
  All the US government has to do to sort this whole encryption thing is to get ahead of the game. Use a company like this as a front, develop a trully 'safe' system (it can very well be 'unbreakable' as they'll have a backdoor) and problem solved. It becomes popular, it's free or dirt cheap, everyone uses it and they're set. It's something like having the KGB be your phone operator.
  Right up until the time, through data sharing, some law enforcement organization forgets to use parallel construction and the details about the program come out in a court proceeding before the Feds can seal the transcript.
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
9. Re:From Theri Privacy Policy by Sax+Russell+5449D29A · 2016-03-12 07:06 · Score: 1
  
  At first glance that looks a lot like the old privacy-oriented chat/file-sharing client WASTE. It was a really interesting piece of software, but rather difficult to set up and use. I wonder if qTox has avoided similar shortcomings.
  
  --
  -SR
10. Re:From Theri Privacy Policy by KGIII · 2016-03-12 07:17 · Score: 1
  
  I had no issues getting it installed. Configuration was point and click, it's pretty simple and supports portable use as well as installation. 'Tis pretty simple, really. Give it a shot, if you're interested.
  
  --
  "So long and thanks for all the fish."
11. Re:From Theri Privacy Policy by Fnord666 · 2016-03-12 07:37 · Score: 1
  
  Does it do more than qTox?
  Well, it has an iOS client for one.
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
12. Re:From Theri Privacy Policy by teller · 2016-03-12 08:16 · Score: 1
  
  Good catch. It was a case of our legal docs not being in sync with our technology. Both our Terms of Use and Privacy Policy have been updated confirming our commitment to privacy and security. We do relay messages via our server but as said, all content is end-to-end encrypted and it’s impossible for us to see the contents of the messages. wire.com/legal
13. Re:From Theri Privacy Policy by Sax+Russell+5449D29A · 2016-03-12 08:24 · Score: 1
  
  Ah, now that I see that there's an ncurses client, how could I ever resist trying it. :-)
  
  --
  -SR
14. Re:From Theri Privacy Policy by Sax+Russell+5449D29A · 2016-03-12 12:07 · Score: 2
  
  It's nice to see you are actively scanning general discussions for areas in need of improvement, that's a big bonus.
  
  --
  -SR
15. Re:From Theri Privacy Policy by lsatenstein · 2016-03-13 13:31 · Score: 1
  
  In 2012, My partner and I were selling an encryption software using the SPYRUS key. We did not use the SPYRUS for doing the encryption, but we used it to store a one kilobyte set of pseudo key data.
  The keys consisted of a table of bytes, prepared by the corp security specialist and with our salting algorithm. To encrypt a message, the SPYRUS had to be logged into by individual, which in turn allowed the software to use four integers, integers indexed into this table to retrieve the keys. That sequence of data retrieved was the encryption key, or the decryption key. The incrypted file header had the list of the integers.
  Our business partner developed an AES algorithm for the cellphone that encrypted your voice in very near realtime (a few milliseconds delay). You needed a matching cellphone at the other end to be able to decrypt the voice message or anything transmitted (SMS, etc.). It did not matter if the encrypted message was sent in the clear.
  For every encryption methodology, there is a smarter and stronger one around the corner. If it is known that the government can hack a cellphone, do you not think that a few hundred or thousand individuals would be doing likewise? There goes your online banking security, your medical records and the like.
  
  --
  Leslie Satenstein Montreal Quebec Canada
Yeah... so fucking what by Anonymous Coward · 2016-03-11 12:27 · Score: 5, Interesting

If it gets popular they'll just sell it out to some company that will gut the shit out of any privacy it has.
JUST LIKE SKYPE.
Go fuck yourself dude. Fooled us once already.
until it's not by turkeydance · 2016-03-11 12:28 · Score: 2

promises to attract who is "of interest" to Signals Intelligence.
1. Re:until it's not by UnderCoverPenguin · 2016-03-11 12:59 · Score: 2
  
  It's software. Without trusted hardware to run the app on, the security can be circumvented.
  
  --
  Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
Yeah right by Anonymous Coward · 2016-03-11 12:29 · Score: 2, Interesting

and we know how "secure" Skype was
http://www1.cs.columbia.edu/~s...
looking at the Skype binary its obvious that even MS cant see inside the box as their "enhancements" are tacked around the original encrypted binary.
just remake the original Skype like it was, ie firewall traversal, p2p, ee encryption, crystal clear audio/video oh and this time fully open source (unlike this Wire).
Whisper System's "Signal" already available by Burz · 2016-03-11 12:35 · Score: 4, Informative

Wire appears to compete with Signal. And there are others, some of which the EFF has reviewed: https://www.eff.org/secure-mes...
Encrypted in NEW 256 bit AES! by Anonymous Coward · 2016-03-11 12:39 · Score: 2, Insightful

And to think, the NSA still bugs the network feeds at both ends, if it wants, under super-NDA, without a court-order or any other kind of oversight at all, really.
Idiots?
Re:Yeah... so fucking what by fustakrakich · 2016-03-11 12:45 · Score: 1, Interesting

Oh please! Tell me you won't take a billion or two. And so what? They're making another service. If they sell it, they might make another after that, turtles all the way down. Just move to the next service they create. If I remember right, Skype encryption was difficult to break. So call this one version 2, and ignore Microsoft's version.

--
“He’s not deformed, he’s just drunk!”
Business model? by NotInHere · 2016-03-11 13:10 · Score: 5, Informative

1. They claim that wire is free (as in beer).
2. They claim that wire protects your data and privacy.
3. They claim that wire runs no ads.
4. They run a profit oriented company, not an open source foundation, and I have heard nothing about their business model
Its easy to confirm claims 1, 3 and 4. Its very hard to confirm claim 2. What do they want to make money with?
Am I supposed to believe they are altruist?
1. Re:Business model? by Anonymous Coward · 2016-03-12 05:05 · Score: 1
  
  What do they want to make money with?
  Startup 101. Three easy steps.
  1. create 'free' service, attracting massive userbase and generating much free publicity for being the next big thing
  2. acquire venture capital based on you being the trendy new flavor of the month and that massive userbase
  3. sell out for billions before the buzz dies and vc dries up.
  you need no plan for creating profit.. figuring out how to make money off what you created is the job of the company that buys you.
2. Re:Business model? by vandamme · 2016-03-13 14:00 · Score: 1
  
  Like Twitter, they make it up in volume.
End to end by Dunbal · 2016-03-11 13:39 · Score: 1

Just don't look at the bit in the middle, but both ends are encrypted.

--
Seven puppies were harmed during the making of this post.
What is up with their flickery as f**k website by bhspencer · 2016-03-11 14:47 · Score: 2

Surprised didn't have a seizure just scrolling down their main page.
1. Re:What is up with their flickery as f**k website by bhspencer · 2016-03-11 14:51 · Score: 2
  
  Its better after you remove their #animation div. Shakes head.
2. Re:What is up with their flickery as f**k website by bhspencer · 2016-03-11 14:55 · Score: 1
  
  They are trying to sell this so hard. Matrix style animations, links to security "white papers". Its just end to end encryption. Any 2nd year CS student can write this.
3. Re:What is up with their flickery as f**k website by Fnord666 · 2016-03-12 06:36 · Score: 1
  
  They are trying to sell this so hard. Matrix style animations, links to security "white papers". Its just end to end encryption. Any 2nd year CS student can write this.
  So why aren't we awash in a sea of available programs? Maybe they could but do they? An entire repository full of non-existent programs is worth "doodly squat".
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Seriously murky shit in the "privacy" whitepaper by subk · 2016-03-11 19:09 · Score: 2

4.2 Types of Usage Data
Wire client applications collect several types of usage data:
+ Crash Reports
+ Viewed screens data
+Aggregated usage statistics
+App events data
4.2.1 Crash reports
4.2.2 Aggregated usage statistics
Ummm... WTF happened to the description paragraph for Viewed Screens Data?

--
Now, if you'll excuse me, I have backups to corrupt.
Re:Yeah... so fucking what by fustakrakich · 2016-03-11 21:19 · Score: 1

Or maybe he dumped it on a couple of suckers, and the new version is better. Being end-to-end is an improvement for what it's worth. It would be silly not to take the deal when you're giving up something already obsolete. Damn thing could be a honeypot, who knows? I wouldn't use a damn computer if I wanted privacy anyway. Please, save save the righteous indignation for the big screen. It's so overdone.

--
“He’s not deformed, he’s just drunk!”
Too late by Wowsers · 2016-03-11 22:09 · Score: 1

Skype has a huge installation base despite it being insecure since Microsoft's purchase of Skype. I cannot get anyone in my social circle to dump Skype in favour of any already out there encrypted IM or video chat.
Apart from that, Skype is a load of bloated junk on Windows, and on Linux, it hasn't been updated in years.. maybe a good thing in some respects. It doesn't get proper integration with PulseAudio and KDE, and is still a 32 bit only install (for non-Deb installs). Skype is the only 32 bit application that I have to install a lot of 32 bit junk on a 64 bit machine.

--
Take Nobody's Word For It.
End-to-end encryption, you say? by psychonaut · 2016-03-12 04:14 · Score: 1

I'll believe it when they release the source code. (Because obviously they're going to do that, right?)
Is AES easily hacked? by lsatenstein · 2016-03-13 13:38 · Score: 1

When AES was first introduced, the entire encryption / decription was done in RAM. That RAM execution meant that to discover the keys would require many computers running in parallel, in a divide and conquer approach.
And then along came Intel with the integrated AES instruction. Substantially faster than the RAM version, so much so, that now, instead of say 50 computers to break the AES encryption, it could be done with 25. And with Skylake, (I7), used in a bank of computers, my gut feeling is that any AES encryption can be broken in a week or less.
Its time to reconsider Bruce Schnier's algorithms (twofish, followed by Cypher Block Chaining). If I were to build a secure encryption algorithm, I would not use AES.

--
Leslie Satenstein Montreal Quebec Canada