[danpalmer]

Wire launched at least a year ago, if not earlier, and I have the same question now that I had then: Why should I use it?

For good security, I have email/PGP which has few of my friends, but lots of usage for secure communication.

For secure chat I have Signal which some of my friends use, but not many.

For most of my chat I have WhatsApp which is relatively secure, and has a relatively good UI. Almost all my friends and family have this.

For the rest of my chat I have Facebook Messenger which isn't secure in the slightest, but it also has almost all of my friends and family on it. It has a very good UI, and lots of features that I make good use of.

Wire on the other hand has almost none of my friends, isn't open, so can't be any more secure than WhatsApp, and has a pretty but ultimately annoying UI, and very few features.

[ukblewis]

Hi Dan,

I'm not using Wire yet - so I'm just quoting their marketing material - but they directly address your comments: "Wire uses open-source cryptography to encrypt all content. We made the source code for data handling available to the public under the GPL License. This means that anybody can review the source code." "Only Wire offers fully encrypted calls, video and group chats available on all your devices, on any modern platform. Unlike niche security apps we do not sacrifice usability for security — Wire is simple and straightforward to use."

[swiley]

It sounds like the app itself is closed though. Skype probably used openssl (open source crypto) on Linux but that didn't make it secure.

[danpalmer]

I looked for an obvious link to the code, I must have missed this.

Thanks for pointing it out!

[danpalmer]

Ok, as several people have pointed out, there are portions that are open source. However, this doesn't help much.

It's better than iMessage, for example. With iMessage, the protocol is described, and we can confirm that it is a "secure" protocol, for some definition of secure, but we have no idea if that's what they actually use. With Wire, we can go a step further, the protocol is described in code, so we can verify that the code is correct, however we still cannot verify that this is indeed the code being used.

A step further, which as far as I can tell doesn't exist, would be to provide a bare-bones client (maybe a command line interface) that can be reproducibly built, so that people can interact with other Wire users, using code they built themselves, this would show that the protocol that the open source code describes is being used, however there's still the possibility of the closed-source Wire app subverting it in some way, perhaps with decreased entropy in random numbers, for example.

I apologise for not reading closely enough to see the GitHub link, but I also don't think this gets Wire anywhere near the level of Signal for example, which I have compiled and run myself in the past (and contributed to).

[746F7475]

Which one of these are you using for VoIP on your computer?

[danpalmer]

I use Hangouts at work because it's easy to get it on the screens in our office. I don't use VoIP in my personal life much, and never on a computer, I'd rather use a phone (and therefore either a phone call, or Signal).

[746F7475]

So then maybe this isn't for you, but for me it completely replaces WhatsApp and Signal on my phone and now I don't need Skype on any of my computers (Linux for work, OSX on the go, and Windows at home) and all my conversations sync between my phone and computers.

[smartbit]

> but for me it completely replaces WhatsApp and Signal

By it you mean Wire.com? interesting. Do you allow Wire.com access to your address book on your mobile device? See https://news.ycombinator.com/item?id=11288169

[JohnKacz]

> isn't open

Their privacy page (in the comparison table) claims they are open source. I didn't see any links to their code however.

edit: Sorry, reading on mobile (after just waking up) and didn't see the link. Thanks @ukblewis

[ukblewis]

Dude, read the webpage before you comment, they link to it: https://github.com/wireapp

[chrisxcross]

Well, they seem to have some opensourced some of their code. But they are far away form being free software although they claim to use the GPL. If I can't build the software myself, I won't use it.

[xiphias]

It means that it's partly open source, which means that the marketing material is lying. It's OK for a company to not be 100% open source, but it's not OK to lie, especially if trust is needed.

[zump]

Your kidding, right?

It's 2016, and technical people are still asking why people should use $SINGLE_APP instead of $COLLECTION_OF_OTHER_APPS_WITH_POOR_UI.

You'd think people would learn by now.