|
Ok, as several people have pointed out, there are portions that are open source. However, this doesn't help much. It's better than iMessage, for example. With iMessage, the protocol is described, and we can confirm that it is a "secure" protocol, for some definition of secure, but we have no idea if that's what they actually use. With Wire, we can go a step further, the protocol is described in code, so we can verify that the code is correct, however we still cannot verify that this is indeed the code being used. A step further, which as far as I can tell doesn't exist, would be to provide a bare-bones client (maybe a command line interface) that can be reproducibly built, so that people can interact with other Wire users, using code they built themselves, this would show that the protocol that the open source code describes is being used, however there's still the possibility of the closed-source Wire app subverting it in some way, perhaps with decreased entropy in random numbers, for example. I apologise for not reading closely enough to see the GitHub link, but I also don't think this gets Wire anywhere near the level of Signal for example, which I have compiled and run myself in the past (and contributed to). |