[zedred]

That's like saying there's a targeted campaign to ignore Skype because these articles don't mention it. You might like Wire, but it's not an app that people concerned with privacy should be using.

They have done a bunch of shady things:

1. They lied about having end-to-end encryption in their app: http://www.pcworld.com/article/2855745/new-communications-ap...

2. They lied about being open source for years.

3. They lied about being based in switzerland.

They also have serious problems with their app:

1. The "encrypted" calls leak enough information to be able to reconstruct the audio.

2. Many features in the app, like GIF search, transmit plaintext directly back to Wire.

3. They rolled their own crypto, and experts disapprove of the choices they made.

Journalists who write articles like this and don't mention Wire are doing their job. They've consulted with experts and aren't spreading misinformation.

[Siimteller]

> 1. They lied about having end-to-end encryption in their app

That was before I joined but that got fixed in 24 hours. Not sure how the incorrect claim made it live in the first place.

> 2. They lied about being open source for years.

Wire open sourced it's crypto protocol in March 2016. It never claimed to be open source before that. It further open sourced it client apps in July 2016 and will open source server some time in 2017.

> 3. They lied about being based in switzerland.

Citation needed. Wire is registered and headquartered in Switzerland with an office in Zug.

> 3. They rolled their own crypto, and experts disapprove of the choices they made.

Link?

[mei0Iesh]

You can't list a bunch of serious claims like the audio can be reconstructed with no additional information. There was a feud between the Signal people and Wire, so there is a lot of false info trying to smear Wire.

GIF searches are obviously going to use a 3rd party service, and nobody should expect some kind of anonymous encrypted channel for GIF searches. That's ridiculous.

I've not seen any lying about being open source. They haven't released every piece of code, but I don't recall them ever claiming they did. https://github.com/wireapp

I've never seen any crypto experts who have audited Wire and said there's anything wrong with their choices, and you supplied no links.

Between all the options, including Signal, I personally think Wire is best, and nothing you've provided has any reason to change that.

[joshuata]

I thought the same as you about gif search until I saw what signal is planning for the feature: https://whispersystems.org/blog/giphy-experiment/

By proxying the encrypted request through another server, signal never sees the content of the request and giphy never gets the identity of the requester. I'm not sure that this is strictly necessary, but it certainly increases my confidence that the signal team are serious about their work.

[zedred]

> GIF searches are obviously going to use a 3rd party service, and nobody should expect some kind of anonymous encrypted channel for GIF searches. That's ridiculous.

GIF searches aren't being transmitted to a third party service, they're being transmitted directly to Wire in plaintext: https://github.com/wireapp/wire-android-sync-engine/blob/4d5...

There's tons of stuff like that which leaks in the app. They store your entire contact list server-side, your plaintext group membership, group info like plaintext group name and plaintext group avatar, etc etc.

> I've not seen any lying about being open source. They haven't released every piece of code, but I don't recall them ever claiming they did.

Since their launch several years ago, they've had a "feature" matrix on their website that lists Wire as being open source (and their competitors as not being open source). That was long before their recent "open source" announcement (which still isn't even fully open source). When pressed, they said it was because they used some open source libraries. That's really shady.

> I've never seen any crypto experts who have audited Wire and said there's anything wrong with their choices, and you supplied no links.

Here's one example I saw recently:

https://www.cs.jhu.edu/~cwright/oakland08.pdf

They're vulnerable:

https://github.com/wireapp/wire-audio-video-signaling/blob/c...

Even worse, they also apparently include plaintext RTP headers with audio level information in them.

[mei0Iesh]

Thanks for trying, but it appears to me you're paranoid. The user directory in Wire is public. It is no secret that you're on there. They need information about whom you're connected to for the service to work. I'm not worried about GIF searches, or contact list. I'd prefer the contents of my conversations with family weren't archived on remote servers. Wire accomplishes that in the best way. It's a useless academic concern that audio level information would be in headers, and the paper you linked is of no relevance. I still see no reason why I'd not want to use Wire. For talking to family and friends in a reasonably private way we cannot get from using services from Facebook and Google, I think Wire is an excellent application.

[kuschku]

> They store your entire contact list server-side, your plaintext group membership, group info like plaintext group name and plaintext group avatar, etc etc.

One has to remember that Signal also stores some social graph data, which is equally problematic.

I can’t reocmmend either.

[zedred]

I don't think that's true: https://whispersystems.org/bigbrother/eastern-virginia-grand...