| > GIF searches are obviously going to use a 3rd party service, and nobody should expect some kind of anonymous encrypted channel for GIF searches. That's ridiculous. GIF searches aren't being transmitted to a third party service, they're being transmitted directly to Wire in plaintext: https://github.com/wireapp/wire-android-sync-engine/blob/4d5... There's tons of stuff like that which leaks in the app. They store your entire contact list server-side, your plaintext group membership, group info like plaintext group name and plaintext group avatar, etc etc. > I've not seen any lying about being open source. They haven't released every piece of code, but I don't recall them ever claiming they did. Since their launch several years ago, they've had a "feature" matrix on their website that lists Wire as being open source (and their competitors as not being open source). That was long before their recent "open source" announcement (which still isn't even fully open source). When pressed, they said it was because they used some open source libraries. That's really shady. > I've never seen any crypto experts who have audited Wire and said there's anything wrong with their choices, and you supplied no links. Here's one example I saw recently: https://www.cs.jhu.edu/~cwright/oakland08.pdf They're vulnerable: https://github.com/wireapp/wire-audio-video-signaling/blob/c... Even worse, they also apparently include plaintext RTP headers with audio level information in them. |