| So I checked if this matches their privacy whitepaper [0] that claims to list what they store. It almost does, with one notable exception and one minor one. * All of your contacts. Wire contacts, they only store non-wire contacts in a hashed form, and there's an opt out for non-wire contacts. * Unencrypted profile (Isn't this just profile picture (which is shown to people you haven't connected with), and name anyways?) They do say so in the privacy policy. * Every active conversation you have. Specifically they claim to store: Who/when it was created, who is involved (which seems critical to be able to route messages), and conversation name * Every archived conversation you have. I assume they store the same as for non-archived conversations, seems necessary to be able to add new devices. * The frequency that you communicate with your contacts ('top contacts'). Ya... that's not listed as far as I can tell. Arguably "aggregated usage statistics"... but it's not really aggregated. * Every group that you're in. This is the same as conversations... they clearly need to know this to route messages. * The unencrypted titles and avatars of everyone's groups. Titles is listed. Avatars of groups isn't... seems like a minor oversight though given that they're like a profile picture, and profile pictures are publicly available. [0] https://wire.com/resource/Wire%20Privacy%20Whitepaper/downlo... |
Maybe it's good that they've documented this somewhere, but I don't think most Wire users read white papers. I'm a dev and I was surprised. Their outward facing marketing didn't lead me to think they track all my contacts and the state of every conversation I am having. It very clearly suggests the total opposite.
They need to do much better than this if they want people to think they take security/privacy seriously.
>> * Every group that you're in.
> This is the same as conversations... they clearly need to know this to route messages.
Why? That's not true for Signal from what I can tell.