[rapsey]

Their default voice call setting is vbr. That is beyond dumb for something that claims security.

[kreetx]

For those not in the know, how is vbr dumb?

[GeorgeWBasic]

Leaks information about the voice stream. It's not inconceivable that a well trained algorithm could recover sentences from the transmission pattern, although I don't know for sure if it could do quite that well.

[topkeks]

For example eavesdroppers know who is speaking at the moment among other nasty issues.

[tialaramex]

If they actually cared about offering a secure product that would be enough all on its own.

Compare over in the SSH discussion IdentitiesOnly a feature that avoids the relatively smaller leak of potentially allowing an adversary to correlate your identity if you voluntarily connect to their server.

[chronogram]

How is this explanation not adequate though? https://medium.com/@wireapp/we-do-use-variable-bit-rate-vbr-...

There's also the possible chance that AES is cracked without us knowing.

[JshWright]

"Cracking AES" and recovering meaningful information from a VBR stream are very, very different things.