Wire, the new communications app backed by Skype co-founder Janus Friis, debuted to much fanfare this week. But mere days later, the app is already embroiled in controversy after an answer in its user FAQ oversold the company’s security chops.
Wire uses end-to-end encryption for its voice calls, which should make it nearly impossible for anyone to eavesdrop depending on how the encryption was implemented. Hurrah!
But Wire can also be used for sharing photos, links, and text—all of which does not use end-to-end encryption. Instead, text and media are encrypted between a device and Wire’s servers, meaning the company could theoretically decrypt any message passing through its data center.
That deficit prompted noted security researcher known online as The Grugq to warn people against using Wire. “New messenger @wire DOES NOT encrypt messages or media end to end. It is not safe, do not use,” he wrote on Twitter.
The story behind the story: In this post-Snowden age where privacy is top of mind, encryption is a big feature that many tech companies are trying to build into their products. Even Google and Yahoo are working on end-to-end encryption for their email products.
Much ado about FAQ
The failure to use end-to-end encryption for text and media is not unusual. Ars Technica reported in May 2013 that Microsoft was doing something similar with Skype.
But Wire may also have been misleading its users. The new service’s FAQ section used to feature an explanation about who can see the messages you send using Wire, according to a report by Motherboard. The now-pulled FAQ reportedly stated that “your messages and conversation history can only been seen by you and the people in those conversations.”
If Wire has the ability to decrypt and read your messages (regardless of whether it actually uses that power) then clearly more people than just you and your pals can read your conversation.
Shortly after Motherboard contacted Wire that FAQ question was pulled. The site now has a similar question that asks, “who can see my messages on Wire?” The response: “Your messages and conversation history are not public. They are only displayed in the conversations in which you posted them.”
It’s not clear why Wire isn’t encrypting messages and media. Perhaps it’s a cost issue for a new, free service. There’s also a chance Wire has Facebook-like dreams to make money off of advertising that caters to a user’s interests. The latter may not be the case, as the company says it does not use “personal data or the content from your conversations for advertising or marketing purposes.”
Whatever the reason, if you’re concerned about keeping your text chats and shared photos and videos as private as possible then Wire probably isn’t the messaging solution for you.
UPDATE: Wire sent us the following statement regarding its encryption choices and monetization plans.
“Wire uses end-to-end encryption for all its voice calls, and encryption to and from its data centres for all its messages and media.
We’ve made technical design and product choices to provide Wire users with the benefits of a certain feature set – for example, the ability to enjoy conversations across multiple devices and platforms.
We are constantly reviewing those choices with security in mind. Unlike a lot of small startups, we have made a significant investment and are thoughtful about security.
We have many full-time security experts working with us, and we hire outside firms to audit who can see the data and under what circumstances.
In terms of monetization, we are considering a number of options. We will focus on developing revenue streams that are additive to the user experience, but don’t detract from it. We do not have plans to include advertising.”