Wire Secure Messenger: A Year Later

Wire Secure Messenger Wire Ephemeral Messages

I wrote a review of Wire Secure Messenger over a year ago. Since that time my opinions and views on Wire have changed. Wire has also updated its feature set. With that in mind, it is time for another look at my favorite encrypted messaging application. My old article is not required reading, as this article will tackle the topic again from scratch.

Wire Secure Messenger: The Basics

At its core Wire is a secure messaging application that offers end-to-end encryption. In my opinion, Wire is the best, most functional secure messenger on the market. Its basic features include:

Security: Wire Secure Messenger utilizes the Proteus protocol. This protocol ensures that messages are encrypted on the sender’s device, and only decrypted on the recipient’s device(s). As an implementation of the Axolotl Rachet, Wire also offers Perfect Forward Secrecy (PFS). PFS ensures that if one message is broken it doesn’t compromise the security of historical or future messages. You can read Wire’s security white paper here: https://wire-docs.wire.com/download/Wire+Security+Whitepaper.pdf

Security Audit: Though independent audits are not a guarantee of absolute security, they are a really good sign. All implementations of Wire’s Proteus protocol were independently audited back in 2016. More recently Wire contracted another round of auditing focusing on their apps for Android, iOS, and web application. Rather than a single “one-and-done” system of auditing the company seems to be committed to an ongoing series of audits. All audit reports are available here: https://wire.com/en/security/#audits

Cross-Platform Support: Wire Secure Messenger is one of the few truly cross-platform messaging applications. Wire offers native applications for Windows, Mac, Linux, iOS, and Android. Best of all, ALL of Wire’s functions work on ALL of these applications. If none of those options work for you, Wire also offers full functionality via a web login, available at https://app.wire.com/auth/

Full Feature Set: Wire offers one of the most comprehensive feature-sets of any secure messaging application. Wire supports all of the following, and all these features are supported on all platforms: texting, audio calling, video calling, and file transfers up to 25 MB. Wire also supports group messaging  with up to 128 users in a group. Group calling supports up to 10 users in a group (speeds vary based on processor speed [each message thread must be encrypted and decrypted individually] and bandwidth). Users also have the ability to block users and mute busy conversations.

Wire Secure Messenger: Advanced Features

Wire offers a ton of features that are geared toward the security-conscious. No doubt many of these will appeal to my audience.

Multiple Accounts: Wire supports a multiple-account capability. This underutilized and underappreciated feature is probably my favorite. From any device’s native application you can log into three Wire accounts, simultaneously. Each account has its own keys and contacts are not shared between accounts. This allows you to segregate the people with whom you communicate. I can think of several different account types you may choose to make: personal, work, dating, or publicly-posted, just to name a few.

Ephemeral Messages: Message ephemerality is the concept of “disappearing messages”. This allows messages to auto-delete after a pre-defined interval, limiting the amount of sensitive information on your device.

Message Recall: Wire allows you to delete messages “for everyone”. This is a really neat feature. Send that text to the wrong person? Fire off that angry text to your boss? Suddenly realize you shouldn’t trust that person with that info? You can delete it from both your device, and his or hers.

Device Fingerprinting: Wire allows you to verify your contacts by comparing key fingerprints. This provides excellent protection against Man-in-the-Middle attacks for those who chose to take this step.

Contact Discovery: Wire requires that you to create an “@-handle”. Though you can setup a Wire account with a phone number, and you can allow Wire to access your contacts, neither of these steps is required. This is in stark contrast to Signal, Wire’s nearest competitor. Signal requires a phone number, and your phone number must be shared with other communicants. This is not ideal to anyone interested in maintaining his or her privacy. Wire simply allows you to give out your handle instead of a phone number or email address.

Wire Secure Messenger for “Norms”

In my last post on the topic I wrote that Wire was preferable for the power user, but maybe not the “norm”. This was mainly due, I said, to its requirement for a username and password in contrast to Signal’s simple phone number requirement. I think there is a little merit to this train of thought, but I don’t think it tells the whole story.

And it turns out I was DEAD WRONG about the username/password requirement. If you setup Wire Secure Messenger on a mobile device, it does not require you to create credentials! It simply requires a phone number and is no more difficult to setup than Signal. The only time credentials must be generated is when setting up on a computer or setting up account backups. This is literally the best of both worlds.

There are quite a few other features that make Wire Secure Messenger better option for regular users. It has a really slick interface and feels modern, unlike many messaging apps. It supports embedded videos, emojis, and other “value-adds”. I recently asked a lady friend to move our communications to Wire. Her first question: what is it? Her second, “can I send GIFs?” Yes! Wire supports a number of usability features including support from Giphy, and embedded Spotify and YouTube content. Security aside, it is a really nice app.

Room For Improvement

I consider Wire to be the best encrypted messenger on the market. But that doesn’t mean it is perfect. There are a couple of areas I would like to see improved with Wire Secure Messenger.

Accessible Metadata: Wire does store some accessible metadata about all of its users. The information stored is the list of your contacts, which allows your account to be synced across multiple devices. Though I can live with this, I’d prefer not to. Hopefully this is a change we will see in coming iterations of Wire Secure Messenger.

Message Ephemerality Gripe #1: Wire offers no global message ephemerality setting. If you have Wire on three devices, you have to go through each and every conversation on each and every device and enable “timed messages”. What this means in practice is that all your messages sent from one device will disappear after a day, and all messages sent from another will last basically forever (unless you delete them all manually). I would love to see a global, per-device setting like Wickr used to offer. For example, one could set the default message expiry at one day, and modify each message chain individually, as needed.

Message Ephemerality Gripe #2: The second complaint I have also pertains to ephemeral messages. I’d like to see a bit more dispersion in the intervals offered. Wire currently offers the following: 5, 15, or 30 seconds, 1 or 5 minutes, or 1 day. Four of the six possible settings are 1 minute or less. I’d love to see Wire drop the 5 and 30 second options and offer options for a couple of hours and several days. I sometimes do go back several days in my messages, but rarely do I need to send one that will auto-delete on such a granular level.Please see my updated post addressing this.

Default Browser: This is less a complaint and more of a feature wish. Wire on iOS allows you to choose a default browser. Currently the options are limited to Chrome, Firefox, and Safari. I’d love to see a leader in the security community like Wire support other security-focused products. Brave and Snowhaze would be excellent options to roll into the platform. Please see my updated post addressing this.

Final Thoughts

As I said at the beginning, I firmly believe Wire to be the best secure messaging application available. If you want fast, simple setup without having to create an account, it offers that. If you don’t want to provide a phone number, it offers that, too. Wire Secure Messenger offers excellent end-to-end/PFS security. Wire even gets the nod from privacytools.io. On the other hand, it also has a beautiful, intuitive interface, and a raft of fun features. Though there is still room for improvement, Wire is for everybody, including those that aren’t concerned with privacy and security.

Comments are closed.