Goodbye 'wire', "wire" is dead

For all ‘wire’ fans:
Cutting the Wire

It has recently come to the attention of the PrivacyTools team that Wire, the popular end-to-end encryption messaging platform had been sold or moved to a US company. After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.

Morpheus Ventures holds a portfolio including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?

Earlier this year, Wire announced they had entered a partnership with FedResults, in a move that would bring Wire’s secure messaging platform to US federal agencies. This raised a few eyebrows, but did not alarm the privacy community as Wire remained Swiss based and beholden to Switzerland’s strict privacy laws. Today however, while much of Wire’s business will continue to be run out of their Swiss offices, with new US-based ownership it is not entirely clear how much jurisdiction the United States will have over Wire data.

This is alarming because it is well known that Wire stores unencrypted metadata for every user.

Read more:
https://blog.privacytools.io/delisting-wire/

#privacytools #delisting #wire #FedResults #messenger #swiss #thinkabout
@cRyPtHoN_INFOSEC_DE
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_ES

This might be a bad move, but Wire is still open source (client AND server).
The code has been also audited and operation center remains in Switzerland. There should be detailed clarification about the downside of moving to the US.

If the fact moving one part of the compagny makes it vulnerable to National Security Letter, then that’s a big issue because Wire stores metadata, unlike Signal who can’t provide anything we care about.

That’s one of the reasons I could not trust Tutanota… then imagine Wire.

What is up with tutanota?

“Tutanota is based in Germany. Germany has a reputation for valuing personal privacy and protecting it by law, and it’s also bound by the GDPR – perhaps the strongest collection of privacy laws in the world right now. However, the NSA has facilities in Germany, leading many to assume that they spy on Germany and the rest of Europe from Germany. If so, this may call into question the government’s dedication to personal privacy.”

https://nordvpn.com/blog/tutanota/

I find Protonmail more secure due to it being located in Switzerland.

It turnes out that Wire has a tracker called Countly Analytics. I did not find out what it is exactly doing but read about something with profiling.
Btw delta.chat has also tracker called mapbox. Somehow I get the impression that Wire has been on the wrong path for some time now.

just verified on my wired app version 3.65.979 and the company behind the app is

Wire Swiss GmbH
Untermuli 9
CH-6399 Zug
email: privacy@wire.com

for the tracker here it is what it can do, while what it should do is declared in the privacy statement above.

To intercept what really does, someone can inspect the app api calls to have an idea and open a report for DGPR violation.

I am a Swiss citizen, and as much as I like my country, I would never trust a company, just because it is based in Switzerland. The city/canton of Zug is famous for “mailbox”-companies. It’s the place in Switzerland where you pay the least amount of taxes, so it’s very popular for any company to have their “head office” in Zug. In fact, this head office is frequently nothing more than a mailbox that get’s emptied by a trust office. In Zug, you can see office-buildings with 10 offices but 50 mailboxes in front.
Just recently there was news in our newspapers of a Swiss company producing encription devices for fax and phones. They too had been trusted by governments and banks worldwide. Turns out, american secret services were partly in charge of the management and had backdoors implemented.
So please: never, never trust a company just because it’s “based” in Switzerland. It has no meaning about privacy whatsoever. The american secret service has just as much pressure on our government as in any other European country. That’s not conspiracy theory. Ever wonder, why we don’t offer asylum to Assange or Snowden? That’s why. And from reading IT-related news, it seems to me that privacy standards in Germany generally are higher than in Switzerland.

that’s a good point but the verb trust is not applicable to a service contract.

Germany impeachment for dieselgate doesn’t make all Germans liars.

In real life you need a compromise, finding the right balance depends on your needs.

Unfortunately that’s not true about Germany. Just read the posteo story about a state official putting the company under pressure for providing data. That’s just the tip of the iceberg that got public. I guess the situation is more or less like in Switzerland (or even worse). There was also an onion server story (got seized without a legal ground). Also servers by a company named something ovm. That’s the one behind the cockli service. Their servers got seized.

I read that Wire privacy statement but I did not find anything related to trackers or analytics. Among the third party companies count.ly does not seem to be mentioned.

count.ly is detected by exodus service, see the report below

More info on exodus here

This topic was automatically closed after 3 days. New replies are no longer allowed.