I'm an outspoken privacy advocate, but I am an adherent to Moxie's framework (he's the one who created Signal). The reason that other people don't reach the same conclusion as you is simply because they don't value the anonymity part as much as you. Your claim is that Wickr is better than Signal, which sounds to me like you place more value on Wickr's additional privacy features (no phone number) than you place on Signal's accessibility (total number of users, and ability to use phone numbers to find existing contacts).
WICKR PRO LOG IN DOWNLOAD
Some are better than others in terms of privacy/security (Signal/Wickr), while others are better in terms of number of users, colorfulness, and brand loyalty (iMessage/WhatsApp).įrom my perspective Signal is the best one, because of all of the apps that provide a level of security that is satisfactory to me, it's the one that has the most users and gets the least amount of pushback when I try to convince a non-security-minded acquaintance to download it and create an account. There is a ton of overlap in the feature sets of most of these apps. Privacy advocates don't talk about it because they don't care, either. Ordinary people don't talk about it because they don't care. While Threema is not as bad their treatment of the ephemerality of their E2EE protocol is similarly dishonest. Also totally dishonest and they, rightly, got their asses handed to them when that came out. Its like when Zoom was making all this noise about being E2E encrypted but it then turned out the keys were actually chosen by their servers and distributed to the end points who then used them for their E2EE channel. To, this seems like a pretty clear case of intellectual dishonesty when talking about what is very clearly described as and E2E secure product. But their server of course sees everything inside the TLS channel which means no PFS since the data inside is all encrypted under static keys. they do claim forward secrecy but only in fine print do they then clarify this only holds for the client server connection as that uses TLS. What annoys me about this is not so much that this is the way Threema works (which sucks, but OK) its that they go to quite some lengths to obfuscate this on their website and documentation. So if it ever leaks an adversary can go back and decrypt whatever traffic it can get their hands on. All msgs to you ever over the life time of the account are encrypted to that same key pair. You generate your Threema key pair when you create your account thats it. Unlike any other messenger in this E2E space including Signal, Wire, Wickr, WhatsApp, Matrix, etc. As I stated elsewhere in this thread, they market themselves as E2EE (which I blieve they are) and Forward Secure, which they are NOT from the perspective of their infrastructure.
:-( I find them problematic to say the least. Note that Wickr does seem to reveal contacts as some have claimed below (unlike WhatsApp for example).Īs for Threema. Here's an interesting document from the FBI (as of Jan.2021) obtained by Property of the People via a FOIA laying out what info law enforcement gets from various messaging services.
0 kommentar(er)
