Enough of fenced services owning the users. I'm fed up with carouselle of new services for same features. I'm going to stick with XMPP, which is openly federated and free as in freedom. It is now technically capable of chat sync, sent messages editing, end to end encryption (there are alternative modes to fit different usecases), videocalls, and many more things. There are working gateways to many other networks, including Skype (not fully, but mostly enough to start transition away from skype).
XMPP could be a fantastic option but it's missing push notifications, which are an absolute killer these days. You either don't use XMPP on mobile or take a massive hit to your battery.
I just tested the video call with my parents that still have an old adsl link to their home, it was crystal clear.
Both skype and hangouts struggle when doing the same. Hangouts actually makes the audio choppy.
I'm a bit worried about using something that is free and has no ads while maintaining central servers though..
I just gave it a shot too, and it works well. I deleted my account though, because I only need voice chat with my team and Discord has this app beat hands down for collaboration and team rooms.
- As a non-American, I see America as one of the least safe places to store my information. The Snowden leaks showed that the US government has zero respect for the privacy of non-Citizens.
- As someone who's lived both inside and outside America, I've noticed that privacy laws in the US are weak relative to other countries (much of Europe, Australia) that I've been in. Europeans have things like Right to be Forgotten. Americans have companies that have refused to remove my personal information after I terminated my account with them.
Also interesting to note that, despite this claim on their front page, the Terms of Use specifies that for American users it is interpreted by / subject to California law and SF courts.
Does anyone know of an independent audit/confirmation of the robustness of their privacy / security? I don't really know enough about crypto or security to be able to tell.
I'm wondering the same, it is a shame there's not a whole lot of end to end encrypted applications, it's a conspiracy all of it's own or something? Maybe cryptologists are sparse or this is just not in their available time for the type of problems to tackle, not sure. The need is clearly there for more open source secure applications, hopefully we see more.
XMPP strong selling point is federation. You can run your own private server and it does encryption. There is plenty of implementations from servers to clients, most being open source. It seems to me just one of the Zillion messaging alternative available.
Why hasn't there been a beautiful XMPP apps created? A company could come in and provide effortless XMPP server setup for a monthly price, and provide great apps for all to use, no?
I really don't get this. What's their advantage over using this over... well, anything else?
They seem like a complete copy of Signal to me: they're a centralized service with open source clients that promises end-to-end encrypted communication. I see no difference between them. It's like re-inventing the wheel. Honestly, I don't see a single reason why I should use this.
The problem with Signal (at least for me) is that its desktop client relies on your phone's Signal app, which feels weird and "duct tape-ish". I've been spoiled by the ease of using iMessage with multiple devices (phone, tablet, desktop, or otherwise): just sign in and it works, no janky-feeling interdevice communication necessary, and I've come to expect that from any messaging service I use.
Signal is great for those who confine their instant-message-like communication to their phones, since desktops being treated as second class citizens isn't an issue for them. I am not one of those individuals. I want to be able to read and reply to messages on whichever device I'm using at the moment without having to think about my phone's presence at all.
1. Their desktop support isn't provided by a native app but rather ducktaped onto Chrome, which in turn forces me to have that pole of junk installed.
2. There's no iPad app, granted you can run the iPhone app in compatibility mode but that's just feels wrong in 2016.
3. Their support for multiple devices using one account can at best considered an afterthought attached to their mobile apps with gum. When I checked last it only worked with their Android and their Chrome clients so no love for iOS users.
Wire provides all of this, wrapped in beautifully designed apps (if currently a touch unstable)
Wire launched at least a year ago, if not earlier, and I have the same question now that I had then: Why should I use it?
For good security, I have email/PGP which has few of my friends, but lots of usage for secure communication.
For secure chat I have Signal which some of my friends use, but not many.
For most of my chat I have WhatsApp which is relatively secure, and has a relatively good UI. Almost all my friends and family have this.
For the rest of my chat I have Facebook Messenger which isn't secure in the slightest, but it also has almost all of my friends and family on it. It has a very good UI, and lots of features that I make good use of.
Wire on the other hand has almost none of my friends, isn't open, so can't be any more secure than WhatsApp, and has a pretty but ultimately annoying UI, and very few features.
I'm not using Wire yet - so I'm just quoting their marketing material - but they directly address your comments:
"Wire uses open-source cryptography to encrypt all content. We made the source code for data handling available to the public under the GPL License. This means that anybody can review the source code."
"Only Wire offers fully encrypted calls, video and group chats available on all your devices, on any modern platform. Unlike niche security apps we do not sacrifice usability for security — Wire is simple and straightforward to use."
Ok, as several people have pointed out, there are portions that are open source. However, this doesn't help much.
It's better than iMessage, for example. With iMessage, the protocol is described, and we can confirm that it is a "secure" protocol, for some definition of secure, but we have no idea if that's what they actually use. With Wire, we can go a step further, the protocol is described in code, so we can verify that the code is correct, however we still cannot verify that this is indeed the code being used.
A step further, which as far as I can tell doesn't exist, would be to provide a bare-bones client (maybe a command line interface) that can be reproducibly built, so that people can interact with other Wire users, using code they built themselves, this would show that the protocol that the open source code describes is being used, however there's still the possibility of the closed-source Wire app subverting it in some way, perhaps with decreased entropy in random numbers, for example.
I apologise for not reading closely enough to see the GitHub link, but I also don't think this gets Wire anywhere near the level of Signal for example, which I have compiled and run myself in the past (and contributed to).
I think this looks good - whether long term use is sustainable is dependent on whether they open up their protocol to interoperability via some sort of consortium. Email rules, not because of its brilliance, but because of its level of standardisation and ubiquity. The trick will be to provide a transparent P2P solution that can somehow be boosted by leaving nodes online.. now provide pay for service that can run the nodes for people - business plan (tm).
On second thought this kind of thing is already done around the torrent sub-culture with regards to seed boxes..
All modern platforms? I don't see the Linux version.
Plus, for any such application to have trust these days, it should be open source both for clients and servers. Enough of this walled garden closed instant messaging.
[+] [-] giancarlostoro|10 years ago|reply
https://news.ycombinator.com/item?id=8692563
[+] [-] ConAntonakos|10 years ago|reply
[+] [-] andrey_utkin|10 years ago|reply
[+] [-] Veratyr|10 years ago|reply
ChatSecure has a nice writeup about this: https://chatsecure.org/blog/fixing-the-xmpp-push-problem/
[+] [-] ycmbntrthrwaway|10 years ago|reply
But it seems that only some crypto libraries are opensourced, no frontend and things like that.
[+] [-] tyfon|10 years ago|reply
I'm a bit worried about using something that is free and has no ads while maintaining central servers though..
[+] [-] degenerate|10 years ago|reply
[+] [-] tmikaeld|10 years ago|reply
[+] [-] Siimteller|10 years ago|reply
[+] [-] andreyf|10 years ago|reply
Interesting to note that "American" is implicitly synonymous with "insecure".
[+] [-] Veratyr|10 years ago|reply
- As a non-American, I see America as one of the least safe places to store my information. The Snowden leaks showed that the US government has zero respect for the privacy of non-Citizens.
- As someone who's lived both inside and outside America, I've noticed that privacy laws in the US are weak relative to other countries (much of Europe, Australia) that I've been in. Europeans have things like Right to be Forgotten. Americans have companies that have refused to remove my personal information after I terminated my account with them.
[+] [-] LamaOfRuin|10 years ago|reply
[+] [-] ekianjo|10 years ago|reply
[+] [-] gtf21|10 years ago|reply
[+] [-] giancarlostoro|10 years ago|reply
[+] [-] mickael|10 years ago|reply
[+] [-] reustle|10 years ago|reply
[+] [-] pmontra|10 years ago|reply
[+] [-] Siimteller|10 years ago|reply
[+] [-] ycmbntrthrwaway|10 years ago|reply
[+] [-] r3bl|10 years ago|reply
They seem like a complete copy of Signal to me: they're a centralized service with open source clients that promises end-to-end encrypted communication. I see no difference between them. It's like re-inventing the wheel. Honestly, I don't see a single reason why I should use this.
[+] [-] detaro|10 years ago|reply
I'm kind of skeptical if this is the solution, but it checks a lot of boxes I want.
[+] [-] kitsunesoba|10 years ago|reply
Signal is great for those who confine their instant-message-like communication to their phones, since desktops being treated as second class citizens isn't an issue for them. I am not one of those individuals. I want to be able to read and reply to messages on whichever device I'm using at the moment without having to think about my phone's presence at all.
[+] [-] ycmbntrthrwaway|10 years ago|reply
[+] [-] dontscale|10 years ago|reply
[+] [-] DavidNielsen|10 years ago|reply
1. Their desktop support isn't provided by a native app but rather ducktaped onto Chrome, which in turn forces me to have that pole of junk installed.
2. There's no iPad app, granted you can run the iPhone app in compatibility mode but that's just feels wrong in 2016.
3. Their support for multiple devices using one account can at best considered an afterthought attached to their mobile apps with gum. When I checked last it only worked with their Android and their Chrome clients so no love for iOS users.
Wire provides all of this, wrapped in beautifully designed apps (if currently a touch unstable)
[+] [-] nailer|10 years ago|reply
[+] [-] danpalmer|10 years ago|reply
For good security, I have email/PGP which has few of my friends, but lots of usage for secure communication.
For secure chat I have Signal which some of my friends use, but not many.
For most of my chat I have WhatsApp which is relatively secure, and has a relatively good UI. Almost all my friends and family have this.
For the rest of my chat I have Facebook Messenger which isn't secure in the slightest, but it also has almost all of my friends and family on it. It has a very good UI, and lots of features that I make good use of.
Wire on the other hand has almost none of my friends, isn't open, so can't be any more secure than WhatsApp, and has a pretty but ultimately annoying UI, and very few features.
[+] [-] ukblewis|10 years ago|reply
I'm not using Wire yet - so I'm just quoting their marketing material - but they directly address your comments: "Wire uses open-source cryptography to encrypt all content. We made the source code for data handling available to the public under the GPL License. This means that anybody can review the source code." "Only Wire offers fully encrypted calls, video and group chats available on all your devices, on any modern platform. Unlike niche security apps we do not sacrifice usability for security — Wire is simple and straightforward to use."
[+] [-] danpalmer|10 years ago|reply
It's better than iMessage, for example. With iMessage, the protocol is described, and we can confirm that it is a "secure" protocol, for some definition of secure, but we have no idea if that's what they actually use. With Wire, we can go a step further, the protocol is described in code, so we can verify that the code is correct, however we still cannot verify that this is indeed the code being used.
A step further, which as far as I can tell doesn't exist, would be to provide a bare-bones client (maybe a command line interface) that can be reproducibly built, so that people can interact with other Wire users, using code they built themselves, this would show that the protocol that the open source code describes is being used, however there's still the possibility of the closed-source Wire app subverting it in some way, perhaps with decreased entropy in random numbers, for example.
I apologise for not reading closely enough to see the GitHub link, but I also don't think this gets Wire anywhere near the level of Signal for example, which I have compiled and run myself in the past (and contributed to).
[+] [-] 746F7475|10 years ago|reply
[+] [-] JohnKacz|10 years ago|reply
Their privacy page (in the comparison table) claims they are open source. I didn't see any links to their code however.
edit: Sorry, reading on mobile (after just waking up) and didn't see the link. Thanks @ukblewis
[+] [-] zump|10 years ago|reply
It's 2016, and technical people are still asking why people should use $SINGLE_APP instead of $COLLECTION_OF_OTHER_APPS_WITH_POOR_UI.
You'd think people would learn by now.
[+] [-] dingdingdang|10 years ago|reply
On second thought this kind of thing is already done around the torrent sub-culture with regards to seed boxes..
[+] [-] zaro|10 years ago|reply
So innovation, much technology ...
[+] [-] shmerl|10 years ago|reply
Plus, for any such application to have trust these days, it should be open source both for clients and servers. Enough of this walled garden closed instant messaging.
[+] [-] mchahn|10 years ago|reply
It runs in the browser so technically it runs on Linux.
[+] [-] andreyf|10 years ago|reply
> Download the latest version of Google Chrome, Mozilla Firefox, Opera or MS Edge to use Wire for Web.
[+] [-] Siimteller|10 years ago|reply
[+] [-] hofmannsthal|10 years ago|reply