this post was submitted on 28 Aug 2024
38 points (85.2% liked)

Privacy

31790 readers
364 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

It's based on Signal protocol and it's also open source. However, unlike Signal it doesn't harvest phone numbers.

https://github.com/wireapp

top 39 comments
sorted by: hot top controversial new old
[–] [email protected] 47 points 2 months ago (2 children)
[–] [email protected] 15 points 2 months ago

that would do it

[–] [email protected] 8 points 2 months ago

One more step

Please complete the security check to access

[–] [email protected] 19 points 2 months ago* (last edited 2 months ago) (1 children)

It has been a while since I looked at Wire, and I didn't look very deep, but here's what I noted:

Self-hosting was unavailable at the time.

I believe they violated their privacy policy a while back, by accepting new owners/investors without notifying their users. That kind of behavior is telling of what to expect from an organization, and potentially dangerous (depending on your threat model) if you're trusting them with anything, such as...

I have read complaints that they stored cleartext contact lists on the server, but I haven't verified this myself. (The first two points were already deal-breakers for me, so I didn't bother.)

[–] [email protected] 17 points 2 months ago

Looks like both the client and server are open source now, so it's definitely possible to self host. Unlike Signal, Wire also supports federation nowadays https://docs.wire.com/understand/federation/index.html

[–] [email protected] 9 points 2 months ago* (last edited 2 months ago) (2 children)

I find this site useful to compare messengers. I would trust Wire a tad more because it's hosted in a country with stronger GDPR regulation, vs Signal being hosted in the US.

For my needs, XMPP with Omemo has been unbeatable for a long time

[–] [email protected] 4 points 2 months ago

yeah that's a good overview of different protocols/messengers

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

wire is US-based these days AFAIK - they accepted a bunch from VC money from a firm that does things like data mining and moved to the US

[–] [email protected] 9 points 2 months ago (1 children)

Does Wire still store metadata on who you message? That seems potentially more damaging than Signal's phone number requirement, at least since the switch to being able to hide your number from everyone.

[–] [email protected] 6 points 2 months ago (1 children)

Wire doesn't require any personally identifying data to register though.

[–] [email protected] 1 points 2 months ago (1 children)

Your right, they could just read any of your messages if they feel like it however. Wouldn't you rather have a phone number associated with an unreadable account? Or no "personally identifying info (besides your entire device...)" but Wire can read and see all of what you send.

[–] [email protected] 2 points 2 months ago (1 children)

Given that Wire uses Signal protocol, are you suggesting that e2e encryption in Signal is not secure?

[–] [email protected] 4 points 2 months ago (1 children)

No, what I'm saying is that if Wire still sends the passwords for the encryption in plaintext to their servers, thats bad. Signal doesn't do that afaik.

[–] [email protected] 2 points 2 months ago (1 children)

I agree that would be a weird thing to do, is there a source for this?

[–] [email protected] 4 points 2 months ago* (last edited 2 months ago) (1 children)

Definitely search on your own, I was only going based off this. Could be fixed by now!

But if it was ever true, that's again, bad. Not something you would even think of doing if your true motives are "privacy"

[–] [email protected] 1 points 2 months ago

Yeah that's pretty bad, and I agree that I wouldn't trust a company that did something like that going forward.

[–] jaxiiruff 8 points 2 months ago (1 children)

Huh, never really looked into Wire but it seems like its a great option and now im wondering why people bother with signal or matrix if this can do both encryption and federation

[–] [email protected] 10 points 2 months ago

Federation sounded interesting so I looked at the website and it sounds like on prem can't yet federate with people using "cloud" which I guess is the hosted version - they can only federate with other on-prem instances.

It looks promising though and would be cool to host my own instance and still chat with friends.

[–] [email protected] 5 points 2 months ago (1 children)

Ok, in like 2 seconds of looking into Wire I see that the app is rated 2.8 stars to Signal's 4.5 and under the "data collected" section it lists name, email, phone number, user ID, photos, and videos. Signal lists phone number.

[–] [email protected] 3 points 2 months ago (1 children)

All you need to create an account is a username and password, so not sure where your name, email, and phone number will come from.

[–] [email protected] 1 points 2 months ago (1 children)

Looks like it is listed on the iOS App Store ‘App Privacy’ section for the Wire app.

[–] [email protected] 1 points 2 months ago

it's not information that's required to make an account though 🤷