Wire is fantastic and I hope they address this authentication issue soon. What is the value of verifying contact fingerprints if other communication stages are not verified?
I would like to see more disclosure on server retention of encrypted messages and documents, especially when:
(a) msgs/docs have been delivered to all devices
(b) msg / doc has been manually deleted by the sender
Twitter posts [1] suggest that encrypted msgs are retained on the server for weeks, even if already delivered. This creates an attack target. Wire has promised to open-source their Haskell server code, so maybe the community can help remove this technical limitation by implementing a proper store-and-forward mechanism.
It would also be good to have the option of choosing P2P E2E msgs that go directly between devices and never touch the Wire server. This would only be useful for synchronous conversations, but would again reduce the central server as an attack target.
Tl;dr: Wire voice and video chats use SRTP encryption, but the key is transmitted over the Wire server using normal TLS without further authentication checks or Certificate Pinning. A Wire employee or malicious government could MitM the claimed end to end encryption.
It's not outright dishonest, but it seems pretty clear why they like the word "Swiss", but generalize Ireland as "EU". I'm sure many of their customers read that as "Oh, it's all in Switzerland, where privacy matters." I know Switzerland isn't in the EU, but I suspect not all their potential customers know that.
Is it really based in Switzerland? If you look at the jobs page, they are all in Berlin. My guess would be registred in Switzerland, based in Germany and Data stored in Irland.
Can someone explain how Certificate Pinning works in a "trust no one" scenario? From my understanding, the idea is that you grab the certificate for a given domain once with the correct public key and then store it for later so that you can be notified when you're being MitM'd. But that assumes that the one you got was trustworthy to begin with: what happens if you're already a target or in a surveillance state and, having not previously visited the domain before, cannot guarantee that the pinned certificate you're getting is trustworthy?
> transmitted in plaintext over a normal TLS connection
I think we have differing views on what "plaintext" means.
Also, like it or not, it really looks like the calls are actually end-to-end encrypted, as in the server never sees or processes the cleartext content. Being possibly poorly designed and open to attacks does not change the fundamental underlying model.
I would like to see more disclosure on server retention of encrypted messages and documents, especially when:
(a) msgs/docs have been delivered to all devices
(b) msg / doc has been manually deleted by the sender
Twitter posts [1] suggest that encrypted msgs are retained on the server for weeks, even if already delivered. This creates an attack target. Wire has promised to open-source their Haskell server code, so maybe the community can help remove this technical limitation by implementing a proper store-and-forward mechanism.
It would also be good to have the option of choosing P2P E2E msgs that go directly between devices and never touch the Wire server. This would only be useful for synchronous conversations, but would again reduce the central server as an attack target.
[1] https://twitter.com/wire/status/822421405937659908