p‎ > ‎d‎ > ‎

d

Security
  • BlackBerry, yes BlackBerry, is making a comeback as a software company

    BlackBerry, yes BlackBerry, is making a comeback as a software company

  • Three-year old startup Vera scores huge deal to protect all of GE’s IP

    Three-year old startup Vera scores huge deal to protect all of GE’s IP

  • Onfido raises $30M more for its AI-based identity verification technology

    Onfido raises $30M more for its AI-based identity verification technology

  • Browse more...

open source
  • Microsoft becomes a sponsor of the Open Source Initiative

    Microsoft becomes a sponsor of the Open Source Initiative

  • Kubernetes gains momentum as big-name vendors flock to Cloud Native Computing Foundation

    Kubernetes gains momentum as big-name vendors flock to Cloud Native Computing Foundation

  • Minio scores $20 million Series A to build a neutral object storage layer

    Minio scores $20 million Series A to build a neutral object storage layer

  • Browse more...

Instant Messaging
  • WhatsApp co-founder Brian Acton is leaving to start a non-profit

    WhatsApp co-founder Brian Acton is leaving to start a non-profit

  • Business messaging service Eko picks up $2M to fuel push into Japan, US and UK

    Business messaging service Eko picks up $2M to fuel push into Japan, US and UK

  • Wire launches e2e encrypted team messaging in beta

    Wire launches e2e encrypted team messaging in beta

  • Browse more...

Wickr
  • Lessons learned from the Russian hacking scandal and our ‘cyber’ election

    Lessons learned from the Russian hacking scandal and our ‘cyber’ election

  • Wickr Foundation invests in Whistler, an app dedicated to helping activists and citizen reporters

    Wickr Foundation invests in Whistler, an app dedicated to helping activists and citizen reporters

  • Encrypted Chat App Wickr Creates New Non-Profit Arm, Nico Sell Steps Down As CEO To Lead It

    Encrypted Chat App Wickr Creates New Non-Profit Arm, Nico Sell Steps Down As CEO To Lead It

  • Browse more...

Encrypted chat app Wickr opens code for public review

Posted Feb 15, 2017 by Kate Conger (@kateconger)
  • 0

    SHARES
Next Story

Xbox Project Scorpio will finally get some face time at Microsoft’s E3 Event

Security researchers have wanted a peek at Wickr’s code since the secure messaging app launched in 2012, and now they’re finally getting that chance. Wickr is publishing its code for Wickr Professional, the subscription-based enterprise version of its free messaging app, today for public review.

The public review builds on private third party code reviews by security experts like Dan Kaminsky and Whitfield Diffie, and has been a long time in the making for Wickr.

“For years, Wickr has been at the forefront of ephemeral communication. With Wickr Professional, they are allowing teams to be confident that what is discussed is not distributed. And by opening their code, they are giving the engineering community strong reasons to trust their platform,” Kaminsky said in a statement.

Users might not be interested in the inner workings of most of the apps they use, but for encrypted messaging, trust is paramount. Users need to know that the app’s security claims are verified — that there’s math behind the marketing — and so it’s common for the makers of encryption products to make their code available for public inspection. This makes it possible for experts to reassure users that their messages are private, and lets researchers hunt for bugs that could make the app less secure.

But Wickr hasn’t gone open-source — until now. That’s made it tough for Wickr to gain the trust of the most privacy-conscious users. The Electronic Frontier Foundation marked Wickr down in a 2015 edition of its Secure Messaging Scorecard because the company had no public documentation of their encryption protocol and had not made their code available for review.

Wickr tried to strike a balance later that year, when it published a white paper describing its methods. But the company still stopped short of making its code public.

After all, Wickr is a business, and it’s easy to see how offering up code for free could cut into the company’s profit. But Signal, a competing encrypted messaging app that has surged in popularity, has open-sourced its code from the beginning. Google, Facebook, and WhatsApp all implemented Signal’s encrypted messaging protocol in their own apps last year, demonstrating that open-source doesn’t inherently harm a company’s growth.

Joel Wallenstrom, who joined Wickr as CEO in Nov. 2016, says that his willingness to publish the code is based on what he sees as a change in the way Wickr competes in the marketplace.

“Where we’re going to compete is really good customer service and customer support,” Wallenstrom tells TechCrunch. “I’d like to collaborate on crypto and really go out there and stake our claim in the marketplace by helping people understand how to use ephemeral communications. The next thing is, how does a general counsel really understand and wrap his or her brain around how to use this? How does this work within our organization? These are big challenges. People are looking to us and maybe to others as well, saying, ‘I need help with that part too, not just the math.'”

Wallenstrom also wanted to please the security community, which has embraced open-source as a way to ensure the integrity of encrypted communication. “It was important to some corporations, and it was very important to the security community, obviously,” Wallenstrom says. “What I found is that Wickr messenger users typically are in the security community and there was just a big, ‘Why not?'”

The encryption protocol Wickr released today is only used in Wickr Professional, an enterprise messaging service the company launched in private beta last month. (Think of Professional as the encrypted and ephemeral competitor of Slack.) Wickr Professional allows group chats of up to 30 people and enables file transfers, calls, and video chat. The company also offers SCIF, an enterprise product that enforces rapid destruction of messages. Professional and SCIF will be available for an annual subscription fee, while Wickr’s main chat app will remain free.

The protocol used in Wickr Me, the free app for iOS and Android, is still closed-source. Wallenstrom says that the open-source protocol will be implemented in Wickr Me as soon as possible, but for now the company is focused on its enterprise offering.

“This is a multi-party, multi-device protocol,” explains Tom Leavy, one of the creators of the protocol.

Wickr launched as a one-to-one communication service, allowing a single user with a single device to securely chat with another user. But over time, users have begun to use more devices and gravitate toward group chat, so Wickr added those features too. But these features can cause problems for encrypted messaging because of the slow, sometimes data-heavy process of key exchange and encryption.

“We collected a lot of overhead, to the point where it was becoming difficult to scale,” Leavy says. “For Professional, we had an opportunity to say, ‘Okay, let’s take apart all the components here and really decide what operations need to happen in order to maintain end-to-end encryption between all the parties.’ The end result of that process was figuring out that there was a lot of replication of data and calculations in the key exchange and we were able to get a 50 percent reduction in larger group chats in the size of the message.”

The result is a faster, more agile protocol that Wickr hopes will attract enterprise customers who are warming up to the idea of encrypted communication but want more hands-on customer support than other apps can offer. Researchers who find errors or security vulnerabilities in the code can report the problems through Github and Wickr’s vulnerability disclosure program.

“The best way for us to understand what we’re going to be doing ten years from now is to be part of this dialogue,” Wallenstrom says.

You can read Wickr Professional’s white paper below and check out the code on Github.

Featured Image: Bryce Durbin/TechCrunch
  • 0

    SHARES
Advertisement Advertisement

Crunchbase

  • Wickr

    • Founded 2011
    • Overview Wickr is a free top-secret messaging app allowing its users to send and receive top-secret messages, pictures, videos, audios, and files. Its aim is to provide a free and easy way for anyone to send encrypted messages without a trace. Both sender and receiver must have the app to communicate. Only the receiver is able to decrypt the message once it was sent, and Wickr does not have the decryption keys. Wickr …
    • Location San Francisco, CA
    • Categories Messaging, Apps, Video, Information Technology
    • Founders Nico Sell, Chris Howell
    • Website https://www.wickr.com
    • Full profile for Wickr
  • Instant Messaging

    • Description Instant Messaging was added to CrunchBase in 2014
    • Website N/A
    • Full profile for Instant Messaging

Newsletter Subscriptions

Latest Crunch Report

  • GoPro Releases The Hero 6 Black | Crunch Report

    GoPro Releases The Hero 6 Black | Crunch Report

Watch More Episodes
  • open source
  • Instant Messaging
  • Wickr
  • Security
  • Popular Posts

    #auto

    Subpages (1): f
    Comments