I haven't directly explored the source for either in little while, so I should take a new look. I might be a little out of date, but the things that I have seen second hand recently confirmed my earlier conclusions.
Like I recently saw an announcement from Wire that calls are now secure, but they had been advertising them as secure all along! I had even spent time looking through the code but didn't know that calls weren't authenticated. Now are they really secure? I don't know, they said that before too, and the source is so hard to follow. Then I saw a post that showed they weren't even doing cert pinning, which is so basic.
I wanted to like it, but the more I looked the more I felt like "security" was just sprinkled on as an after thought.
I was hopeful at first. A large VC funded company with a big full time team should run circles around a small open source effort, but their security is still way behind Signal. I was also quickly put off by their "less than honest" marketing.
I think this study is exploring "persistent" ED, which is less known. ED is a documented side effect, but this shows that some men continue to experience ED even after they stop taking the drug.
They don't use the signal protocol, they don't even use X3DH or Double Ratchet. That citation of yours is just a download link, not an actual reference to your point.
The project is also kind of a mess. Check out their privacy policy, Wire maintains a server side copy of your entire contact list, all the groups that you're in, the plaintext metadata for your groups (membership, plaintext group title, plaintext group avatar).
Check out some of the code. They have broken voice encryption, and leak enough data to reconstruct the audio of your calls. They leak tons of plaintext directly back to themselves, like searches, and rolled their own messaging crypto.
They have been caught lying about what kind of encryption they provide[1], they lied about being open source for years, they lied about being based in switzerland. From what I can tell, the only people promoting Wire are usually on Wire's marketing team.
> As the article says, Bernstein's stuff won out because his work is at the intersection of solid crypto, clean and performant code, and sane API design.
As a casual observer, my impression has been pretty different. Here's an excerpt from the README of curve25519-donna, which it seemed like everyone was using for a while:
curve25519 is an elliptic curve, developed by Dan Bernstein, for fast Diffie-Hellman key agreement. DJB's original implementation was written in a language of his own devising called qhasm. The original qhasm source isn't available, only the x86 32-bit assembly output.
Since many x86 systems are now 64-bit, and portability is important, this project provides alternative implementations for other platforms.
My impression has always been that what we get from DJB is some wacky implementation written in a language of his own devising, or just the 32bit assembler output of that, or some partial code fragment that has to be disentangled from his benchmarking library, and the only thing that makes this usable are people who are motivated to do the work of making it digestible by mortals.
> It isn't because GnuPG doesn't work well or because it is too hard to use that people don't use it. They don't use it because other people don't use it.
Sure, GnuPG works "well," for engineers. This post is written by an engineer, but engineers are no longer the majority of computer users. If you want to develop mass market products today, coming to terms with that is pretty important.
To even try to draw a comparison between WhatsApp and XMPP+OTR is absurd. For an engineer, maybe the latter is passable, but the billions of people around the world who want to chat on their mobile device, don't understand what a key exchange is, don't understand why they can't immediately see everyone in their address book they can chat with, and don't want to run their own server, it definitely isn't passable.
> Why do people use Facebook instead of Diaspora? It's not because Facebook is better, works well, or is easier to use... It's because other people use Facebook.
> Why do people use Skype instead of XMPP? It's not because Skype is better, works well, or is easier to use... It's because other people use Skype.
> Why do people use WhatsApp instead of GnuPG or OTR? It's not because WhatsApp is better, works well, or is easier to use... It's because other people use WhatsApp.
I'm sorry but this is just not true. Network effects are important, but there's a reason that people are using these networks to begin with. They work really well.
Something like WhatsApp may seem simple, but every little interaction within the app is perfectly polished in a way that GnuPG, OTR, or any XMPP client is definitely not.
> And the reason people initially used Facebook, Skype, and WhatsApp is not that they were easier to use or better. It's advertising. Notice how all of these are proprietary software made by companies with the means to advertise their software? You can bet people would use GnuPG, Diaspora, and XMPP if they had been advertised by companies like Facebook and Microsoft.
As far as I can tell, WhatsApp never spent a single dollar on advertising. Their entire growth strategy seems to have been word of mouth.
These companies have hundreds or thousands of engineers who work on these products full time every day, driving the products forward, making them better and better. That is not something an open source client is ever going to be able to compete with. It just isn't.
> GIF searches are obviously going to use a 3rd party service, and nobody should expect some kind of anonymous encrypted channel for GIF searches. That's ridiculous.
There's tons of stuff like that which leaks in the app. They store your entire contact list server-side, your plaintext group membership, group info like plaintext group name and plaintext group avatar, etc etc.
> I've not seen any lying about being open source. They haven't released every piece of code, but I don't recall them ever claiming they did.
Since their launch several years ago, they've had a "feature" matrix on their website that lists Wire as being open source (and their competitors as not being open source). That was long before their recent "open source" announcement (which still isn't even fully open source). When pressed, they said it was because they used some open source libraries. That's really shady.
> I've never seen any crypto experts who have audited Wire and said there's anything wrong with their choices, and you supplied no links.
I recently switched from Android to iPhone and was pretty surprised by how much lower quality the Signal app is for iPhone than Android.
Signal for Android was really amazing, and the switch made me think this could be one reason why so many people seem to speak both highly and poorly of Signal. The iPhone app just unfortunately seems to be way behind the Android app.
Not sure why they have prioritized development in that way.
You're promoting Wire for anonymity? Check out their privacy policy, Wire maintains a server side copy of your entire contact list, all the groups that you're in, the plaintext metadata for your groups (membership, plaintext group title, plaintext group avatar), etc etc.
They have broken voice encryption, and leak enough data to reconstruct the audio of your calls. They leak tons of plaintext directly back to themselves, like GIF searches, and rolled their own messaging crypto that experts say is broken.
They have been caught lying about what kind of encryption they provide, they lied about being open source for years, they lied about being based in switzerland. From what I can tell, the only people promoting Wire after all that are usually on Wire's marketing team.
That's like saying there's a targeted campaign to ignore Skype because these articles don't mention it. You might like Wire, but it's not an app that people concerned with privacy should be using.
1. The "encrypted" calls leak enough information to be able to reconstruct the audio.
2. Many features in the app, like GIF search, transmit plaintext directly back to Wire.
3. They rolled their own crypto, and experts disapprove of the choices they made.
Journalists who write articles like this and don't mention Wire are doing their job. They've consulted with experts and aren't spreading misinformation.
Essays like these, along with Thanksgiving conversations with older extended family, are what really make me question the wisdom of eternal life. What if all the people stuck in the past like this were with us forever?
Wire transmits your plaintext GIF search terms to the Wire server. Their privacy policy even allows those searches to be logged. Combined with Wire's already bad e2e encryption and metadata story, I don't see how you could consider this "catching up."
> What Web2.0 did is that it removed the need of certain type of desktop software.
The commonly held belief at the time was that Microsoft's dominance rested in large part on that desktop software. Think how hard it would be today if you wanted to start a new mobile OS (let's call it "windows phone") years after entire software ecosystems have been established for iPhone and Android.
It's safe to say that Microsoft is not the shining star they once were. If we were to pick a single moment in history that lead to their undoing, I think this would be it.
> BTW if Microsoft didn't invent XmlHttpRequest, somebody else had done it.
"Somebody else" didn't have the market share IE did. Something that was incompatible with IE at the time was a non-starter. What's remarkable about this story is that when Microsoft saw the browser coming in the Netscape years, their entire strategy was to head that shit off by ensuring that their own browser become market dominant so that they could keep the web in a place that wouldn't hurt MS.
After all that effort, the anti-trust suit, etc, etc... and they'd gotten themselves in the place where they controlled the future of the web, it was some random developer at Microsoft itself that invented the very thing which was their undoing.
And think about how much this costs Twitter! The Fabric SDK allows apps to do phone number verification (SMS/Voice calls) for free. This is usually the single greatest cost associated with running any app that does phone number verification (often even above engineering salaries). Multiply the number of SDK users by the cost of SMS/voice delivery, and that's a ton of money out the door every month.
There were some rumors that Twitter has tried to spin off Fabric into another home, but it sounds like potential buyers balked when they saw the costs associated with it.
The prevailing theory is that Twitter originally saw this as a way to collect user data in the mobile app paradigm in the same way that the Twitter "follow" and "tweet" buttons do in the web paradigm. It sounds like it hasn't paid off, though.
If it is possible to do this safely, does that mean the TLS 1.2 Random value was always eight bytes too long? Or that it was unnecessary?