Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Wickr: Can the Snapchat for Grown-Ups Save You From Spies?

Yosem Companys companys at
Tue Mar 5 10:16:12 PST 2013

Wickr: Can the Snapchat for Grown-Ups Save You From Spies?
by Lorenzo Franceschi-Bicchierai, Mashable

In the online world, our digital footprints hardly ever wash away. The
Internet never forgets — and neither does social media.

Web users are coming to terms with ever-increasing storage, both
physical and in the cloud. As a result, data retention has become just
too easy. Sometimes it's just an embarrassing picture. Other times, in
places where there's a war or an uprising, people would like remove
their sensitive messages, which could be used against them by
oppressive regimes getting better at monitoring digital

That's where Wickr comes in.

The app, which could best be described as a Snapchat for grown-ups, is
only available for iOS right now. Launched in June 2012 by a group of
security experts, the app sends messages, photos (and soon videos)
that will eventually be erased. Wickr allows users to choose how long
they want their digital missives to last: as short as one second, and
as long as 5 days, 23 hours, 59 minutes and 59 seconds.

The main difference between the two apps, and the reason Wickr is more
ambitious than Snapchat, is that it encrypts all messages, striving
for perfect privacy and security. Wickr doesn't just want messages to
disappear once they are sent. Wickr doesn't want anybody, including
the app itself, to know what your digital correspondence contains.

Nico Sell, a long-time organizer of famed hacker conference Def Con
and Wickr co-founder, says she wanted her kids to enjoy private
communication, but also designed the app for "very high tension
situations, where if information gets out ahead of time, people could
get hurt." In other words, Wickr is for you and me, for
privacy-obsessed people or tinfoil-wearing paranoids, but it is also
for journalists and sources, for freedom fighters and activists,
people who have something at stake and need to keep their
communications under wraps.

So how does Wickr's privacy-enhancing encrypting technology work?
Therein lies the controversy.

Messages are encrypted on your phone using a private key, and only the
receiver can read them once he or she taps on the unlock button that
appears when a message arrives. When traveling through Wickr servers,
the correspondence is unreadable to anyone who might be snooping.
Wickr claims it doesn't store any of the messages, so the service
can't even turn correspondence over as scrambled gobbledygook if the
feds or police come knocking.

Wickr uses your own password and standard cryptography schemes like
AES and RSA to hide the content of your messages. For security
reasons, not even your password can be retrieved. If it could,
somebody could steal it, or maliciously reset it to intercept your
communications and pretend to be you.

Some of the cryptography behind Wickr is widely used on the Internet.
It's the kind that ensures you are really paying Amazon instead of a
hacker, or that nobody is spying when you check your bank account
online. But Wickr also has a "proprietary algorithm," secret to
everybody except the app developers and some trusted reviewers. Wickr
doesn't have open source code.

In other words, only the company knows precisely how its
privacy-enhancing system works. And that's exactly where Wickr's
privacy and security utopia could fail and crumble, according to
cryptography and security experts.

"We have a kind of a maxim in our field, in cryptography, which is
that the systems should be open," says Matthew Green, a cryptography
researcher and professor at Johns Hopkins University Information
Security Institute.

Green echoes what Bruce Schneier, a cryptography and security guru,
has been saying for a long time. "The idea is simple," wrote Schneier
in a 1999 newsletter.

As it turns out, to have a secure, privacy-enhancing app, you might
need to have a thousand eyes on it.

Green says this is nothing new. This maxim, that for some security
researchers is almost a dogma, goes all the way back in the history of
cryptography, to the 1800s. That's when Auguste Kerckhoffs, a
celebrated Dutch cryptographer, formulated his famous principle: "A
cryptosystem should be secure even if everything about the system,
except the key, is public knowledge."

For Green, that means "if you don't know how a system works, you kind
of have to assume that it's untrustworthy." He adds that this is not
about being an open source activist. But Wickr, he says, doesn't even
have white papers on its website explaining how the system works.

"If you're somebody who is a wine aficionado, you care about what's
inside the bottle, you don't care about the label," Green says. "But
unfortunately what's been hyped [at Wickr] is kind of the label, and
we want to know if what's inside is vinegar or if it's actually
something that we want to drink."

He is not the only one to question.

"From my perspective I don't think the company should be telling us,
'Trust us, it's safe,' 'Trust us, it's encrypted,' or 'Trust us, it's
audited,'" says Nadim Kobeissi, a cryptographer and founder of
encrypted browser-based chat service Cryptocat. "We should be able to
verify ourselves."

Kobeissi refers to two recent examples that highlight the importance
of open source cryptography software.

The first one is his own creation. Cryptocat, which could be
considered a Wickr competitor, was born as an open source project, in
which everyone could inspect the code and make improvement suggestions
or flag bugs and flaws. Initially, Cryptocat received some criticism,
with experts claiming it wasn't safe to use in high-risk situations.
But with the feedback from the community, the application has improved
and everybody has learned from it, Kobeissi says.

Another example, he notes, is Silent Circle, an app that also promises
encrypted and secure communications. Silent Circle was founded by
Phillip Zimmerman, the inventor of the vaunted data-encrypting program
Pretty Good Privacy (PGP). Even with his involvement, the
cryptographic community retreated when it learned Silent Circle would
not be open source.

Following pressure from critics and the cryptography open source
community, Silent Circle decided to open some of its code. Once it
did, "people still found flaws in their software; they still found
bugs in it," Kobeissi says. But "Silent Circle still benefited from
making their code open source so that people could review it."

And the same Zimmerman seems to have come to terms with the fact that
they initially made a mistake. "It’s not just [to look for] back
doors, but what if they screw up and make a mistake?" he said at a
security summit in Puerto Rico.

When asked about the open source controversy, Wickr's co-founder Sell
says that they "never considered being open source and don't plan
being open source" any time soon.

Dan Kaminsky, a security and cryptography guru known for spotting a
critical flaw in the DNS system and, basically, having saved the
Internet as we know it, doesn't agree with the critics. "Obscurity has
some place in the world," he says. "There are many ways to deliver
secure systems: One way is to be as open as possible, one way is not."

Kaminsky, who serves as a formal advisor for Wickr, has personally
reviewed the code and vouches for the security of its cryptography
scheme. Additionally, on Feb. 25 the company announced the app has
been audited by application security company Veracode and has received
its maximum rating. Green, however, notes that Veracode isn't
specifically designed to find "subtle cryptography problems" but
rather fool-proof the code for generic bugs and errors. And Schneier
also famously wrote that "security has nothing to do with
functionality. You can have two algorithms, one secure and the other
insecure, and they both can work perfectly."

The cautionary tale that many reference is the case of Hushmail, an
encrypted mail service that used to claim that "not even a Hushmail
employee with access to our servers can read your encrypted email,
since each message is uniquely encoded before it leaves your computer"
— words that echo Wickr's own proclamations. Sell tells Mashable that
Wickr's "architecture eliminates backdoors; if someone was to come to
us with a subpoena, we have nothing to give them."

As it turned out, Hushmail wasn't so impenetrable. In 2007 it was
revealed that, actually, Hushmail coud eavesdrop on its users
communications when presented with a court order.

Cryptography controversy aside, Wickr has some undeniable advantages.
It's extremely easy and intuitive to use. In that regard, it's a lot
like Whatsapp. You install it, create your username and password and
it takes just an instant to learn how to send messages. It really
looks like any other messaging app you've already used a thousand
times. And that was the developers' goal.

"There has been a real problem with security being too difficult for
the average user." Kaminsy says, "Nerds to nerds communication is
doing OK, but what about the real world? What about my friends? What
about my family?"

Also, since the messages self-destruct, even if somebody somehow gets
a hold of your phone or your account, there isn't that much to see
(although the recipient can always take a screenshot). Past
communications disappear forever. "Such a feature makes sense when we
consider the pervasive world of targeted attacks," writes Jacob
Appelbaum, a famous hacker and Wikileaks supporter, in a mailing list.
"If you compromise, say, my email client today, you may get years of
email," but if you compromise something like Wickr, you only get a
limited amount of information.

So could Wickr be used by an activist in Syria who is worried about
enemy spies and Assad's regime? Sell has no doubts — she answers that
question with an unflickering "yes."

But cryptography expert Green disagrees. "I would not recommend they
use something like Wickr."

And even Kaminsky is not so sure. "There's no such thing as 100%
security ... I don't recommend you put your life on the line to any
consumer grade electronic, to any software," he says. "Pretending that
anything that we can offer is going to stand up to highly funded
adversaries with weaponry is foolish."

More information about the liberationtech mailing list