Wire is only two days old and already walking—backwards.
Wire, a new communications app backed by a Skype co-founder, launched yesterday to broad acclaim. It allows cross-platform video and messaging services—even from iOS to Windows—meaning that pretty much anyone can chat with anyone else.
It also promises to be secure. In an FAQ section of Wire's new site, one section asks "Who Can See The Messages I Send?"
"Your messages and conversation history can only been seen by you and the people in those conversations," is the reply.
After I approached Wire, the company removed that claim from its website
It started yesterday, when I posted a screenshot to Twitter showing that although Wire does use end-to-end encryption—which ensures a third party can't decrypt any information intercepted on its way from user to user—for its voice calls, it doesn't do the same for any messages or media that are sent across its service. Instead, these are encrypted to and from their data centres, rather than on your device.
Since Wire's data centres are the ones doing the encrypting, that theoretically means that they can read your messages beforehand, or decrypt them, since they have the digital key to do so.
This was picked up by security expert the grugq, who tweeted "New messenger [Wire] DOES NOT encrypt messages or media end to end. It is not safe, do not use."
A Wire spokeperson told me in an email that "We've made technical design and product choices to provide Wire users with the benefits of a certain feature set—for example, the ability to enjoy conversations across multiple devices and platforms. We are constantly reviewing those choices with security in mind."
The lack of end to end encryption on messages was interesting in itself, but another apparently contradictory statement lay elsewhere on the Wire site.
I raised this with Wire, and asked whether Wire can read the content of media and messages sent using their service.
They didn't answer that question. They did, however, remove the claim that messages can only be read by the user and recipient from their website. Fortunately, I got a screenshot of that statement beforehand.
A spokesperson told me "Thank you for your feedback. We have clarified what looked to be a contradictory statement on our support site. Really appreciate you bringing this to our attention."
At the moment, the FAQ section has no information on "Who Can See The Messages That I Send?"
Wire got tech pundits excited because it looked like a more modern communications tool than the 11-year-old Skype and seemed to take security seriously. But this shows that even in a post-Snowden world were tech companies are falling over each other to show they are more secure than their competitors, caution still needs to be exercised around anything when it comes to privacy.