Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

12/4/2014
11:10 AM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Ultra-Private Messaging Spreads To Apple Mac, Windows, Linux Desktops

Wickr's secure mobile messaging app expands to the desktop amid explosion in encryption activity.

A mobile messaging application designed for the ultra-privacy-conscious user has now moved to the desktop as well.

Wickr, which offers a free text, video, and picture messaging service for iOS and Android that "leaves no trace" of the messages, today launched free versions of its Wickr Messenger application for Mac, Windows, and Linux machines, extending the iOS and Android app to the desktop. The app's messaging is synced across multiple devices employed by the user. Messages sent via the app self-destruct and are bound to the device, and Wickr doesn't collect any metadata.

Nico Sell, CEO of Wickr, says the desktop versions of Wickr don't rely on the pervasive SMTP email protocol. "We're not using SMTP, because there are a lot of things wrong with it. Even if you're using PGP over SMTP, you're still stuck with metadata that can tell who is talking to whom and when," Sell says. With Wickr, "you are anonymous and you can't tell who you are talking to, when, and how often."

Encryption efforts have been exploding of late. The widely deployed mobile messaging app WhatsApp last month announced that it would employ end-to-end encryption across the board. WhatsApp is installed on hundreds of millions of mobile devices, so the encrypted messaging move would be massive in its scope. The company is using Textsecure, an open-source tool from non-profit Open Whisper Systems.

The Electronic Frontier Foundation (EFF), meanwhile, will begin offering free SSL domain verification certificates by June of 2015 to help spur more encrypted HTTPS traffic on the Net. And the Internet Architecture Board (IAB) has officially called for encryption to be the norm on the Net.

Wickr has even bigger plans than text messaging, however. The goal of the desktop expansion is to replace email altogether for users who want secure email that isn't archived anywhere, according to Sell. "For us, this is really about being the No. 1 app on your phone. The one you use most often, and taking over email. [It] may seem counterintuitive, [but] this is a strategic mobile move," because the app can be used across multiple devices.

Sell says her company is using the app in lieu of email for the most part. "We still use email, but only when you want to archive [messages]… Only 1 percent of my conversations" are traditional email now, she says.

"Email servers can tell a lot about an organization" if they are exposed, she says.

Wickr's app allows messages to appear as a traditional email: "It will look like an email to my mom."

[The era of encrypted communications may have finally arrived. Internet Architecture Board chairman Russ Housley explains what the IAB's game-changing statement about encryption means for the future of the Net: Q&A: Internet Encryption As The New Normal.]

Sell says the best way to employ Wickr's new desktop mode is to first invite 10 friends and family members. "It's optimized today for best friends and family," she says. The desktop app includes Wickr's famed "self-destruct" timer for messages so that they are never archived, as well as a new shredding feature that forensically wipes files from the hard drive and RAM. Like the mobile app, location, time, and device ID information are automatically deleted.

Wickr plans to provide voice and video as well, akin to a Skype-type service. To date, there have been 4 million downloads of Wickr in 196 countries, and millions of messages are transmitted each day.

Meanwhile, the company also has a new slogan: "Escape the Internet."

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.