Making data privacy & cybersecurity accessible for everyone.
TheNewOil.org

2022 Review: Wire

What is Wire & Why Do You Need It?

Wire is an end-to-end encrypted (E2EE) messenger available on Linux, Mac, Windows, Android, and iOS. I have long touted the need for E2EE in your daily communications for both practical and philosophical reasons. For practical reasons, it can protect sensitive communications like financial discussions, upcoming plans, and NSFW pics/texts if that’s your thing. For philosophical reasons, I think that everyone should use encryption whenever possible to normalize it and make mass surveillance less feasible/practical/economical.

The Good

Wire has a lot of valuable features. In addition to the obvious things that make it recommended by this site such as being open source and audited, one major advantage of Wire is that it is username based. You can sign up entirely anonymously by signing up on desktop, using a VPN (or Tor), and using a throwaway email. Even without hardcore anonymous signup, you can still retain a great deal of privacy by using a forwarding email address and not submitting a phone number or real name. And because you pick a username, that means you can privately communicate with others without having to provide any personal information like a phone number to that person. You can also have up to three accounts on a single device, allowing you to easily compartmentalize work and personal life.

Image
Wire on Android

According to their privacy policy, Wire does not retain any encryption keys, and uses TLS to encrypt metadata when possible. They claim not to retain copies of encrypted data after it has been delivered, and to only keep technical logs for 72 hours for the purposes of troubleshooting and abuse-prevention. Analytics (sending crash reports on iOS and keeping troubleshooting logs on Android) were opt-in (not on by default) when I signed up for an account. Speaking of Android, Wire is available for F-Droid and seems to work just fine without MicroG or Play services, meaning it should work without issue on any degoogled device.

In my review last year, I noted that Wire was slow. This no longer seems to be an issue – or at least, not a Wire-specific one. When I first started testing it – admittedly during a slow stretch at the day job – I noticed right away that my Android device took a little longer to send and receive messages than my iPhone. But once I got home on a different network, they both worked just fine. I also noted last year that Wire was feature-deprived. Specifically I noted a lack of voice messaging and poor GIF support. This also seems to have been fixed. GIFs use GIPHY (probably not proxied like Signal, so use at your own risk), and voice messages have been added. They even have a little drawing board so you can hand-write notes and a “ping” feature to get someone’s attention (if you prefer not to simply say “hey man, you there?”).

Ultimately, I think Wire’s biggest features are the universal availability in terms of devices and the support of usernames. These two features alone make it a powerful choice worth considering.

The Bad

Image
Wire on Windows 10

However, Wire is not without its drawbacks, and there are quite a few worth considering. Let’s start with a recent development: who owns Wire? A few years back, Wire took a significant amount of investment from a venture capital firm (who hates VPNs, by the way) called Morpheus Ventures, who’s other investments seem to be pretty heavy on the “privacy invasive” side of the spectrum, apps and companies who try to use data to tackle various “problems.” The nature of this relationship was never really fully explained, and it remains that way. Currently Wire is listed under the “Other investments made by Morpheus, our founders or funds previously managed by them.” Pretty vague. Is Wire “previously managed”? Or are they “other investments”? Additionally, around the same time as this investment, Wire had moved their headquarters to the US so they could qualify for said investment (and others), but now their website states they are headquartered in Berlin, Germany. Where is Wire based? Who owns how much of it? These question are unclear. I reached out to them for clarification a few weeks back, but never got an answer since I’m not a paying user. (You can read more about the initial investment and move here, but be aware that this article is from 2019.) It’s also important to know what got Wire booted from Privacy Guides in the first place: changing the privacy policy without announcing it. While this is common for many services, it’s troubling for privacy- and security-advocating services in particular.

Finally, it’s worth noting that Wire is centralized. A premium feature does allow it to be federated for enterprises, but for the average free user, the main centralized server is your only choice.

Conclusion

Wire is far from perfect, but to be honest there is no perfect messenger in the privacy space. The ones that are user-friendly usually have glaring flaws, and the ones that are almost perfect are usually nightmarish to implement and/or use. Wire is definitely not for everybody, however I think it offers some powerful advantages – much of the metadata collection can be outsmarted with a simple VPN and a forwarding email address (and by using it on desktop only, if your threat model is that severe) – and the ability to have a username instead of a phone number is something that can’t be discredited. However, I don’t think Wire is right for everyone. Ultimately I think Wire might be a good trade-off between Matrix and Signal: a little more user-friendly than Matrix, but doesn’t require a mobile device like Signal does. Ultimately, as always, it depends on your needs and threat model.

You can learn more and download Wire here.

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...