Get the top HN stories in your inbox every day.
walterbell
sen
Wire is massively underrated in general. It’s got a slick UI that’s easy for non techies, it’s got native clients on all major platforms, and it has everything you really need from an e2e IM without the fluff. I’m surprised it doesn’t come up more in these discussions and people just “settle” for Signal or another service that needs your phone number etc.
ckozlowski
Agreed. I've been using it for years, and much to my surprise I've been able to convert most of my extended family into using it. The fact that our parents (60s-70s) are using it successfully to post and share pictures as well I think is a good sign of it's accessibility. The rich media, good voice/video support, and ease at making multi-user discussions are all excellent. The persistence across devices is excellent, and I love that it's just as easy to use on the desktop as it is on mobile.
I do think there's some improvements that can be made, such as a better visibly into how to sign up without a phone number (I think this is still the default on the phone app) and a more visible download option on their website (the free version is buried under "Resources" -> "Downloads". You can make backups, but there's no easy method to do a plain text export. I get the feeling sometimes messages get "Stuck", and there's been issues in the past with notifications not being sent or push notifications not getting through certain Android sleep states. Sometimes I'll edit a message just to "resend" it such that it's delivered.
Overall though, It's still my secure messanger of choice by far. Glad to see it discussed here.
lucb1e
The clients are not actually native, at least on desktop it's just Electron and the mobile clients (Android, iOS) don't feel fast either, but frankly rough edges like these are my only real complaint.
Features are available and work everywhere (unlike Signal which has a dumbed-down desktop client and no web client at all), it does everything you generally need and the search is actually superb (better than Telegram even, since tg only does word matching and Wire can do symbol and arbitrary string matching and is also very fast) although limited to one chat so you need to know which chat contains what you're looking for. Meanwhile Element (Matrix) goes "can't search encrypted chats"... useless if you want to communicate something non-ephemeral, you'd need to switch to pgp-encrypted email and all its problems or another chat service.
Compared to all the alternatives, Wire with all its faults is the best encrypted messenger. I would recommend it to everyone aside from the network effect: Signal clearly has more users (while being worse on features and privacy). Because it's useless to be alone on a messenger and because it's still a step forwards from the status quo, most of the time I end up recommending subpar solutions.
hiq
> dumbed-down desktop client
That used to be true, but now the desktop client has almost all the feature of the mobile clients. Which feature do you miss there?
> Signal clearly has more users (while being worse on privacy)
I assume you're talking about the phone number requirement? This is fair criticism, but what about the rest? Signal leaks way less metadata than Wire, which is more similar to WhatsApp in that regard.
See also this comment: https://news.ycombinator.com/item?id=14069674
Some things might have changed, but it's not clear to which extent.
Arathorn
Element does encrypted search fine on desktop, fwiw.
walterbell
The Wire iOS native Arm client is fast and can be made officially available for M1 Arm-based Macs. Looking forward to that, as the Slack iOS Arm client is way faster on my M1 Macbook than the desktop memory-hogging Slack.
kitkat_new
Element can search encrypted chats, just not yet in the browser
14
I also like wire and just by chance found it to message my kids on their iDevices that don’t have a phone number like iPads and iPods. It works great and has all the main features. I’m even happier now that you guys inform me it’s secure also.
mercutio2
If they’re Apple devices, why don’t you just use iMessage?
hiq
> I’m surprised it doesn’t come up more in these discussions and people just “settle” for Signal
Not needing a phone number is nice, but last I checked Wire does little when it comes to metadata, while Signal is more or less the state of the art in that regard.
The phone number requirement itself is supposed to be eventually dropped in Signal (although I'll admit it's taking quite some time, and with the spam issues it might take some more).
birksherty
Matrix tools like Element is decentralised which is preferred, wire is not.
The company keeps a list of all the users you contact until you delete your account.
Source: https://archive.fo/ARZe4#im
remram
It is federated, not decentralized. You need to use a server, which will have access to your contacts and the rest of the metadata such as how often you talk to them etc (and all message content that is not E2EE). You are only safe from third party if both you and people you talk to run their own servers.
the_duke
That's changing. Dendrite [1] is the official next-generation server implementation and optionally supports decentralization.
But due to the usability constraints of truly decentralized systems, I think most users are better off with federation.
kitkat_new
mind explaining how Matrix is not decentralized?
antihero
I'm amazed that they still don't have any kind of 2FA after nearly four years.
viertaxa
Perhaps this comment is why my email has blown up over the past day. It's interesting to see this issue pick up steam every now and then.
zeitg3ist
I didn’t login on Wire for 3 months and “for my security” messages that were sent to me during that time were just... lost. I think my history was deleted too. This happened 2 or 3 years ago, but it made me just switch to something else (Telegram).
oauea
So you want them to just hold on to your messages on their servers indefinitely? I realize this is the norm nowadays, but is this really what you actually want?
deepstack
Wire is not for people to leave message unread for 3 months. Most user can deal with that. And once it is read. You can archive your message on to a file (and then put on USB). For most users, why use anything else?
For those who like to leave your message unread on the server for up to a year, then go with signal or telegram.
usrusr
In a flawed world that deals perfectly with its flaws, infinite storage would be a service you can optionally buy from an open market of third parties, alongside optional identity mediation (for those who definitely don't want their identity bound to a device or SIM or some other PID known to the core network). Bonus points if the technological and organizational interface between third party and core network is paid, I believe that this would be one of the least bad ways imaginable of funding the core network.
admax88q
Yes? I want them to hold to my messages in am encrypted form for all time. The NSA has probably logged them anyways. I'm done with managing my own backups, my state should be persisted "in the cloud" with no effort from me.
zeitg3ist
I think it should be an option, at least.
undefined
walterbell
For those who want end-to-end encrypted messages, it's a feature that the server doesn't have a persistent archive of message history. Wire messages are on the server for a few weeks, long enough to relay those messages to transiently offline devices. Telegram is great at what it does, different use case from Wire.
zibzab
I'm actually fine with the wire approach.
But it would be nice if the sender could be notified that the message was never delivered.
ajconway
Matrix does have end-to-end encrypted persistent history.
zeitg3ist
Yeah, I guess it’s just a different use case, but it was a behavior I didn’t expect (maybe I didn’t read the “fine print”) and it turned me off using it for long-term stuff. It’s a pity because I liked the interface and features.
api
This is one of those replies that should be put in some kind of HN canon. It perfectly shows why there are so few privacy or security respecting options. They did the correct thing for security and you switched.
As I've observed for a long time: UX is more powerful than anything else except maybe cost, and even then one driver for user preference for "free" apps is not having to dig out a card... so cost is also UX.
zeitg3ist
That’s a bit unfair. I value privacy for some things but for other things I value more not losing my message history. Telegram is not as secure as other options by default, but for me it strikes a good balance between convenience/usability and privacy, as I can optionally open a self-destroying secret chat when I need it.
exciteabletom
FWIW Telegram deletes your account if you are away for a year, and you cannot disable it.
Zambyte
Uh, just FYI this is alao a feature on Telegram that can't be disabled (only extended up to a year).
qwertox
Threema also does not require your phone number.
ReptileMan
It requires payment - so google account or your paypal/credit card are on record.
ThermalCube
You can pay by Wire transfer, MasterCard, Visa, PayPal or even Bitcoin[1] so there is at least one anonymous payment option available
qwertox
I forgot this fact. One could create a new Google account and buy a gift card.
In any case, doesn't this only link your personal data to the ownership of a Threema app usage license and not to the content (user ID) inside the app?
It's definitely different to entering your phone number into the app.
c0wb0yc0d3r
FWIW, your threema identity isn't tied to your license key.
thomostin
How can you get push notifications on an Android device without using Google Services?
You can just get a gift card and pay in cash for it.
tomjen3
I can't seem to find any information about their free version on that page.
lucb1e
https://app.wire.com/auth/?hl=en#register
It's a bit hard to find, looks like they've given up trying to compete for non-business users, but the client has a registration form open to everyone.
I think they'll keep supporting this because inviting those 'guest' accounts into rooms of business users is a big feature. We regularly collaborate with people via Wire (customers or freelancers, who can just use their personal Wire accounts) because it's the easiest way to collaborate without forfeiting encryption or features.
ckozlowski
I love wire, but this is one of my biggest pet peeves right now. I can't tell someone to just "go download Wire" on the desktop without giving them navigation instructions ("Resources" menu at the top, then "Downloads" because there's so much focus on the paid products.)
Not a pro move in my opinion.
ISO-morphism
Every time I open the Snapchat Android app it prompts me with a Snapchat-styled (not the system) dialog to share my contacts. Every time I hit "Don't allow". Every time it prompts me again.
This is an inexcusable dark pattern. Two things need to happen:
1. The operating system needs to provide a "screw you, never" option for any permissions.
2. We as engineers need to say "screw you, never" to requests to implement behavior like this. Sure, this could be a bug, but I see the same behavior with Venmo and location access.
Personally I'm rather disillusioned with where we've found ourselves. This sort of adversarial relationship in which people are property of a platform and treated as such is winning.
Edit: Venmo had been set to "Only while using the app" and was prompting to enable location services on the device, not for permission. That's my own fault.
sneak
The "screw you, never" option is to delete your Snapchat and Venmo accounts, and delete those apps from your device. This is what I did.
ISO-morphism
Indeed, that's what I should do as an individual and try to drag along as much of my social graph as I can. There probably isn't any salvaging platforms built on data collection as a business model.
2OEH8eoCRo0
>We as engineers need to say "screw you, never"
The engineers have spoken. They say, "I'm getting paid too much to care."
Or they look at it from my perspective- who cares? According to you this is an issue but from another perspective there are clueless users who accidentally denied the permission and are grateful later. Can we really afford to have every engineer constantly objecting to the slightest subjective interpretation of what makes a dark pattern?
That's not for me to decide.
MrDresden
The system does have a "screw you, never" option for all permissions.
The issue is that Snapchat (in your case, as I don't have this happen on v11.23.3.36) is told that they wont get the permission and wont be able to ask for it either.
And so they perform their own inhouse permission request to you.
There is nothing that can be done from the system's point of view for that.
hctaw
> There is nothing that can be done from the system's point of view for that.
They can ban the app from app stores for using any non-system interface to request permissions, like they do for payments.
MrDresden
I am not agreeing with it, but they are showing a piece of custom ui that probably links into the settings for you to make changes.
That is a very normal practice on Android. The fact that Snapchat decides that pestering the user for the permission is acceptable I find to be a very strange design decision.
juergbi
The system could supply an empty contact list.
ISO-morphism
> v11.23.3.36
v11.25.0.29 Beta for me
> in house permission request
That's what I had feared. I'd expand the scope of "the system" to include Play store rules.
MrDresden
It would change the ecosystem, for the better, if Google would uphold and enforce their policies as fiercly as Apple does. It would surely reduce the amount dark pattern predatory apps on the market place, and overall just pull the quality up a few notches.
Why they haven't done so already is a mystery to me.
dillondoyle
I get annoyed by the web version of this for push notifications - mostly the ones that copy the specific browser UA style.
doomjunky
This dark pattern is called the ratchet. https://news.ycombinator.com/item?id=16689663
Jonnax
There needs to be two lists of contacts.
One which I allow to be shared with apps And another which are my contacts I use with my dialer.
People don't need their messenger apps knowing the phone number of their doctor
jannes
An alternative would be to make it similar to the iOS photo gallery permissions:
When an app requests permission to all photos the user gets the option to share only a subset of photos with the app. (This subset can be different for each app.)
furyg3
While I agree with you, the current way this functionality works is really terrible.
ratww
It's indeed terrible in Apps that reimplement the photo selecting feature, but in simpler Apps that just use the default picker it works quite well and it is transparent.
Popular apps like WhatsApp, Twitter, Facebook, Telegram, etc, could just fall back to the default picker when full access is not available.
h0h0h0h0111
Agree - it's a great concept but seems to involve an inordinate number of clicks (touches?) all over the screen
rcMgD2BwE72F
Don't forget that on Android, Google will sync all contacts with their servers without asking the user to install an application (the Play Store have access to all contacts and will sync them with the Google account when logging into the Play Store... which is inevitable on Android).
The protection must be set higher up (the law, I guess) since the operating system has become spyware.
canada_dry
To that point, I find it entirely un-amusing that Google is presenting me with a notification on my phone that says: "Account action required: add your birthday" %@$#
A piece of info they very likely can derive, but would really appreciate if I'd help them out and confirm it. Screw them.
hansel_der
on ios if one does not grant addressbook permission for the app:
* telegram uses an "internal" contact list for which one can add contacts via the desktop client and then works as expected.
* whatsapp let's the user freely initiate contact by phone numbers, but then only shows the number (no name).
don't know about signal.
strogonoff
WhatsApp on iOS cripples user experience without access to OS contact list. You cannot create groups, and cannot initiate a chat with anyone, even by phone number. It works if someone else messages you first or adds you to a group.
hansel_der
> cannot initiate a chat with anyone, even by phone number
as stated before, i can initiate convo by number just fine. it's just that i can't edit the identifier/handle and so it's always shown by number. thankfully most ppl have set their profile pic public, but it gets messy pretty fast.
vbezhenar
Very intuitive, I know.
sneak
I can't imagine the use case where you want to keep your contacts from WhatsApp for privacy, but continue using a Facebook service.
eythian
As far as I can tell, on Android, whatsapp requires adding a person to your contacts before you can message them at all. I find this very annoying when I'm going to be messaging someone for a brief period only. If there's a way to not do this, I'd like to know it.
ffpip
You can message a person without adding them to your contacts, if you know their phone number.
https://wa.me/their-phone-number-in-international-format . Type this link in the browser or in some chat. Long press, click open and it will open in whatsapp by default.
You can start a chat with yourself in whatsapp, to send these links to yourself and easily click on them. (type wa.me/your-phone-number-in-international-format , click and send any message )
tgv
Or the number of the VD clinic, or the number of the an oncology ward, or the number of the pawnbroker, ...
spitfire
In time I expect all OSes (mobile and desktop) will provide a "give false data" option. So Sandboxed+false inputs, sort of a digital Descartes deceiver.
Because you know the slimy app developers will refuse to work if you don't hand over your full contact list. and people will just accept that.
So the end game is a completely adversarial relationship, even on your own device.
GrinningFool
> In time I expect all OSes (mobile and desktop)
How much time? This has been a thing in one form or another since j2me. Some j2me platforms actually supported this kind of behavior, but that was all lost once Android and iOS came along. Same with fine-grained permissions over network access (eg, user having complete control over what networks/etc an app can access).
We /had/ all of this in the days of BlackBerry, and lost it. Nobody wants to give it back now.
spitfire
That's a good question. We know exactly what technical solutions are needed to counter this adversarial activity.
What social tipping point needs to happen for those to be implemented? How can we lower the social bar for that to happen?
I have no clue. I'm almost always wrong on the social side of things.
AshamedCaptain
I didn't know that (Blackberry). I would like to know about it, if you have any links.
de6u99er
It would be much smarter if your contacts could chose to allow you to share or not share their details.
MrDresden
While I agree with the sentiment, I am not so sure how well this could be implemented in practice.
I feel it would rather be better to disconnect the more static portions of a contact (in this case the phone number) from the contact on the chat network, and use something a bit more transient. Like an email address.
And while yes, primary email addresses are even more static to our identity then phone numbers, having the option of using a single address for each chat network would disconnect this contact graph somewhat.
Going further, if each platform (iOS/Android) would have a more granular portions of the contact queryable rather than handing over the whole contact, the applications could simply just request the "chat network identity" portion of the contact (never to receive the phone number, country, home address etc etc)
itg
I don't know about other Android phones, but Samsung has a Secure Folder with a separate list of Contacts.
wombatmobile
The reason this abuse of privacy is so widespread is because there are no bad consequences for the perpetrators.
Governments don't enforce privacy acts in this circumstance.
Users just roll their eyes, knowing there is no way for them to complain except though boycotts, which are difficult to organise and might not work unless coordinated on a massive scale which has never been tried.
And so it goes.
Nextgrid
And yet people are still bitching about the GDPR. The only problem with the GDPR is the lack of enforcement.
However, it isn't really surprising considering a large chunk of this very community makes their money off large-scale stalking and the same unethical things they complain about.
ryandrake
The only people really bitching about GDPR are software engineers and lawyers at companies whose privacy practices are still questionable after all the time given to clean up their act. That's why, if you look at HN comments, everyone seems to hate it. Sample bias. None of the remaining 7 billion people on the planet really know much about it. I bet if you summarize the regulation and describe it to a random person on the street, they'll nod and think "sure it's kind of a good idea" and forget about it in the next 10 seconds.
upofadown
People will complain about the meta-information leakage of email but then turn around and suggest we should instead use something based on your phone number[1]. I guess this is a reminder that phone number based contact discovery has issues as well ... perhaps worse ones in practice.
With email the server operators know who is talking to who but do not necessarily know who any of those people are. Email clients will not show who has you in their contact list. There is no practical way to enumerate every active email address in use.
[1] https://latacora.micro.blog/2020/02/19/stop-using-encrypted....
gnfargbl
The paper claims that stricter rate limits are a possible solution to this issue, and that with stricter limits in place "crawling entire countries would only be feasible for very powerful attackers". I don't think I agree. Take Signal: the authors managed to crawl all US phone numbers in 25 days, using 100 accounts. Their proposed stricter rate limits force an approx 50x slowdown on an attacker (Table V), which seems to imply that over the same crawl period an attacker would require 5000 accounts. If we assume that virtual SMS numbers are around $5 each, then the attack now costs about $25k, which is about 0.001% the GDP of East Timor.
They also propose a global salt as a mitigation. I'm a little confused there too, because wouldn't the salt need to be present in the endpoint application? If so it would be trivial to extract.
Their proposal of using a key stretching hash algorithm (e.g. Argon2) seems reasonable? At a significant increase in cost on the server side.
hiq
From the paper:
> Signal acknowledged the issue of enumeration attacks as not fully preventable,
So rate-limiting is fine as long as you don't hurt user experience, e.g. you can still message your contacts within 1min if you have around 500 contacts. It's also nice to lower the load on the servers. But there's no real fix as long as phone numbers are used.
And it's fine, given that Signal basically leaks one bit of information: whether a phone number has a Signal account or not.
...of course, assuming that the account owner doesn't accept unsolicited messages (and thus shares their profile, with their picture and "About" field).
jacquesm
It didn't take long after the first social graph was created to realize that your contacts define you as much or even more than your other indicators do. That's why so many companies are gunning for this information.
TeMPOraL
A quote I saw on the Internet long ago went, "You're the average of the five people spend the most time with". I used to interpret it only in its original, prescriptive sense: if you want to become a different person, make appropriate changes to your social life.
It took me way too long to realize it's even more applicable in the descriptive sense: the people you spend most of your time with are a good statistical predictor of who you are.
blorange
"Interestingly, if the number provided by Hushed was previously registered by another user, the WhatsApp account is "inherited", including group memberships. A non-negligible percentage of the accounts we registered had been in active use, with personal and/or group messages arriving after account takeover."
Did not know that taking over a WhatsApp account is that easy.
hiq
You can set a pin which I think would reset your account eventually if you want to register the same number but fail to provide the correct pin, and the previous owner of the phone number does not use WhatsApp in some time.
blorange
The most interesting section for me was "Exposed User Data". My takeaway is that an attacker can know whether my phone number is registered with Signal and can receive voice and video calls. They also get my encrypted name and profile picture but would need my explicit consent for that.
hiq
That's my take as well, and I think that's already known by most users. So nothing new for Signal users.
For WhatsApp it would be nice to change the defaults so that no information (other than the fact that the number is registered) is shared with no interaction.
captainmuon
I think the information who is a contact of whom should not reside with the provider, but be distributed among the peers.
I had a proof of concept of something similar working a couple years ago. I was writing a file-sharing app, and the goal was to piggy-pack on the existing social graph that you had from Facebook, Skype and so on. I could not register as a proper Facebook app, since that required having a domain, and I would be legally catchable in case somebody used my app to share copyrighted or illegal stuff.
Back then, Facebook messenger was based on XMPP/Jabber, which allows sending custom stanzas (secret messages that are not shown to the user). My app would ask for your login, then send a message to every contact, and if it got a reply from another instance, it would perform a handshake and exchange keys. This also worked over (old) Skype, which although it didn't support XMPP, you could do something similar with SkypeAPI. (Unfortunately, a few months later almost every messaging service that allowed such a trick stopped it...)
Now, this trick doesn't help if you are trying to set up a new social graph in the first place. But I think with this "send an invisible message to a potential contact's app" primitive, you could build a list of mutuals securely. (Other caveats apply, you'd let somebody know that you have their number for example...)
hiq
> I think the information who is a contact of whom should not reside with the provider, but be distributed among the peers.
Signal partially solves this with SGX. Partially because SGX will probably never be fully secure.
rcMgD2BwE72F
An even bigger problem: if you set up an Android phone without a Google account and need to access the Play Store (which is impossible to do without nowadays), Google will force you to sign into a Google account at the OS level and will suck in all your devices contacts -- with no opt out. You can disable this sync "feature" but *only after*, once Google has collected all your contacts (phone number, addresses, emails, birthdays, etc).
Explanation: the toggle to opt out is made available after you log into Google and you must navigate in multiple screens which gives Google ample time to collect hundreds of contact details. Of course, it is not possible to turn on airplane mode during this procedure since the log in requires an Internet connection.
This is 100% against the EU GDPR. I've submitted a complaint to my local privacy regular (French CNIL) but never heard back.
This probably impacts 200+ hundreds millions of EU citizens (since 2/3 of the population must be using an Android phone). I can't imagine a more massive data collection program, since each user must probably have more than 50 people on their device so the total amount of people that is affected exceeds my imagination.
How can Google get such a pass?
lofi_lory
I use Aurora for the Playstore. It's buggy but does the trick for the few apps not in FDroid. No account needed as they provide a service for shared credentials.
vmateixeira
I feel you. Unfortunately, I don't think GDPR will be of much help on that case. A fine of up to 1% of they're revenue will hardly make a dent - it's just another tax. Misbehaviour will be still worth it.
Actually GDPR is of great help to them, by putting smaller competitors away from using similar techniques. For those, a 1% revenue is a lot.
elyobo
Happened with Australia's real time payment system too.
https://www.itnews.com.au/news/monitoring-fail-allowed-westp...
wombatmobile
I didn't know that. Thanks.
I suppose the consequences for Westpac are... nothing.
elyobo
As far as I know, no. I suspect that it wasn't just them.
Get the top HN stories in your inbox every day.
Wire (from the creators of Skype) does not mandate a mobile phone number (SIM cards are tied to government identity in many countries). Only an email address is required to open a free account. Nor does Wire mandate upload of your phone's address book with personal social graph of contacts. Free for consumers with paid teams offering for enterprises, optional on-prem server. Open-source clients and server. Cross-device history if the device logs in within a few weeks of the sent message. Basic export/import for moving your device's message archive to a new device of the same type.
https://wire.com/download/
They are contributing to IETF MLS for end-to-end encrypted group messaging: https://datatracker.ietf.org/wg/mls/about/