I was hopeful at first. A large VC funded company with a big full time team should run circles around a small open source effort, but their security is still way behind Signal. I was also quickly put off by their "less than honest" marketing.
I haven't directly explored the source for either in little while, so I should take a new look. I might be a little out of date, but the things that I have seen second hand recently confirmed my earlier conclusions.
Like I recently saw an announcement from Wire that calls are now secure, but they had been advertising them as secure all along! I had even spent time looking through the code but didn't know that calls weren't authenticated. Now are they really secure? I don't know, they said that before too, and the source is so hard to follow. Then I saw a post that showed they weren't even doing cert pinning, which is so basic.
I wanted to like it, but the more I looked the more I felt like "security" was just sprinkled on as an after thought.
I think this study is exploring "persistent" ED, which is less known. ED is a documented side effect, but this shows that some men continue to experience ED even after they stop taking the drug.
The linked Wikipedia article cites references to persistent ED and diminished libido common enough to warrant changing the labeling on the drug in 2014.
So, yes, this study is exploring that side effect, but it's inaccurate to call it "less known".
They don't use the signal protocol, they don't even use X3DH or Double Ratchet. That citation of yours is just a download link, not an actual reference to your point.
The project is also kind of a mess. Check out their privacy policy, Wire maintains a server side copy of your entire contact list, all the groups that you're in, the plaintext metadata for your groups (membership, plaintext group title, plaintext group avatar).
Check out some of the code. They have broken voice encryption, and leak enough data to reconstruct the audio of your calls. They leak tons of plaintext directly back to themselves, like searches, and rolled their own messaging crypto.
They have been caught lying about what kind of encryption they provide[1], they lied about being open source for years, they lied about being based in switzerland. From what I can tell, the only people promoting Wire are usually on Wire's marketing team.
I'm surprised at your negative take. The article you link is from 2014. They do encrypt chats now, and group chats, and voice, and video, all e2e, as far as I can tell.
My understanding is that the developers sit in Berlin, but the legal entity is in Switzerland.
Their privacy policy [1] states that they retain logs for 72h, and not much else. Only hashed contact info (emails/phone numbers) are uploaded, after opt-in. It all sounds very reasonable.
Your argument seems to be that they're an untrustworthy mess - but I don't see much evidence of that, except for possibly some braggadocio in that old article.
> Check out some of the code.
Yes, it is on github [2], so you can do that, which is nice.
According to wikipedia "its instant messages with Proteus, a protocol that Wire Swiss developed based on the Signal Protocol" [1] so I guess it is just based on it.
> As the article says, Bernstein's stuff won out because his work is at the intersection of solid crypto, clean and performant code, and sane API design.
As a casual observer, my impression has been pretty different. Here's an excerpt from the README of curve25519-donna, which it seemed like everyone was using for a while:
curve25519 is an elliptic curve, developed by Dan Bernstein, for fast Diffie-Hellman key agreement. DJB's original implementation was written in a language of his own devising called qhasm. The original qhasm source isn't available, only the x86 32-bit assembly output.
Since many x86 systems are now 64-bit, and portability is important, this project provides alternative implementations for other platforms.
My impression has always been that what we get from DJB is some wacky implementation written in a language of his own devising, or just the 32bit assembler output of that, or some partial code fragment that has to be disentangled from his benchmarking library, and the only thing that makes this usable are people who are motivated to do the work of making it digestible by mortals.
I'm not sure we need to litigate this, because it's not like John Viega and David McGrew contributed the production versions of AES-GCM that everyone uses.
More importantly: whatever you think of Bernstein's packaging, an area of expertise he clearly shares with just a small subset of cryptographers is the design of cryptographic primitives optimized for consumer compute hardware. There's a reason his primitives tend to outperform the ones they supplant: until relatively recently, Bernstein was the cryptographer who took this challenge most seriously.
Finally: whatever you might think of things like qhasm, it's just a fact that the only mainstream crypto library a majority of crypto engineers are comfortable having generalist developers use is designed (in part) by Bernstein. When you use libsodium, you're (usually) using programming interfaces and constructions he designed.
It is also worth mentioning it is all public domain.
He has gone to great lengths to ensure the algorithms are all side channel resistant. The breadth of his concern and the care behind the decision making is really impressive and most users of his software only really understand the tip/visible portions of it all.
I will forebear the idiosyncrasies, gladly, to get all the benefits compared to the current stew of crypto primitives I see getting misused almost constantly.
> My impression has always been that what we get from DJB is some wacky implementation written in a language of his own devising
Go look at TweetNaCl. It's a very small, very clear implementation.
In my opinion, the reason why djb was always doing "wacky" stuff was because everybody was always bashing him for being the slowest (it's hard to compete with an AES primitive in hardware).
Suddenly, however, performance isn't the boogeyman that it was when nobody else has any useful crypto.
> It isn't because GnuPG doesn't work well or because it is too hard to use that people don't use it. They don't use it because other people don't use it.
Sure, GnuPG works "well," for engineers. This post is written by an engineer, but engineers are no longer the majority of computer users. If you want to develop mass market products today, coming to terms with that is pretty important.
To even try to draw a comparison between WhatsApp and XMPP+OTR is absurd. For an engineer, maybe the latter is passable, but the billions of people around the world who want to chat on their mobile device, don't understand what a key exchange is, don't understand why they can't immediately see everyone in their address book they can chat with, and don't want to run their own server, it definitely isn't passable.
> Why do people use Facebook instead of Diaspora? It's not because Facebook is better, works well, or is easier to use... It's because other people use Facebook.
> Why do people use Skype instead of XMPP? It's not because Skype is better, works well, or is easier to use... It's because other people use Skype.
> Why do people use WhatsApp instead of GnuPG or OTR? It's not because WhatsApp is better, works well, or is easier to use... It's because other people use WhatsApp.
I'm sorry but this is just not true. Network effects are important, but there's a reason that people are using these networks to begin with. They work really well.
Something like WhatsApp may seem simple, but every little interaction within the app is perfectly polished in a way that GnuPG, OTR, or any XMPP client is definitely not.
> And the reason people initially used Facebook, Skype, and WhatsApp is not that they were easier to use or better. It's advertising. Notice how all of these are proprietary software made by companies with the means to advertise their software? You can bet people would use GnuPG, Diaspora, and XMPP if they had been advertised by companies like Facebook and Microsoft.
As far as I can tell, WhatsApp never spent a single dollar on advertising. Their entire growth strategy seems to have been word of mouth.
These companies have hundreds or thousands of engineers who work on these products full time every day, driving the products forward, making them better and better. That is not something an open source client is ever going to be able to compete with. It just isn't.
> I'm sorry but this is just not true. Network effects are important, but there's a reason that people are using these networks to begin with. They work really well.
There's a reason they use these networks to begin with, but I don't think it has much to do with them working really well. The network has to work well enough, but past that, marketing, chance and being an early player are all factors that I suspect are more important than how good the product is.
> As far as I can tell, WhatsApp never spent a single dollar on advertising. Their entire growth strategy seems to have been word of mouth.
Yes, there are other ways to get through the initial growth than advertising. Such as chance, or being there before everyone else. But the "word of mouth" is part of the network effect I am talking about, and it comes after the initial growth. They had to get some initial growth somehow.
> These companies have hundreds or thousands of engineers who work on these products full time every day, driving the products forward, making them better and better. That is not something an open source client is ever going to be able to compete with. It just isn't.
That doesn't match my experience and I don't see a reason it would. If we were talking about a web browser, maybe, but an instant messaging client is something pretty simple that it doesn't take hundreds or thousands of engineers to get right and make into a good product. Since an open source project won't have the strong incentives a company will have that are against the interests of the users (making it into walled garden, centralized, proprietary software that doesn't use open protocols), it won't take much for the open source client to be better. There is not much correlation in my experience between how good software is and how much money the company that created it has or how many employees it has working on that software.
but an instant messaging client is something pretty simple that it doesn't take hundreds or thousands of engineers to get right and make into a good product.
While you are technically right, making a good (as in "usable") chat client takes at least a competent developer and a UI designer, and most OSS developers lack in the second domain.
Especially for XMPP, you also need to apply a number of extensions to improve the experience.
From personal experience as an XMPP client developer and XMPP Standards Foundation member I can say that most of the work is driven (slowly) by volunteers, and that there is more work than time. We are starting to cover the UX side of things to make XMPP easy enough to compete with WhatsApp, but we need YOU to contribute. ️
I recently switched from Android to iPhone and was pretty surprised by how much lower quality the Signal app is for iPhone than Android.
Signal for Android was really amazing, and the switch made me think this could be one reason why so many people seem to speak both highly and poorly of Signal. The iPhone app just unfortunately seems to be way behind the Android app.
Not sure why they have prioritized development in that way.
This is the correct answer. Moxie dominates signal-android commits. He doesn't work on the iOS version.
The programmer working on the iOS version left early this year. If you look it was pretty stagnant for awhile with him, only really getting bugfixes. Now they have a new maintainer that's been playing catchup and things really only started to get rolling in the past couple months.
If it is possible to do this safely, does that mean the TLS 1.2 Random value was always eight bytes too long? Or that it was unnecessary?