Contradiction Finder5d ago

#Wireapp: “Your privacy is always our priority.” (unless you use #Tor)

https://linkage.ds8.zone/post/724293

#hypocrisy has always been an issue with #Wire.

Wire.com: “Your privacy is always our priority.” (unless you use Tor) - Linkage @ DS8

Wireapp has been a non-stop running goat fuck for years [https://linkage.ds8.zone/post/228829]. The incompetent devs finally have a Debian procedure (here [https://github.com/wireapp/wire-desktop/wiki/How-to-install-Wire-for-Desktop-on-Linux]). It’s unclear if they are still pushing bloated Electron junk. But they seem to think banning Tor is not bad for optics in the deployment of a comms app pitched for security-minded folks. I modified their instructions to give: $ echo "Types: deb URIs: tor://wire-app.wire.com/linux/debian Suites: stable Components: main Signed-By: $(torsocks wget -O- tor://wire-app.wire.com/linux/releases.key | sed -e 's/^$/./' -e 's/^/ /')" | sudo tee /etc/apt/sources.list.d/wire-desktop.sources Notice I used the tor:// scheme instead of https://. Doing aptitude update gives: E: Failed to fetch tor://wire-app.wire.com/linux/debian/dists/bookworm/InRelease 403 Forbidden [IP: 127.0.0.1 9050] E: The repository 'tor://wire-app.wire.com/linux/debian stable InRelease' is not signed.

Show threadGwennApr 29
@kuketzblog
Verhindert denn Wire deiner Meinung nach Phising wenn es denn behördlich verwaltet wird?
#wireapp #Phising
@bundestag
Caria Giovanni - HarpocratesMar 22

As promised, here is the technical audit of Signal (v8.3.4) and Wire (v4.21.0) using the GAMA v1.0 methodology. Analysis is strictly based on evidence from production binaries (DEX, ELF, Smali).Key Findings:Post-Quantum: Signal uses a continuous PQ-ratchet (ML-KEM1024). Wire implements a hybrid KEM (Kyber768 Draft) in MLS setup.Metadata: Signal's Sealed Sender v2 obfuscates the social graph. Wire's architecture prioritizes enterprise federation over metadata hiding.Telemetry: Detected a Firebase Measurement Connector bridge in Wire's production build.Integrity: Binary evidence of Signal’s SVR2 Noise channel for SGX-backed PIN recovery.I have also corrected material errors from my preliminary notes regarding SQLCipher and PQC in Wire. This is an objective look at architectural trade-offs.Feedback and peer review are welcome to improve the GAMA framework.Full Report:
https://blackcodeitalia.wordpress.com/2026/03/22/comparative-binary-analysis-of-signal-8-3-4-and-wire-4-21-0-a-gama-v1-0-perspective/

for gama methods availabile on my github repository

#Infosec #Signal #Wire #SignalApp #WireApp #Cybersecurity #BinaryAnalysis #GAMA #PostQuantum #Privacy

Comparative Binary Analysis of Signal 8.3.4 and Wire 4.21.0: A GAMA v1.0 Perspective

Signal vs. Wire A Binary Analysis Under the GAMA Methodology Caria Giovanni Battista · CenturiaLabs Independent Security Observatory · March 2026 APK versions: Signal 8.3.4 · Wire 4.21.0-79391-prod…

Blackcode
Paul LApr 2, 2025

Interesting reflection on the landscape of #chat systems from @wireapp .
https://wire.com/en/blog/lessons-from-the-signalgate-crisis
Indeed it shows that there's a lot of progress still to be done and that consumer social networks may need differentiation.

What is shimmering in all this is the wish to have tools that are able to speak to various security levels... The mail apps do this mostly. The landscape is by far more advanced and more nuanced.

#signal #wireapp #whatsapp #telegram #slack #msteams

What We Can Learn from The SignalGate Crisis

Discover five key lessons for IT and cybersecurity leaders after SignalGate: from risks of consumer apps to why UX and admin controls matter in secure comms.

__olJul 27, 2024

Signal needs a dedicated web app or at least "linked device" support on #Android. The fact the only "linked device" support is on the #iPad or desktop is frustrating.

Screenshot: Me loading my #Wire messages in #Firefox.

#Signal #SignalApp #Wire #WireApp

Blort™ 🐀Ⓥ🥋☣️Mar 7, 2024

@Bernard

I got my family on #WireApp , which *had* a good privacy policy. They were bought and deleted all the clauses about not selling PII. It was tough convincing family something bad was up, when the app looked like it still worked the same.

Now I check the funding plan on any new app before getting others involved.

Sure, not every app will make money, but every VC expects a plan to try.

Not being up front with that plan is a red flag for me. Still need to research #Simplex.

#Privacy

Show threadbojkotiMalbonaApr 3, 2023
@nix @dropbear42 @debacle I almost sacked someone for failing to communicate, until we discovered #wireapp just drops msgs apparently randomly. It’s highly unacceptible.
censored for “transphobia”Apr 3, 2023
#wireapp just shit the bed.
Show threadbojkotiMalbonaApr 3, 2023
@dropbear42 @nix #Wire just decideded out of the blue to deny service to those using their old #wireapp. No warning; no explanation. Suddenly there is a blue screen saying “important upgrade”. This is not just an app upgrade. Then it tries to launch gplay even if the phone is degoogled. iow: “we’ve abandoned your AOS ver. Go buy new hardware right now if you want to continue your chats.”
Show threaddeltatuxDec 4, 2022
@md

Interesting, thanks for the article. Luckily, this #leak only affects phone numbers & not the message contents. If the message contents were leaked instead, that would be a much larger issue.

If protecting #metadata is very important, might be a good idea to use other apps that don't use phone number as usernames like #SessionApp, #WireApp, #Threema & #Matrix.

If you don't mind using phone numbers, you can't beat #SignalApp as it doesn't store much in terms of #metadata.