https://medium.com/wire-news/wires-independent-security-review-61f37a1762a8
I use this and it's pretty good but I only got a few friends to try it out. Also I wish it did uncompressed photo and video.
>>58868599
problem is nobody is using it. Signal (besides the fact that uses gapps for notifications and maybe snooping your contact metadata) was around for a few years before people started noticing and it was after some faggot on the US gov was caught with it. You would guess that burgerpeople would jump to more secure shit after the whole Snowden niggerfluffle but the fucking cunts still use iMessage, gmail and facebook like nothing happened.
>>58869847
>I wish it did uncompressed photo and video
You can still send those as a file, can't you?
>>58868599
In case you didn't know, that's @veorq - seems the reason they didn't reply to me was because he found the contributory-behaviour/unmasked key bug first.
Note this is only the first part of a full review, and does not include mitigation for the unknown keyshare attacks. However, it's an encouraging sign for the future.
They are apparently releasing server source in end Q1 2017, after addressing one further issue.
I've reviewed Wire's use of Opus variable-bitrate in the voice communication part (the enhanced part is closed-source), and it seems that the packet size resolution available to an attacker is insufficient to be able to recognise phonemes or words, only sufficient to distinguish who is quiet and who is talking when. It looks like the way Opus does bitrate allocation here renders it immune to the attack (in case you didn't know, it's been known since at least the 1980s that variable-bitrate voice codecs can expose identifiable information about spoken phonemes purely via channel bandwidth metadata, if the time resolution is high enough - here it is not). I am not aware of a comparable useful practical attack for video.
As far as usability goes, the Electron desktop client has crapped out on me a few times, it's possible to send connection invites to someone who's also sent invites to you without either of you realising, and it seems a little too eager to go portrait in calls, so it could use some more work, but I'm encouraged by the work they've done since adopting e2e encryption.
I still wonder if they're going to go on an Incredible Journey(tm) once they run out of VC money, but even if they do, the already-released code would make a solid open-source basis for a future successor.
>>58872473
Why would they release the server source? Wouldn't this seriously hurt their business?