Like a Snapchat-for-adults, Wickr 2.0 throws some fun usability features and a new interface over its unusually high encryption and deletion standards.
December 20, 2013 4:00 AM PST
When it comes to secure text messaging, you’re often entirely dependent on the whims of the message server. Wickr goes to great lengths to flip that paradigm around, handing control back to you, the sender.
Wickr 2.0 lightens up, but keeps security tight (images)
1-2 of 5
Scroll Left Scroll Right
Wickr 2.0’s debut on Friday makes it much easier to invite friends to use the app, thanks to a new address-book scanning feature that prevents Wickr from learning who you’re inviting. That’s a big difference from just about every other service out there, which accesses your address book — usually with your permission — and then holds on to that data like the digital gold that it is.
Nico Sell, co-founder of Wickr, said that it was important to the company to avoid holding any sensitive information about its customers on its servers.
Google Nexus phones reportedly susceptible to SMS attacks
When emoji just isn’t enough, ubertxt
Emu launches smart texting assistant for Android
Android signs up for official default setting for texting
Google’s Hangouts for Android could get text-message support
“Unlike other apps, Wickr does not upload your contact book to our servers; your contacts never leave your device,” she said. “We create a cryptographic representation of your contacts that we store on our servers to match with your friends.”
Available now on iOS and on Android in the next few days, the Wickr update still uses some of the toughest standards for major encryption protocol available. It uses AES-256 encryption to protect your data; ECDH-512 for the security key exchange; RSA-4096 both as a backup and in legacy versions of the app; and SHA-256 for Transport Later Security and hashing. Once it encrypts a message, the keys are used only once then destroyed by the sender’s phone. Since Wickr’s servers don’t have the decryption keys, there’s no way for Wickr to access your messages.
Whit Diffie, co-inventor of the ECDH standard, is a Wickr adviser.
The company boasts a veritable who’s who roster of privacy bona fides on its advisory board, including Cory Doctorow, Paul Kocher, and Brian Behlendorf.
On top of all that, the service deletes attachment metadata to ensure that the company knows even less about you.
Sell thinks that her free app is at the forefront of a new movement to protect people from government intrusion, no small effort in the wake of the NSA leaks by Edward Snowden.
Just in case you weren’t sure when a message was self-destructing, a helpful explosion lets you know.
“I believe this is the first bacterial growth app ever invented,” she said, explaining “bacterial” as being “beneficial to society.”
“We plan to license this piece of tech to all the messaging apps in trouble with regulators for abusing users’ contact books,” Sell said of Wickr’s business model.
Wickr 2.0 ditches the mostly-red interface for a streamlined white one with red accents.
While the interface makes the app easier to use, the company has invested in other usability features to compete more directly with its competition.
You can now finally reset your password without it being as big a hassle as before; customize your avatar, contact names, and group names; invite multiple friends at once; and send insecure e-mail or SMS from Wickr.
For the last one, it warns you when you’re about to send a message to a non-Wickr recipient.
Wickr still may not be for everyone, but for people who value sending private messages privately that are authentically difficult — if not impossible — to be read by anyone but the intended recipient — then Wickr is one of the best messaging apps around.
Correction, 11:10 a.m. PT: This story incorrectly stated the encryption protocol Wickr uses for the security key exchange. It uses ECDH-512.