[liberationtech] Wickr: Can the Snapchat for Grown-Ups Save You From Spies?

[Nadim Kobeissi]

> So could Wickr be used by an activist in Syria who is worried about
> enemy spies and Assad's regime? Sell has no doubts — she answers that
> question with an unflickering "yes."

Not good.


NK


On Tue, Mar 5, 2013 at 1:16 PM, Yosem Companys <companys at stanford.edu>wrote:

> http://mashable.com/2013/03/04/wickr/
>
> Wickr: Can the Snapchat for Grown-Ups Save You From Spies?
> by Lorenzo Franceschi-Bicchierai, Mashable
>
> In the online world, our digital footprints hardly ever wash away. The
> Internet never forgets — and neither does social media.
>
> Web users are coming to terms with ever-increasing storage, both
> physical and in the cloud. As a result, data retention has become just
> too easy. Sometimes it's just an embarrassing picture. Other times, in
> places where there's a war or an uprising, people would like remove
> their sensitive messages, which could be used against them by
> oppressive regimes getting better at monitoring digital
> communications.
>
> That's where Wickr comes in.
>
> The app, which could best be described as a Snapchat for grown-ups, is
> only available for iOS right now. Launched in June 2012 by a group of
> security experts, the app sends messages, photos (and soon videos)
> that will eventually be erased. Wickr allows users to choose how long
> they want their digital missives to last: as short as one second, and
> as long as 5 days, 23 hours, 59 minutes and 59 seconds.
>
> The main difference between the two apps, and the reason Wickr is more
> ambitious than Snapchat, is that it encrypts all messages, striving
> for perfect privacy and security. Wickr doesn't just want messages to
> disappear once they are sent. Wickr doesn't want anybody, including
> the app itself, to know what your digital correspondence contains.
>
> Nico Sell, a long-time organizer of famed hacker conference Def Con
> and Wickr co-founder, says she wanted her kids to enjoy private
> communication, but also designed the app for "very high tension
> situations, where if information gets out ahead of time, people could
> get hurt." In other words, Wickr is for you and me, for
> privacy-obsessed people or tinfoil-wearing paranoids, but it is also
> for journalists and sources, for freedom fighters and activists,
> people who have something at stake and need to keep their
> communications under wraps.
>
> So how does Wickr's privacy-enhancing encrypting technology work?
> Therein lies the controversy.
>
> Messages are encrypted on your phone using a private key, and only the
> receiver can read them once he or she taps on the unlock button that
> appears when a message arrives. When traveling through Wickr servers,
> the correspondence is unreadable to anyone who might be snooping.
> Wickr claims it doesn't store any of the messages, so the service
> can't even turn correspondence over as scrambled gobbledygook if the
> feds or police come knocking.
>
> Wickr uses your own password and standard cryptography schemes like
> AES and RSA to hide the content of your messages. For security
> reasons, not even your password can be retrieved. If it could,
> somebody could steal it, or maliciously reset it to intercept your
> communications and pretend to be you.
>
> Some of the cryptography behind Wickr is widely used on the Internet.
> It's the kind that ensures you are really paying Amazon instead of a
> hacker, or that nobody is spying when you check your bank account
> online. But Wickr also has a "proprietary algorithm," secret to
> everybody except the app developers and some trusted reviewers. Wickr
> doesn't have open source code.
>
> In other words, only the company knows precisely how its
> privacy-enhancing system works. And that's exactly where Wickr's
> privacy and security utopia could fail and crumble, according to
> cryptography and security experts.
>
> "We have a kind of a maxim in our field, in cryptography, which is
> that the systems should be open," says Matthew Green, a cryptography
> researcher and professor at Johns Hopkins University Information
> Security Institute.
>
> Green echoes what Bruce Schneier, a cryptography and security guru,
> has been saying for a long time. "The idea is simple," wrote Schneier
> in a 1999 newsletter.
>
> As it turns out, to have a secure, privacy-enhancing app, you might
> need to have a thousand eyes on it.
>
> Green says this is nothing new. This maxim, that for some security
> researchers is almost a dogma, goes all the way back in the history of
> cryptography, to the 1800s. That's when Auguste Kerckhoffs, a
> celebrated Dutch cryptographer, formulated his famous principle: "A
> cryptosystem should be secure even if everything about the system,
> except the key, is public knowledge."
>
> For Green, that means "if you don't know how a system works, you kind
> of have to assume that it's untrustworthy." He adds that this is not
> about being an open source activist. But Wickr, he says, doesn't even
> have white papers on its website explaining how the system works.
>
> "If you're somebody who is a wine aficionado, you care about what's
> inside the bottle, you don't care about the label," Green says. "But
> unfortunately what's been hyped [at Wickr] is kind of the label, and
> we want to know if what's inside is vinegar or if it's actually
> something that we want to drink."
>
> He is not the only one to question.
>
> "From my perspective I don't think the company should be telling us,
> 'Trust us, it's safe,' 'Trust us, it's encrypted,' or 'Trust us, it's
> audited,'" says Nadim Kobeissi, a cryptographer and founder of
> encrypted browser-based chat service Cryptocat. "We should be able to
> verify ourselves."
>
> Kobeissi refers to two recent examples that highlight the importance
> of open source cryptography software.
>
> The first one is his own creation. Cryptocat, which could be
> considered a Wickr competitor, was born as an open source project, in
> which everyone could inspect the code and make improvement suggestions
> or flag bugs and flaws. Initially, Cryptocat received some criticism,
> with experts claiming it wasn't safe to use in high-risk situations.
> But with the feedback from the community, the application has improved
> and everybody has learned from it, Kobeissi says.
>
> Another example, he notes, is Silent Circle, an app that also promises
> encrypted and secure communications. Silent Circle was founded by
> Phillip Zimmerman, the inventor of the vaunted data-encrypting program
> Pretty Good Privacy (PGP). Even with his involvement, the
> cryptographic community retreated when it learned Silent Circle would
> not be open source.
>
> Following pressure from critics and the cryptography open source
> community, Silent Circle decided to open some of its code. Once it
> did, "people still found flaws in their software; they still found
> bugs in it," Kobeissi says. But "Silent Circle still benefited from
> making their code open source so that people could review it."
>
> And the same Zimmerman seems to have come to terms with the fact that
> they initially made a mistake. "It’s not just [to look for] back
> doors, but what if they screw up and make a mistake?" he said at a
> security summit in Puerto Rico.
>
> When asked about the open source controversy, Wickr's co-founder Sell
> says that they "never considered being open source and don't plan
> being open source" any time soon.
>
> Dan Kaminsky, a security and cryptography guru known for spotting a
> critical flaw in the DNS system and, basically, having saved the
> Internet as we know it, doesn't agree with the critics. "Obscurity has
> some place in the world," he says. "There are many ways to deliver
> secure systems: One way is to be as open as possible, one way is not."
>
> Kaminsky, who serves as a formal advisor for Wickr, has personally
> reviewed the code and vouches for the security of its cryptography
> scheme. Additionally, on Feb. 25 the company announced the app has
> been audited by application security company Veracode and has received
> its maximum rating. Green, however, notes that Veracode isn't
> specifically designed to find "subtle cryptography problems" but
> rather fool-proof the code for generic bugs and errors. And Schneier
> also famously wrote that "security has nothing to do with
> functionality. You can have two algorithms, one secure and the other
> insecure, and they both can work perfectly."
>
> The cautionary tale that many reference is the case of Hushmail, an
> encrypted mail service that used to claim that "not even a Hushmail
> employee with access to our servers can read your encrypted email,
> since each message is uniquely encoded before it leaves your computer"
> — words that echo Wickr's own proclamations. Sell tells Mashable that
> Wickr's "architecture eliminates backdoors; if someone was to come to
> us with a subpoena, we have nothing to give them."
>
> As it turned out, Hushmail wasn't so impenetrable. In 2007 it was
> revealed that, actually, Hushmail coud eavesdrop on its users
> communications when presented with a court order.
>
> Cryptography controversy aside, Wickr has some undeniable advantages.
> It's extremely easy and intuitive to use. In that regard, it's a lot
> like Whatsapp. You install it, create your username and password and
> it takes just an instant to learn how to send messages. It really
> looks like any other messaging app you've already used a thousand
> times. And that was the developers' goal.
>
> "There has been a real problem with security being too difficult for
> the average user." Kaminsy says, "Nerds to nerds communication is
> doing OK, but what about the real world? What about my friends? What
> about my family?"
>
> Also, since the messages self-destruct, even if somebody somehow gets
> a hold of your phone or your account, there isn't that much to see
> (although the recipient can always take a screenshot). Past
> communications disappear forever. "Such a feature makes sense when we
> consider the pervasive world of targeted attacks," writes Jacob
> Appelbaum, a famous hacker and Wikileaks supporter, in a mailing list.
> "If you compromise, say, my email client today, you may get years of
> email," but if you compromise something like Wickr, you only get a
> limited amount of information.
>
> So could Wickr be used by an activist in Syria who is worried about
> enemy spies and Assad's regime? Sell has no doubts — she answers that
> question with an unflickering "yes."
>
> But cryptography expert Green disagrees. "I would not recommend they
> use something like Wickr."
>
> And even Kaminsky is not so sure. "There's no such thing as 100%
> security ... I don't recommend you put your life on the line to any
> consumer grade electronic, to any software," he says. "Pretending that
> anything that we can offer is going to stand up to highly funded
> adversaries with weaponry is foolish."
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130305/8ec9f43a/attachment.html>