[liberationtech] Wicker: Déjà vu all over again

[Yosem Companys]

Seems like a good idea.  I wonder what journalists on the list think
about it.  I know there are a number of Knight Fellows and other
journalists on the list, so I hope they chime in.

BTW, here is the press release received via Twitter in response to an
inquiry about Wickr's security:

https://www.mywickr.com/en/downloads/RSA_Security_Announcement.pdf

***Attention Security Geeks, This One is for You***

Wickr Releases Perfect Forward Secrecy, No Back Door Guarantee,
Transparency Report & Veracode Audit

RSA ® Innovation Sandbox Recognizes Wickr as a Top Security Innovator of 2013
Visit the Wickr Demo Booth on February 25th

By Dr. Robert Statica, Wickr Cofounder

February 25, 2013

Today is the opening of RSA ® Conference 2013, the largest security
conference in the world. In honor of
this event, we are making some announcements that only security geeks,
like us, understand.
Wickr provides more advanced encryption technology than pricey alternatives

To kick things off, we changed our key encryption algorithm from RSA
4096 to ECDH 521. Isn’t that
ironic?! This elliptical curve encryption algorithm enables us to
offer perfect forward secrecy to
mainstream consumers with faster performance. If Suite B
specifications are good enough for NSA Top
Secret information, then they are good enough for our family and
friends. As a result of this change,
Wickr provides the most advanced level of data and key encryption
available on the market to date. Oh,
by the way, Wickr is free.

We’d also like to point out that we have not tried to reinvent
encryption. While we do have a patentpending protocol for transport of
the encrypted communication as well as ephemeral messages and
media, this does not mean we are using patent-pending encryption. In
fact, we use well-known
encryption algorithms - AES 256, ECDH 521 and TLS. The receiver’s
device is the only one to know the
decryption key, which changes every message to prevent harvesting
attempts. Our peer-to-peer data
encryption/decryption does not rely on a centralized KDC (key
distribution center) thus making secure
communication easier than ever; even the non-technical can do it!

Backdoors are so last century

Additionally, the Wickr architecture eliminates back doors. We don’t
use servers outside of the country
because we don’t need to.  Each message is encrypted, no matter what
server it is sent through,
rendering backdoors obsolete. By eliminating back doors, our
architecture protects Article 12 of the
Universal Human Rights Doctrine in the United Nations as well as the
First Amendment to the
Constitution of the United States. This mission is fundamental to
Wickr and everything we do.
Let’s be clear, open source code does not guarantee there are no back
doors – it requires a good
architecture and good intentions. This is our commitment to you.

Encrypted and self-destructing messages tell no tales

Today Wickr released its very first Transparency Report. The report
shows we have had requests for
information from law enforcement in 2013. It also shows we have
absolutely nothing to provide in
response to these requests because we don’t know who is communicating
on our platform or what is
being said. We do not store any personal identifiable information on
our servers whatsoever. Our
servers only see encrypted messages, and even those are deleted as
soon as they are downloaded by
the recipient. You can view the full report here.

Don’t believe us? It is too good to be true?

Rest assured, Wickr is the real deal. We’ve undergone a code audit
from Veracode, the most respected
secure coding experts in the world. Wickr’s app and server code scored
a 100/100 after undergoing an
extensive review conducted by Veracode professionals. You can verify
the Veracode certified seal on our
web site here.

No such thing as 100 percent secure – but we’ll keep trying

Wickr will never promise 100 percent perfect security solutions
because we are security experts and
understand that nothing can ever be 100 percent secure. We do,
however, promise 100 percent
commitment to becoming more secure, all the time. Security is an
attitude we have built into Wickr from
the ground up.

RSA ® Innovation Sandbox recognizes Wickr as a top security innovator

Wickr is proud to be recognized as one of the most innovative new
companies at RSA this year. Visit us
at the Wickr demo booth on February 25th at Moscone Hall E Room 134 from 1-5pm.

More about Wickr

Headquartered in San Francisco, Wickr is comprised of top security and
privacy experts who strongly
believe private communication is a universal human right that is
extremely important to a free society.
Today, this right is almost nonexistent. Companies like Apple,
Facebook and Google offer messaging
that is archived, easily traceable, controlled by the recipient and
shared with strangers.

We have flipped this concept on its head and are giving the control
back to you, the sender. After all, who
doesn’t want control of the messages and media they share with others?

Wickr offers free worldwide text, audio, picture and video messaging
with self-destructing media that is
private, secure and anonymous. It clears metadata from files and
permanently shreds deleted files from
your device.

Since the launch in June 2012, Wickr has seen exponential growth and
5-star reviews in the App Store.
As a top ranked free social app in the U.S., China, India, Israel,
Spain, South Africa and Brazil, we have
served millions of secure messages.

Wickr is the future of messaging. Join us if you haven’t already. - it’s free!

On Mon, Jun 9, 2014 at 10:47 PM, Tony Arcieri <bascule at gmail.com> wrote:
> On Mon, Jun 9, 2014 at 10:41 PM, Griffin Boyce <griffin at cryptolab.net>
> wrote:
>>
>> A good experiment might be to send out releases of factual security info
>> to counteract the dubious press releases that all too often turn into
>> dubious articles.
>
>
> I think it'd be pretty interesting for the cryptographic community to
> produce some sort of resource for reporters on what tools are good and bad
> and for what reasons.
>
> Press releases seem like an interesting idea too, especially if there were a
> one-tool-at-a-time approach where a group of people could review and comment
> on each tool individually.
>
> This would generate the kind of news cycle the tech press loves.