
Wickr Inc – When Honesty Disappears Behind the VCP Mountain - QUFB
https://www.vulnerability-db.com/?q=articles/2016/10/27/wickr-inc-when-honesty-disappears-behind-vcp-mountain
======
Canada
The gist is they claim Wickr failed to pay promised rewards offered by its bug
bounty program, even though Wickr patched the issues reported by the
researcher.

~~~
chopete
The company is taken over by the VCs. Perhaps the new executive thinks it is a
waste of time/money to engage in VCPs.

~~~
Canada
Doesn't really matter what they think of it, new management has to honor
existing commitments.

------
delinhabit
Please excuse my ignorance. I searched on the webs but couldn't find what VCP
means in this context. Can someone please decode that for me (and maybe other
readers like me)?

~~~
stonogo
"Vulnerability contributor program" \-- i.e., bug bounty program. These folks
seem to be using it to mean 'the people at wickr in charge of the VCP.'

~~~
delinhabit
Ah, it makes sense now. Thanks for clarifying!

------
secfirstmd
Much prefer to use Whisper Systems Signal App...

~~~
beardog
Not sure why people trust a closed source app to keep their coms private.
Signal is much better.

------
tdkl
Btw, Wire [1] messenger just implemented timed messages which expire, like
Wickr offers. Combined with a non-requirement for registration with a phone
number and Google Play Services makes it even more ideal.

[1] [https://medium.com/wire-news/safe-and-tidy-with-timed-
messag...](https://medium.com/wire-news/safe-and-tidy-with-timed-
messages%EF%B8%8F-4f26ff17b11b#.8heq745dt)

~~~
uph
Signal has that too [https://whispersystems.org/blog/disappearing-
messages/](https://whispersystems.org/blog/disappearing-messages/) And using
GCM is only a problem for people running a custom Android ROM without Google
Play Services. They can use MicroG instead. For the vast majority of people
who do have Google Play on their phone this is completely irrelevant. Using
GCM doesn't make Signal less private.

> _Google doesn 't see any data via gcm, it's just a tickle. If you want push
> messages, you gotta use a push network._

[https://twitter.com/whispersystems/status/695399112833761283](https://twitter.com/whispersystems/status/695399112833761283)

Those who want to use Signal without GCM can help out with code
[https://github.com/LibreSignal/LibreSignal/issues/43](https://github.com/LibreSignal/LibreSignal/issues/43)
or money to anyone who does the work
[https://www.bountysource.com/issues/35722527-create-
proper-p...](https://www.bountysource.com/issues/35722527-create-proper-pull-
request-to-add-libresignal-s-websocket-support-to-ows-signal)

> _I 've also seen first hand how difficult 3rd party clients can be on large
> networks with actual client logic, and unfortunately we simply don't have
> the resources to deal with that._

> _I hope that everyone here who prioritizes federation above all else moves
> to federated products that support their goals, and I hope that those
> projects can demonstrate that I 'm wrong about the inability to build
> competitive user experiences over the long term._

> _If the only thing that the remaining people here want out of LibreSignal is
> a websocket-only solution and gmscore isn 't an option for whatever reason,
> I would consider a clean, well written, and well tested PR for websocket-
> only support in Signal. I expect it to have high battery consumption and an
> unreliable user experience, but would be fine with it if it comes with a
> warning and only runs in the absence of play services. However, I also
> realize that still won't help people that are trying to build a Google-free
> experience on Google's platform, since we still don't have the things we
> need to be comfortable distributing software outside of Play._

[https://github.com/LibreSignal/LibreSignal/issues/37#issueco...](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-226646872)

Here's a great comment about Wire
[https://www.reddit.com/r/privacy/comments/57s7qw/wire_messen...](https://www.reddit.com/r/privacy/comments/57s7qw/wire_messenger_tos/d8wd77c/)

> The thing is, Wire is developed by a for-profit company that has yet to
> discover a sustainable business model. They seem to be in a hurry to gain
> users, boasting about their own app's security and privacy before it has
> ever been independently audited.

> In December 2014, when they launched Wire, they claimed they could not read
> their users' messages. They were forced to retract their statement when a
> journalist asked about it [https://motherboard.vice.com/read/wire-built-by-
> ex-skype-emp...](https://motherboard.vice.com/read/wire-built-by-ex-skype-
> employees-retracts-promise-not-to-read-your-messages) , and didn't add end-
> to-end encryption until March 2016 [http://www.reuters.com/article/us-
> dataprotection-messaging-w...](http://www.reuters.com/article/us-
> dataprotection-messaging-wire-idUSKCN0WC2GM) . Contrary to popular belief,
> the protocol they now use is also not the Signal Protocol, but a custom
> protocol that Signal's developers have said they don't recommend
> [https://twitter.com/whispersystems/status/774482849609031680](https://twitter.com/whispersystems/status/774482849609031680)
> .

> Wire's privacy policy states that they log metadata:
> [https://wire.com/legal/#privacy](https://wire.com/legal/#privacy)

> __Using the Service to communicate by chat, our servers store your encrypted
> messages and other encrypted content and log other information such as the
> time and date of your conversations, and the other user or users with whom
> you are communicating. When using the Service to make or receive calls, our
> servers log and collect time and date of your calls, and the other user or
> users with whom you are communicating. __

> Meanwhile, Signal's developers have said that "there are no "safe"
> jurisdictions anymore, only safe services"
> [https://twitter.com/whispersystems/status/783318001349070849](https://twitter.com/whispersystems/status/783318001349070849)
> . Concerning metadata, Signal's privacy policy states:
> [https://whispersystems.org/signal/privacy/](https://whispersystems.org/signal/privacy/)

> __Certain information (e.g. a recipient 's identifier, an encrypted message
> body, etc.) is transmitted to us solely for the purpose of placing calls or
> transmitting messages. Unless otherwise stated below, this information is
> only kept as long as necessary to place each call or transmit each message,
> and is not used for any other purpose. __

> This was put to the test in the "first half of 2016", when Signal's
> developers received their first subpoena. According to the documents that
> were published by the ACLU and OWS
> [https://whispersystems.org/bigbrother/eastern-virginia-
> grand...](https://whispersystems.org/bigbrother/eastern-virginia-grand-
> jury/) , the Signal servers only store the number you register with (which
> can be anonymous [https://yawnbox.com/index.php/2015/03/14/create-an-
> anonymous...](https://yawnbox.com/index.php/2015/03/14/create-an-anonymous-
> textsecure-and-redphone-phone-number/) ), the time you registered and the
> last time you connected to the Signal server (the precision of which is
> reduced to the day).

Here's a great comment about Wire
[https://www.reddit.com/r/privacy/comments/57s7qw/wire_messen...](https://www.reddit.com/r/privacy/comments/57s7qw/wire_messenger_tos/d8wd77c/)

> The thing is, Wire is developed by a for-profit company that has yet to
> discover a sustainable business model. They seem to be in a hurry to gain
> users, boasting about their own app's security and privacy before it has
> ever been independently audited.

> In December 2014, when they launched Wire, they claimed they could not read
> their users' messages. They were forced to retract their statement when a
> journalist asked about it [https://motherboard.vice.com/read/wire-built-by-
> ex-skype-emp...](https://motherboard.vice.com/read/wire-built-by-ex-skype-
> employees-retracts-promise-not-to-read-your-messages) , and didn't add end-
> to-end encryption until March 2016 [http://www.reuters.com/article/us-
> dataprotection-messaging-w...](http://www.reuters.com/article/us-
> dataprotection-messaging-wire-idUSKCN0WC2GM) . Contrary to popular belief,
> the protocol they now use is also not the Signal Protocol, but a custom
> protocol that Signal's developers have said they don't recommend
> [https://twitter.com/whispersystems/status/774482849609031680](https://twitter.com/whispersystems/status/774482849609031680)
> .

> Wire's privacy policy states that they log metadata:
> [https://wire.com/legal/#privacy](https://wire.com/legal/#privacy)

> __Using the Service to communicate by chat, our servers store your encrypted
> messages and other encrypted content and log other information such as the
> time and date of your conversations, and the other user or users with whom
> you are communicating. When using the Service to make or receive calls, our
> servers log and collect time and date of your calls, and the other user or
> users with whom you are communicating. __

> Meanwhile, Signal's developers have said that "there are no "safe"
> jurisdictions anymore, only safe services"
> [https://twitter.com/whispersystems/status/783318001349070849](https://twitter.com/whispersystems/status/783318001349070849)
> . Concerning metadata, Signal's privacy policy states:
> [https://whispersystems.org/signal/privacy/](https://whispersystems.org/signal/privacy/)

> __Certain information (e.g. a recipient 's identifier, an encrypted message
> body, etc.) is transmitted to us solely for the purpose of placing calls or
> transmitting messages. Unless otherwise stated below, this information is
> only kept as long as necessary to place each call or transmit each message,
> and is not used for any other purpose. __

> This was put to the test in the "first half of 2016", when Signal's
> developers received their first subpoena. According to the documents that
> were published by the ACLU and OWS
> [https://whispersystems.org/bigbrother/eastern-virginia-
> grand...](https://whispersystems.org/bigbrother/eastern-virginia-grand-
> jury/) , the Signal servers only store the number you register with (which
> can be anonymous [https://yawnbox.com/index.php/2015/03/14/create-an-
> anonymous...](https://yawnbox.com/index.php/2015/03/14/create-an-anonymous-
> textsecure-and-redphone-phone-number/) ), the time you registered and the
> last time you connected to the Signal server (the precision of which is
> reduced to the day).

And two comments from Hacker News
[https://news.ycombinator.com/item?id=12149642](https://news.ycombinator.com/item?id=12149642)
[https://news.ycombinator.com/item?id=11726188](https://news.ycombinator.com/item?id=11726188)

~~~
tdkl
At the end of the day Signal doesn't transfer messages realiably, which is
also often repeated problem on the Google Play reviews. So I can't put my
confidence in a messenger which can't reliably deliver instant messages. Not
to mention using it without submitting to Google (Chrome "app") and which also
happens to be OWS customer.

~~~
uph
You can see if your message was sent to the server and if the message was sent
to your friends phone. I haven't really had any problems delivering messages
apart from one time when they had servers problems.

No need to use Chrome if you don't want to, Chromium also works.

------
ct0
i prefer telegram

~~~
uph
Telegram isn't secure. Use Signal if you want a proper secure messenger.

[http://www.gizmodo.com.au/2016/06/why-you-should-stop-
using-...](http://www.gizmodo.com.au/2016/06/why-you-should-stop-using-
telegram-right-now/)

> _" Encryption works best if it's ubiquitous and automatic. The two forms of
> encryption you use most often -- https URLs on your browser, and the
> handset-to-tower link for your cell phone calls -- work so well because you
> don't even know they're there._ > > _Encryption should be enabled for
> everything by default, not a feature you turn on only if you 're doing
> something you consider worth protecting._ > > _This is important. If we only
> use encryption when we 're working with important data, then encryption
> signals that data's importance. If only dissidents use encryption in a
> country, that country's authorities have an easy way of identifying them.
> But if everyone uses it all of the time, encryption ceases to be a signal.
> No one can distinguish simple chatting from deeply private conversation. The
> government can't tell the dissidents from the rest of the population. Every
> time you use encryption, you're protecting someone who needs to use it to
> stay alive."_

[https://www.schneier.com/blog/archives/2015/06/why_we_encryp...](https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html)

Pavel himself admits security isn't a priority here
[https://twitter.com/durov/status/678305311921410048](https://twitter.com/durov/status/678305311921410048)
in response to this:

Thomas H. Ptacek
[https://twitter.com/Snowden/status/678274362609426432](https://twitter.com/Snowden/status/678274362609426432)
_By default Telegram stores the PLAINTEXT of EVERY MESSAGE every user has ever
sent or received on THEIR SERVER._

Edward Snowden
[https://twitter.com/Snowden/status/678274362609426432](https://twitter.com/Snowden/status/678274362609426432)
_I respect @durov, but Ptacek is right: @telegram 's defaults are dangerous.
Without a major update, it's unsafe._

[https://twitter.com/Snowden/status/678274362609426432](https://twitter.com/Snowden/status/678274362609426432)
_To be clear, what matters is that the plaintext of messages is accessible to
the server (or service provider), not whether it 's "stored."_

Moxie Marlinspike
[https://twitter.com/moxie/status/678219238394298372](https://twitter.com/moxie/status/678219238394298372)
_It 's just how Telegram works and is self-documented to work: Only their
marketing copy suggests otherwise._

[https://twitter.com/moxie/status/678277776391077888](https://twitter.com/moxie/status/678277776391077888)
_If you 're on an iPhone, they also send a plaintext copy of every msg you
receive to Apple's servers. So not even in transit._

[https://twitter.com/moxie/status/678309008789258240](https://twitter.com/moxie/status/678309008789258240)
_For iOS push notification previews. They didn 't do the work to make them
privacy preserving._

It's the least of Telegrams problems but let's not forget their home made
crypto even though there are better alternatives. See the take-home message
here:

> _" We stress that this is a theoretical attack on the definition of security
> and we do not see any way of turning the attack into a full plaintext-
> recovery attack. At the same time, we see no reason why one should use a
> less secure encryption scheme when more secure (and at least as efficient)
> solutions exist._ > > _The take-home message (once again) is that well-
> studied, provably secure encryption schemes that achieve strong definitions
> of security (e.g., authenticated-encryption) are to be preferred to home-
> brewed encryption schemes. "_

[https://eprint.iacr.org/2015/1177](https://eprint.iacr.org/2015/1177)

And the conclusion here:

> _" Abstract: The number one rule for cryptography is never create your own
> crypto. Instant messaging application Telegram has disregarded this rule and
> decided to create an original message encryption protocol. In this work we
> have done a thorough crypt analysis of the encryption protocol and it's
> implementation. We look at the underlying cryptographic primitives and how
> they are combined to construct the protocol, and what vulnerabilities this
> has. We have found that Telegram does not check integrity of the padding
> applied prior to encryption, which lead us to come up with two novel attacks
> on Telegram. The first of these exploits the unchecked length of the
> padding, and the second exploits the unchecked padding contents. Both of
> these attacks break the basic notions of security, and are confirmed to work
> in practice. Lastly, a brief analysis of the similar application TextSecure
> is done, showing that by using well known primitives and a proper
> construction provable security is obtained. We conclude that Telegram should
> have opted for a more standard approach._ > > _Conclusion: TextSecure is
> based on strong primitives that have withstood crypt analysis from the
> crypto community for years, and these are combined in a way that proven
> provides authenticated encryption. Telegram on the other hand has crafted
> its own encryption scheme and deployed it in an unproven state, and prior to
> any scrutiny from other cryptographers. We have seen this done time and time
> again, and rarely with good results. Take for example the smart grid meters
> that were shown to use terrible crypto back in April this year. Furthermore,
> the DH Ratchet is a very nice way of providing forward secrecy on a per-
> message basis with little overhead, which is an improvement over Telegram 's
> one key per 100 messages approach._

[http://cs.au.dk/~jakjak/master-thesis.pdf](http://cs.au.dk/~jakjak/master-
thesis.pdf)

~~~
jlgaddis
After seeing your comments in this thread and looking at your comment history,
I have to ask: What is your affiliation with Signal/Open Whisper Systems, if
any?

~~~
uph
No affiliation, and never talked to Moxie or any other dev as far as I know.

~~~
jlgaddis
Just very enthusiastic about Signal then, I guess?

Often when someone is so outspoken about a product it's because they have a
vested interest in its success (and they don't always disclose that fact)...
that's why I asked. Thanks.

~~~
uph
More enthusiastic about privacy and free software. I often see worse apps
recommended for privacy reasons, so why not bring up the flaws in those and
what's better about this. If something better comes along I'll switch to that
and recommend that instead.

