Wire for Librem 5 (Instead of Signal)


#1

It has been brought to my attention that there maybe issues trying to bring Signal to Librem 5. So I propose an alterntive; Wire is a very impressive, feature rich and encrypted mode of communication. It offers more than Signal actually, already available on all current desktops and mobile devices. Not to mention that end-to-end (Client side) encryption is always enabled. Client apps and servers are completely open source. Not to mention the servers are in Switzerland. Privacy laws would be in all users favor. Anyone willing to take a look?:smile:
Not to mention I like that you can sign up for the personal version with an email and not just your phone number.
The personal version is free.



videos





#3

Is anyone on here up for comparing Wire to the likes of Signal or Telegram?


#4

I don’t know what I should think about a messengers which sends data to an data analytics company (data will be send to https://mixpanel.com/ )

It sends some data directly after the start and so there is no way to opt-out this behavior completely.

For those who understand/can read German: https://www.kuketz-blog.de/messenger-wire-beinhaltet-mixpanel-app-tracking/


#5

Can you share exactly what data is sent to the company? From what I can tell it just sends OS and device type information. Being an open source application, can that not be removed at all for a Linux build? The information in the article only mentions the Android application. We do know that not all applications that are made cross-platform are identical. However, since the application is built using end-user encryption, then I would ask what data is being collected since ALL communication is encrypted. So the impression I get is that no personal communication is being sent to the company. Again I would ask that the code for Linux, Windows, MacOS, and iOS be audited as well to see if you find the same line of code and what information it might send… if any. What little I got from the article it seems cursory at best. If you can find out more information, that would be very helpful


#6

I would like to add that device information is registered and it is pointed out on the Wire Whitepaper.
So the above information was never hidden from the public and is there for all to see. I find that to be a good thing.


#7

Hi @Seven,

I did not yet use Wire on my own.
For me in gerneral it does not feel very good to say something about an application I have never used / tested before. I just wanted to share this as I like the blog I mentioned and the information provided there are at least very structured, logical and so technical comprehensible.

I can share more of his findings, but at the end I will just repeat/translate what is written in his blog posts.
E.g.
One point of criticism: Yes there are some information in the whitepaper, but sharing data with a third party should be part of the privacy statement / data protection declaration.
What will be shared: He traced the traffic of the Android App (Playstore version) and when you revert the Base64 encoding of the (at the first glance) cryptic information you see a lot infos about the the decive, screen resolution, google play installed, your phone contract carrier, etc. and probably this can be used to create some kind of profile (as explained I did not dive into these things very deep).


#8

I did not see anything there to indicate contacts as that’s part of the encrypted communication. The only kind of profile you can make would be some device profile at best. This does not give the ability to decrypt any type of communication, which is the focal point of said software. Keep in mind all mobile phone carriers have a lot of more information on your device as well as access to communication. But I do like that you are bringing this up for discussion so that the community can research and share pros and cons of any given application.


#9

Hello @Smojo

I also found this at the University of Waterloo. You might find it very interesting.
It seems that any issues Wire may have seemed to be shared with many other Secure messenger applications.

https://crysp.uwaterloo.ca/opinion/wire/


#10

I use Wire on daily basis and would like to see it on Librem5. There’s also AppImage version of the application (besides source and .deb), so it should be easy ti make it available on PureOS, right? I know it is not perfect in terms of privacy, but it is not worse than Riot (Matrix) or Signal, which also have some downsides. But it is really powerful and have some great features.

Main issue is, as you already mentioned, Android app which is tied to Google Play (services). So that is why we need it on Librem5 :slight_smile:


#11

Sure you are right, but does this fact give a reason to share data with other companies?
“No matter … The provider knows already all/a lot --> let’s share it (or parts if this data) with others as well!” :wink:

As the initial post was about Wire vs. Signal … Signal is not that good as well. (phone number as identifier, centralized system / walled garden, etc. …), but as far as I understood it does not gather/need much meta data to work (https://signal.org/legal/#privacy-policy) and in the meanwhile it works well without google play services (web socket version -> https://signal.org/android/apk/ …). At the end as for all centralized systems nobody can say what Signal is doing on server side with the available/gathered meta data.

I would prefer XMPP/Jabber or at least a federated messaging system.


#12

Hello @Smojo

Like I mentioned earlier, this seems to be something ONLY in the Android application as in the past the android version was required to use Google services. The information you presented did not provide information on the other applications on other platforms. Besides having information on what device the application is installed on does not create any kind of profile except for the kind of phone it is on. You provided no information that states that your conversations are able to be read or that your voice calls can be monitored. I would imagine the end-to-end encryption addresses that. The whitepaper dealing with security also does not seem to indicate that any communication is compromised and that forward privacy is key. I like that you bring your concerns to the table, but again, there is nothing in what is provided that really states your communication is compromised. I still vote for Wire on the Librem 5.

Now you want XMPP/Jabber going on? I would encourage you to make that a separate suggestion in the forums. Find an XMPP client that you think would be great for the phone and present it to everyone and let’s talk about that as an option.


#13

“Like I mentioned earlier,” I never used Wire so I cannot / don’t want to really judge about it.

You are right. Never said that I can talk for all platforms. When we talk about messengers I always start to think about smartphones at first. In this area I prefer an Android phone (google-free) as I can use it with a custom rom which is mostly free. Other OS options are already out there Ubuntu Touch, Sailfish, etc. … (sure there are binary blobs for the SOC etc. …). That’s why it is good what Purism tries to achieve with the Librem 5.

I also said that I never dived into this so deep, so I cannot really say something how gathered data will be used (by companies or governments), aggregated, sold for commercial purposes and so on. I assume there are article out there about profiling and what is necessary or maybe someone here can give us some information.

You are right I did not provide such information. I don’t see any sentence in my post where I tried to turn the discussion in such a direction.

I never claimed something like that.
These days end-to-end encryption is implemented for most of the popular messengers out there (ok for some of them you have to activate separately etc. that’s not the point here). The content of messages is probably not that critical or valuable. Otherwise why should even WhatsApp do it? The phone itself which can potentially be compromised is the weak point for end-to-end encryption (-> something where phones like the new Librem will be a step in the right direction). But I would recommend to you to research a bit about the value of meta data and you will see/understand that all kind of data can be somehow valuable at the end.
My opinion: All kind of data, which will be gathered (and even worse shared with third parties + give the user not the option to suppress it) and which is not necessary for the messenger to work, should not be gathered at all.

I see and already understood that you and some others like Wire. Thats absolutely ok for me. I will no one tell what todo. I just tried to share some (hopefully somehow understandable) information why (from point of view!) I would not use Wire and why I will probably not going to test it at it’s current state.

No, this was not my intention. It was just a comment what I like, keeping all the facts I mentioned in my posts in mind. Stick to Wire vs. Signal. I said everything I can say about this.


#14

Hi @Smojo

I’m not sure what you were trying to do by quoting my observations from the information you provided.

The thing I would like to point out is that it was you…that brought up the issue with metadata. However, you provided no in-depth information to support what your position. You are the one who brought up the concern about meta-data, you need to provide the evidence for others to research your statements. You have only one link to one article you read. That was all. I provided actual security whitepaper and security audits of the software so that others on this form can see automatically why I disagree with your position. When one side presents little or no evidence to support their point and the other provides plenty of evidence, as I have, you will not get users attention or their concern. If you are truly worried about the issue, please provide more information to support your statements. If what you are saying is true, I would appreciate some recommended sources that you find trustworthy, so that I may see for myself. Thus far the information I have researched shows something different.

To point out a problem and yet provided no other option shows a lack of concern for the topic at hand and also shows other users that the issue you brought up was not so important after all. Just like any person making a claim, the should provide multiple resources and evidence for a strong case. If you think an XMPP or FDS is better, it’s best to make suggestions so that others can an idea what you may think it better. If that was not your intention, then why bother?

the Cryptography, Security, and Privacy (CrySP) lab at the University of Waterloo
https://crysp.uwaterloo.ca/opinion/wire/
Wire Security White Paper

Thanks for sharing.


#15

This thread begins to become more and more strange. It feels like you invest more to make my words implausible than talking about the things I mentioned in general. If you (@Seven) felt attacked by me I want to say sorry!

I can just repeat. I don’t wanted to bother anyone nor judge about anything. Everybody is free to interpret my comments. Nobody is forced to trust me or you or Wire or Signal … I just shared my thoughts / my opinion or my view on the messenger topic and meta data in general. There is no need to put more and more articles on the table. Everybody should read several sources (e.g. not just a bunch of documents, videos, etc. provided by the vendor or an application) before he decides what makes sense for his own microcosm. There is no need that everybody has the same opinion at the end. A list of properties a privacy friendly messenger should have might be enough. Decide what is most important and less important and at the end you can compare this with your favorite messengers. The result will be different from person to person.


#16

Hi @Smojo

At no time did I ever think you were attacking me or anyone else. At no time did I even say anything to that effect. So no apology is needed. The only thing that would be strange is how you managed to come to such a conclusion in the first place. You should probably just read what I write rather than trying to read into them to look for something that is not there.

Nowhere did anyone say they felt they were being judged or bothered. I can not speak for others, but for myself…If I think I am being bothered I would tell you just that. I say what I mean and mean what I say. That makes communication a lot less complicated. I am sure most in the forum would agree. Nowhere did I say that everyone had to have the same opinion or agree. What I DID say was that you should list more sources than just one article if you want to share your concerns with the community. You should always provide multiple sources of evidence. I was actually trying to have a productive exchange.

And from that statement, it is obvious you also agree, but you only provided one. I asked you to provide more information but, for some reason, you chose not too. Most people would be happy to provide additional information when asked, especially if they believe they have an important point to make. This was not one versus another. I was really wanting accurate information. If it was so, then I can change my mind as software has so many options. But for some reason you are unwilling. The gives the implication that you, yourself, did not do much research on the subject. So this caused me to some research. And what I found was a lot more in-depth and thorough. So it most definitely needed to be shared. That’s why I provided what I found.

I agree wholeheartedly. All that I ask is that you provided adequate sources of evidence to support your position. That’s not too much to ask anyone.

You also had a possible solution. When I asked you to provide information and evidence as to why this might be better, you refused. Again, no follow through. You could have given the group a good reason why that should be an option, and when asked to do so, you declined. It may very well be a great option. That is half-hearted at best and robs the community of great options to discuss for the platform. But you can’t have a good discussion unless plenty of evidence is laid out to do so.

All I wanted from you was more resources and information. It was really that simple as that is exactly what I was asking for in my previous remarks. If you are unwilling to provide such, okay. But that accomplishes nothing to talk about points or suggestions you are unwilling to support.

I hope, in the future, others will be more willing to provide information when they make their observations and suggestions so we can progress in a good direction for options and functionality of the Librem Phone OS.

Cheers :sunglasses:


#17

I am also very interested by knowing if “Chatty”, the E2EE messaging app from Purism will be compatible with iOS/Android equivalent. Because, I need to communicate with world, not only Purism users.


#18

Hello @prog-amateur

Well, the purpose of this thread is to talk about the value of Wire and what it can offer the Librem 5.
However, if you make a new thread specifically talking about chatty/twitch possibilities I am sure many will be very eager to talk about it as I have no doubt many would want that too. :smile:


#19

Since there is debian package of Wire (both repo and .deb), one could actually install it on Libre5 without issues, right? But that is desktop version, and I’m not sure how it will look on 5" screen


#20

@nenad

I figure since that the majority of what is needed is already there, making the phone UI to it would probably be the bulk of the work. Not sure how the present desktop version would work on the phone though. I would imagine the hardware would be a factor as well.


#21

IMO Telegram is the best and already used by a lot of Linux folk and communities like kde, ubuntu touch, all kinds of Linux podcasters and youtubers…
https://open.uappexplorer.com/app/com.ubuntu.telegram