Wire for Librem 5 (Instead of Signal)


#22

Hi @KristijanZic

You are right that Telegram is used by many. However, there are many issues with Telegram that should give pause to anyone who wants to use the application.

  • So far the server code is still closed source. Telegram said they will make it open source but has yet to do so and usually, that is a concern for most people in the open source community. While Wire servers are already open source and free to review.

  • Telegram secret chats have to be enabled so end-to-end encryption is off by default. Wire end-to-end encryption is on by default be it video, audio, file sharing, etc…

  • Telegram requires your phone number to create an account. Wire gives users the option to use a number or email to create an account. I prefer the option, as many others do.

  • Telegram, as far as I can tell, does not encrypt information on your device while Wire does.

  • Telegram does not use TLS to encrypt network traffic, Wire does.

  • Telegram does not enforce forward secrecy, Wire does.

  • Telegram, the company can read your messages, Wire… the company, cannot.

  • With Telegram you cannot verify contact fingerprints, with Wire you can.

And this can keep going. This is not to say that Wire is perfect but it does address things that Telegram and Signal do not. And the old adage that “Everyone else is using it” is not enough, especially in the open source world. However, if Telegram, Signal, and others are right for your needs and they address your concerns, great. As for myself, they do not. And I have no doubt I am not the only one. With that, I think Wire is still worth looking into.

Cheers :sunglasses:


#23

for whatits worth


#24

I see you have opened a Chatty thread. Thank you !
EDIT : it was another Chatty app ^^. So I have taken the opportunity to open a thread :


#25

Agree, Telegram is definitely a non-starter. Thoughts on Wickr? From what I’ve read it compared very favorably to Wire.


#26

Since July 2016 they are discussing it, and yet it’s not on F-droid. This is one of the most important things that I take into account when deciding which apps to use.



#27

@beFree
And why do you take this into account? Please be more specific and detailed when explaining your point.


#28

I take into account the developers’ commitment to FOSS. If 2 years is not enough for them to release that software on F-droid, this tells me that it’s not something of big importance to them.


#29

@beFree
Very interesting, that you use F-droid as the only standard. Wire had announced for some time that their clients and server code were all completely open source. Free for anyone to review and compile new applications. While not on F-droid, you can install the Wire APK directly to any android device. Their Security White paper also lays out what they clearly are focused on. Interestingly enough, Telegram is on F-droid yet it is not committed to FOSS as evidenced by their closed-source server code alone. Their commitment to security is also patchy at best. So maybe using F-droid alone as a guide may not be the best idea. I would ask that you not limit your criteria to just F-droid and take a more comprehensive look. The prime being an overall secure application. I offer the below for consideration:

Compare Secure Messaging Apps

On a small note, if you scroll back up earlier in the conversation a person did mention that there were required dependencies for the android application. This is by Google and not wire. This is unique only to android and not other platforms. However that recently Google may no longer require those dependencies. Since this phone is not android based then I hardly find it an issue for the Librem 5.


#30

A Google Play Services dependency is a choice made by Wire. Wire chooses to use the proprietary Google Play Spyware instead of using free software.


#31

I agree with you that we should take into account multiple factors I just worded that wrongly. I’ve edited now my first comment to make sure it doesn’t look like that is the only thing that I care about, tho it’s one of the most important ones for me.


#32

@beFree

Thank you for the clarification. I totally agree with you in that we should take many things into consideration. Thanks for bringing up F-Droid as a possible metric. And that any android version should be checked out before use.


#33

@blendergeek

I am sure this is a choice by Wire, if indeed they still use those dependances in their Android application. My question is, why are we even talking about the Android version at all? The purpose of this post was to talk about getting a client that runs on the Librem 5. A client that is Linux based and is secure. Mind you that the Windows, Linux, iOS, & macOS versions do NOT use any such dependencies. So ONLY Android is affected if it still is. That is NOT my concern. So with that in mind talking about the Android version is pointless as this is not an Android phone. So moving forward let’s talk about that and what are the benefits of a mobile LINUX version. That indeed a FOSS compliant version can be made as it is with all the other non-Android applications.