Wire is a well-regarded corporate collaboration suite with secure messaging, group chat capabilities, file-sharing, and the ability to collaborate securely with external clients. In this Wire messenger review, the focus is on the personal secure messaging app. We’re going to look at its capabilities, its usability, and its security.
We’re also going to talk a bit about how the company has shifted its focus from the consumer to the corporate market, and what that might mean for the future of the personal app. Does it still have a future? Is Wire Personal the answer for people who want private and secure communications with other like-minded individuals?
I think you’ll find this Wire review interesting, so let’s get started.
- End-to-end (E2E) encryption
- Encryption algorithms: Proteus protocol, WebRTC (DTLS, KASE, SRTP) with PFS
- Open source
- Self-destructing messages
- Published transparency reports
- GDPR compliant
- Wire Personal is free
- Registration requires email address or phone number
- Some logging of personal data
- Does not support 2FA
- Small number of Wire Personal users (roughly 500,000)
- Company focus is on corporate market, not individuals
Now we’ll briefly examine the features of Wire messenger.
Here are some key features to consider when deciding whether the Wire messaging app is right for you:
- 100% open source code. The code is available on GitHub.
- The code was independently audited by X41 D-SEC GmbH.
- The option to register using a (potentially throw-away) email address offers more privacy than those services that force you to enter a phone number when your create an account.
- The service is fully GDPR compliant. For personal users this means that your data is protected by strong privacy laws as well as strong encryption.
- Clients for Android, iOS, macOS, Windows, and popular browsers
The company behind the Wire app is Wire Swiss GmbH. The company was founded in 2012 by former Skype and Microsoft employees, Jonathan Christensen, Alan Duric and Priidu Zilmer. They launched the Wire app in 2014. One important security milestone came in 2016 when they added end-to-end (E2E) encryption to Wire. The company is based in Switzerland, with offices in Berlin and San Francisco. Switzerland is one of the best jurisdictions in the world for any kind of secure online service, so this is a plus.
Where is Wire data stored?
While all user data does flow through the company’s network of EU-based servers, the only time messages are stored there is if the recipient is not currently on line. Thanks to the E2E encryption that Wire uses, even messages awaiting transfer to their recipients are encrypted and cannot be read by the company. As soon as a message is delivered to the recipient, it is deleted from company servers. All sent and received messages are stored in encrypted form on your devices.
So to answer the original question, all user data is stored locally, in encrypted form, on user devices. Storing all user data encrypted on user devices is a strong security move. Even if someone were to hack the Wire servers, none of your data (except messages waiting to be transferred) would be there to steal.
Third-party testing and audits
One of the great things about Wire is that they have not only had outside testing done, but that they have published results. In case you are like me and don’t have the time/energy/expertise to analyze the open source code that comprises their system, here are some published findings by experts you can review instead.
In early 2018, Kudelski Security and X41 D-sec GmbH published the results of security reviews they conducted on Wire the previous year. The reviews identified various problems that the team at Wire resolved according to this Medium post. You can find links to the results of the reviews at the bottom of the Wire Security & Privacy page.
Informal Cryptography, Security, and Privacy (CrySP) lab analysis
In 2016, a researcher in the Cryptography, Security, and Privacy (CrySP) lab at the University of Waterloo analyzed the Wire Security and Privacy white papers in a fairly detailed post that the team at Wire responded to. The post cites several concerns about the implementation of the Wire protocol at the time. It includes responses from Wire, and updates showing that the company had resolved most of the concerns raised in the original post.
I like that Wire put the effort into responding to this post and making changes to their system to resolve the issues cited by the researcher. It makes me more confident in the strength of their technology.
Note: The original 2016 analysis and the 2018 update were based on the opinions of one of the researchers at the lab. The analysis includes a prominent disclaimer that the opinions expressed in the post do not necessarily reflect the opinions of other CrySP researchers or the university. Apparently the lawyers run amok in Canada too.
Wire hands-on testing
For purposes of this review, I used the Wire desktop apps for Windows and Linux (an AppImage). I also worked with the browser interface and the Android app. All the versions are very similar, with minor differences depending on the platform. For example, the Android app included phone-specific issues, such as the ability to upload photos from your phone.
Installing Wire Personal is easy, although it isn’t obvious how at first. Click the Pricing link on the site and you will get lots of information on Wire Pro, and Wire Enterprise, but no sign that there is a free personal version. To find it you need to click the Resources link at the top of the site (see image below), then select Download. That takes you to the following page:
From here installing Wire is just like installing any other app for a particular operating system. You’ll need to create a username and password. You’ll also need to supply either a phone number or an email address. One way to boost your privacy is to use a throw-away email address, and delete it once you’ve replied to the Confirmation email Wire sends you. (We also have a guide on secure email services that respect your privacy.)
If you are planning to use Wire on a Linux device, you might want to use the AppImage version of the Experimental Binary for Linux. I had trouble getting the Ubuntu binary to run, so switched to the AppImage, which worked perfectly. AppImages install slightly differently than regular Linux apps, but the Wire AppImage installed the same as any other AppImage.
Note: If you want instructions on working with AppImages on a Linux system, this It’s FOSS guide should get you up and running quickly.
Working with Wire Personal
As you can see below, the Wire user interface is clean and modern looking. Your contacts appear on the left side of the window, and your current conversation on the right. As part of its security system, Wire clients negotiate new encryption keys for every message. Even if someone somehow figures out the encryption keys used for a single message, those keys will only help decrypt that particular message. The rest of the messages in the conversation will remain secure.
As far as the basics go, Wire works like any other messaging app. Select a person and start a conversation. Wire gives you lots of control over each and every message that appears in a conversation. Select a message and you’ll see a menu with a range of options like these:
What if you have something to say, but you don’t want it preserved for all eternity on your own or someone else’s device? Make it a timed message. Find the little stopwatch icon at the bottom of the Wire window (it is circled in red in the preceding image). Click it to see a menu of time delays. Select one of those delays, say 5 minutes. Every message you send while the timed message option is active will automatically disappear from every device where it appears after that amount of time.
In addition to plain text messages, you can conduct voice and video chats, attach files, and so on. Everything is protected by end-to-end encryption, keeping your communications secure from outside snoops.
To help you keep everything organized, you can:
- Create groups and communicate by text or voice with the entire group at once.
- Create folders to hold related contacts.
- Archive or delete conversations.
If you are using the mobile apps you may have additional capabilities, such as creating voice memos, attaching animated GIFs to the conversation, sharing your location, or drawing pictures with your finger on your device’s touchscreen.
Do you ever worry that the person you are talking to in a messaging app is actually an imposter? Wire has you covered there too. You can verify that the current conversation is secure for both messages and voice calls using key fingerprints. The exact steps to follow to verify key fingerprints are found here.
Wire mobile apps
Wire publishes mobile apps for both iOS and Android devices. At the time of this Wire review, these messenger apps were getting identical 3.6 out of 5 star ratings in both the Google Play Store and the Apple App Store. Why not a higher rating?
From skimming through the comments at the app stores, it appears that many people are experiencing bugs of various kinds. I’ve used the Android app a lot and have only one complaint. When I look at key signatures on the phone, the signature text doesn’t fit into the space the app gives it. As a result, the bottoms of every character in the keys is cut off. This isn’t a major issue, but users in the app stores are reporting more serious bugs, such as the app failing to display alerts, crashing and freezing.
Your best bet? Take advantage of the fact that the app is free, and give it a thorough test to see how it works with your device.
You can reach the Wire Support & FAQ page from the Resources link at the top of the site. There is a good amount of information here for resolving problems. One drawback is that the information here is oriented toward the business versions of Wire, and not the personal version. Searching for information about a specific feature of the personal version is easy, but much of what you would find by browsing randomly through the topics here will turn up features that don’t work on your version.
When it comes to support from a real, live human being, Wire Personal users are pretty much out of luck. Here’s the response I received when I sent a couple of questions related to this review:
We currently offer limited support to our Wire Personal users. We are sorry for any inconvenience this may cause. Due to limited resources we can only fully serve Wire Pro users and help with very urgent or security-related tickets from Personal users. Please search our extensive Support site for frequently asked questions.
Even though we cannot respond to every ticket, we take notice of all issues, feature requests, and any other feedback you share.
The rest of the message consisted of links to articles from the Support site which might have been helpful. While I can understand the company’s desire to focus on helping paying customers rather than those using a free version, it does illustrate how individual users are a low priority.
How secure and private is Wire?
Wire has strong security. The Proteus protocol they use to encrypt text and images is based on the encryption approach used in the Signal app. Without getting into the technical details, Proteus uses the Curve25519, ChaCha20, and HMAC-SHA256 algorithms. Voice and video communications use WebRTC with Perfect Forward Secrecy (PFS). All communications are end-to-end encrypted.
Perhaps it is no coincidence that on September 21, 2019, Edward Snowden recommended people avoid using any email service and instead use Wire or Signal.
The privacy situation with Wire is a little less clear.
The service collects some information in logs, which they says they keep for 72 hours (maximum). What exactly they collect isn’t clear to me. According to a February 2018 report by the CrySP team at the University of Waterloo, Wire, “…does not attempt to hide metadata, other than the central server promising not to log very much information.” In addition, the process of authenticating the clients with the servers involves sending your unencrypted password to Wire, where it is hashed and compared to the stored, hashed version of the original password. This means that your cleartext password is exposed every time you log onto the service.
A May 2017 article on Vice.com reported that Wire keeps an unencrypted list of everyone you have ever contacted using the service, along their email address or telephone number, for as long as your account exists.
These issues mean that you need to have a certain level of trust in Wire to protect your metadata and password.
That need for trust became more important when it was revealed that Wire had moved its holding company to the United States in February 2019, without disclosing this until November 2019. Due to the extensive online surveillance activities of the United States government, many people concerned with protecting their privacy argue against trusting any service that is based in the USA, a Five Eyes country.
Whether this situation is a problem for you will depend on your threat model. For more information on the controversy, check out this TechCrunch article.
Wire business features
Paid Wire plans pack in a lot of features that aren’t available in Wire Personal:
- Group Messaging
- Video and audio calls with more users than the personal plan supports
- Guest Rooms
- Member roles
- On-premises and private cloud capabilities
Wire is truly a team collaboration tool. For a full view of the features packed into the Wire business-oriented plans, see the Pricing page.
As you’ve already seen, Wire Personal is a free service. There are rumors that Wire will be converting the personal plan to a freemium model at some point, but for now, it is 100% free of charge. The pricing page on the site addresses only Wire Pro (4 euros per user per month billed biennially), Wire Enterprise (8 euros per user per month billed biennially), and Wire Enterprise Technology.
Wire free version
Having tested out the Pro and Free versions, I can see that the free plan can likely meet most of your needs. While the team collaboration features are limited, you can always upgrade to Pro if necessary.
Here is a direct link to Wire Personal (free), since it is now more difficult to find.
And the free version still has group chat capabilities and also group calls. Therefore it may still work fine for your team.
Wire review conclusion
Wire Personal has a lot going for it as a secure messaging app. The messaging service is strong and secure, with the personal edition of Wire riding on the business-oriented paid services. In September of 2019, it even got mentioned by Edward Snowden as one of two secure messaging services that he recommends for meaningful communication.
However, the future of Wire Personal is less clear. Beginning in late 2017, Wire Swiss GmbH started moving more and more toward a corporate focus, and away from worrying about individual users. Then it was announced (in November 2019) that in February 2019 Wire had raised $8.2 million from Morpheus Ventures and moved its holding company to the United States. This triggered outrage from many privacy advocates, including Mr. Snowden, who tweeted,
“Wire was always for profit and planned to follow the typical venture backed route.” [
@Wire CEO] Brogger… describes individual consumers as “not part of our strategy.”
This is a grim turn for a once-promising app, and a window for
@Signalapp to exploit.
Is Wire right for you?
At the moment, Wire Personal is a great secure messaging app for individuals. The Wire messaging service is secure, with independent reviews stating that the service is sound. On the other hand, the number of individual users of Wire is small (around half a million), and the CEO of Wire has made it clear that individual users are not a priority. According to one insider quoted in the TechCrunch article mentioned earlier, the company’s attitude right now is, “If Wire works for you, fine, but we don’t really care about what you think about our ownership or funding structure as our corporate clients care about security, not about privacy.”
While I like and regularly use Wire Personal myself, I suggest you think long and hard about relying on it as your secure messaging app of the future.