How secure is wickr?

[Robfromga]

Anyone can cooperate and if your providers control the portal into which you input your private key (password) it is trivial to redirect an IP of interest (or even an account name of interest) to an altered portal that changes what happens when you type in your password to capture your key.

Apps on a phone require somewhat more fiddling and intervention to make that happen (because the hashing is done on a portal in your hand) but can be done.

Location is a difficult thing to rely on for security. The only actors likely to not cooperate with LE are providers residing in rogue states or Switzerland (and the Swiss cooperate more than is advertised).

Good crypto, content deletion, account switching/deletion, etc are the real defenses.

Politics of location are simply too subject to change.

*edit: fucking typos.

I'm following .
Im not tech savvy at all. The secure app idea didn't sound very secure at all.

 

[balco]

Phones and computers can be secure as long as they are physically comprised, what others users have stated have little to nothing to do with opsec. Wickr(pro might be) isn't open source therefore cannot be considered secure and shouldn't be looked into further.

 

[88general88]

FAQs

When Does Wickr Provide Law Enforcement with Details on its Subscriber Accounts?

Wickr cooperates with law enforcement by providing information related to its users’ accounts only when properly served with legal process or in life-or-death situations.

What Kinds of Information Does Wickr Turn Over on Those Accounts?

Wickr can provide non-content information describing an account such as: date of its creation, the date of last use, the total number of messages sent and/or received, the type of device on which the account was created. See our Legal Process Guidelines for the full list.

When Does Wickr Provide Law Enforcement with Subscriber Content?

Never! Our system is designed to protect our users’ privacy such that we never have access to our users’ decrypted message content so can’t pass it on to anyone else.

July 1, 2018 Reporting Statistics [1]

[1] Wickr is committed to sharing information about the requests it receives for its users’ account information. Above is a table detailing requests received for our users’ information from January 1, 2018-June 30, 2018. Our next report will present data from June 30, 2018 through December 31, 2018.

[2] Wickr notifies users of requests for their information including providing a copy of the legal process, unless required by a non-disclosure order not to do so or when disclosure is not practicable or would not be fruitful such as when a user does not exist, a request is withdrawn, or in an emergency situation such as a missing person investigation or where there is a danger of death or serious physical injury.

[3] “Warrants” are used to obtain information which may be similar to information available to a requestor through a subpoena or court order except that requestors often seek the content of the communications through the use of a warrant. Therefore, in order to get a warrant, law enforcement must demonstrate ‘probable cause’ to a court that the requested information evidences a crime.

[4] “Orders” are signed by a judge and may include the following: Non-Disclosure Orders requiring us to keep private a request for users’ account information, 2703(d) Orders under the Electronic Communications Privacy Act (the federal law that regulates law enforcements’ access to customer data and content) in both civil and criminal cases, as well as Pen Register Orders which provide for real-time disclosure of non-content data.

[5] “National Security Orders” includes orders authorized and issued under the Foreign Intelligence Surveillance Act (FISA) and National Security Letters authorized by the Stored Communications Act (SCA).

As of the date of this report, Wickr has not received an order to keep any secrets that are not in this transparency report as part of a national security request.

[6] “Other Requests” may include Preservation Requests, Emergency Disclosure Requests, and Civil Requests including Subpoenas. Preservation Requests are requests by law enforcement for preservation of a users’ non-content account information for up to 90 days until such time that it serves the proper legal process to receive such information. Emergency Disclosure Requests are requests from a government agency in exigent circumstances involving life or death. We review and process emergency requests upon a showing that the information provided will help save lives.

[7] “Non-U.S. Requests” include formal legal processes deriving from foreign governments. We require that any such requests conform to the Mutual Legal Assistance Treaty (M.L.A.T.) or letters rogatory process.

Like always, top notch info from the realist mutha fucker