Wickr Messenger Review

HEISENBERG

ADMIN
ADMIN
Joined
Jun 24, 2021
Messages
1,643
Solutions
2
Reaction score
1,751
Points
113
Deals
666
IMPORTANT! Wickr has now been purchased by Amazon. Given the new ownership, you may want to consider some alternative secure messaging apps here. And because Amazon is a global multinational company based in the United States, this also puts Wickr (and Wickr users) under US jurisdiction, and all the privacy implications that go with it.
2021 08 19 04 34

Wickr Me pros & cons.
+ Pros

Client-side end-to-end (E2E) encryption;
Encryption algorithms: AES 256, ECDH521, and RSA 4096, with Perfect Forward Secrecy (PFS);
Anonymous accounts;
Ephemeral messages and attachments;
Burn-On-Read messages and attachments;
Provides Transparency Reports;
All user content is forensically wiped from the device after it expires;
Does not log IP Addresses or Unique Device ID;
Does not record user metadata;
GDPR-compliant.

– Cons

Code is publicly visible on GitHub, but not open source;
Message handling is unusual;
Based in the United States.

Before I take you deeper into the guts of Wickr Me, we need to talk about the differences between Wickr Me and Wickr Pro.

Wickr Me vs Wickr Pro.

Wickr Pro and Wickr Me both run off the same secure code base, and there is a free version of Wickr Pro available. Depending on your use case and threat model, you may want to consider using Wickr Pro Basic (the free tier of Pro) instead of Wickr Me. Why would you do that?

Wickr Me distinguishes between users based on their anonymous username. A Wickr Me account belongs to whoever has the correct credentials to log into it. The company has no way to identify the owner of a Wickr Me account because they have no access to any of your personal information. Even if you link a phone number in Wickr Me, that data is encrypted and cannot be read by the company.

Wickr Pro requires you to use an email address as your username. While this supports password resets and verification of ownership for Wickr Pro accounts, it also eliminates the anonymity of Wickr Me. On the positive side, Wickr Pro Basic has several features that Wickr Me does not.

I’m concentrating on Wickr Me in this review. However, if giving Wickr an email address would be acceptable in your particular circumstances, check out the additional features of Wickr Pro Basic, covered at the end of this review.

Note: You can boost your privacy when registering for Wickr Pro Basic by anonymously signing up for a secure email service that you only use for your Wickr registration. There are also disposable email services you can use for this purpose.

WickrMe feature summary.

Here are some key features to consider when deciding whether Wickr Me is right for you. Wickr Me offers:

File, photo, video, voice message sharing.
Video and audio conferencing.
All messages and attachments are ephemeral. That means they only exist for a certain amount of time. Once their time is up, they are permanently deleted from both the sending and receiving devices. If a message or attachment is still sitting on a server awaiting delivery when its time is up, it is deleted from the server as well. In other words, messages may never get delivered if the recipient doesn’t log into Wickr frequently enough.
Message handling is unusual. Messages are bound to both your account and a specific device. You can have multiple devices connected to one account, but messages will only go to the specific targeted device. Messages are not synced across all your devices as with most other messaging services.
Wickr has published their crypto library as open source, but the rest of the code is not open source.
Wickr Me apps are available for Android and Chromebook, iOS, Windows, macOS, and Linux.
Over 5 million copies of Wickr Me have been downloaded from Google Play alone.

Where is your Wickr Me data stored?

Messages are stored on your device. They may be stored for a limited time on the Wickr servers, but are deleted upon delivery. Because messages are end-to-end (E2E) encrypted, even while they are on the Wickr servers, they are undecipherable.

Messages are also ephemeral. This means that every message is automatically deleted from wherever it is in the Wickr system (their servers or your device) after a user-specified amount of time. In the long term (longer than the maximum life of any particular data), your Wickr Me data isn’t stored at all. This is great for privacy.

Wickr Me third-party testing and audits.

While it can be hard to find any third-party testing and audit results for some secure messaging services, Wickr has glowing quotes from four outside organizations attesting to the security of their products.
Here.

Wickr Transparency Reports


Here is a link to all the Wickr Transparency Reports.

Wickr Burn-On-Read timer.

The expiration time is only one of the two Auto-Destruct timers built into Wickr. The other is the Burn-On-Read timer. When activated, this timer controls how long a message (or other content) continues to exist after a recipient views it. This timer starts ticking as soon as the content is marked as “read.”

Note: Regardless of how much time might be left on the Burn-On-Read time, it will never extend the life of the content beyond the destruct time determined by the Expiration time.

Wickr group messaging and extra features.

Wickr Me also supports group messaging. Previously known as group conversations or group chats, multi-person chats in Wickr Me now appear in Rooms. Wickr Me Rooms are not moderated, in contrast to those in Wickr Pro, which offers moderation and larger group sizes.

Beyond the basics of Direct Messaging, Room chats, and self-destructing messages, Wickr Me has some very useful additional features. Here are some highlights:

Share Location – Share your Current Location (a snapshot of where you are this instant) or your Live Location (your location over time) with others.
Quick Responses – A set of pre-made responses you can send when you don’t have the time or attention to send a more personalized response.
Key Verification – Verify the identity of any user in your contacts list by clicking their avatar which brings up the user’s information, and then selecting the “Security Verification” from their profile screen.

How secure and private is Wickr?

Wickr Me is about as secure and private as a messaging service can be.

It combines strong encryption, Perfect Forward Secrecy, and content that literally disappears when not needed anymore. Unlike some other messenger services, Wickr does not collect:

Your IP address
User metadata (since accounts are anonymous, Wickr doesn’t know who you are)

The Wickr Messaging protocol and apps have gotten good marks in various third-party audits.

United States jurisdiction and privacy concerns.

One lingering concern that some people may have is the legal jurisdiction where Wickr operates. Wickr Inc. is based in San Francisco, USA. Generally speaking, the United States is not a good privacy jurisdiction. It is a leading member of the Five Eyes surveillance alliance. The US government also has a history of forcing US companies to secretly collect and log user data. You might remember the Lavabit example, where the owner had to close the business to avoid being forced to spy on his customers.
 
Last edited by a moderator:

ASheSChem

Don't buy from me
Resident
Language
🇫🇷
Joined
Apr 10, 2022
Messages
300
Reaction score
168
Points
43
How can i choose an username and not sharing address mail?
by defaut it's my mail..
 
Top