It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Help ATS via PayPal:
learn more

Wickr, Mr Robot and the CryptoWars 2.0

page: 1
1

log in

join
share:

posted on Aug, 31 2016 @ 07:11 PM
link   
There are many solutions when it comes to needing a secure way to talk to friends and family. For most people we just want our words to be our business and not just easily swept up by Global Surveillance Systems.

You may have seen the recent Mr Robot episode were the 2 characters use a crypto app to communicate with one another in a very secure way. Once again the people behind Mr Robot have shown solid technology and solutions, used in the real world today.

There is one application that so far has been found to be a great way to communicate with friends. This application is called “Wickr”.

Wickr is easy to use and to setup. If you combine Wickr with a VPN service, you will have a much more secure and anonymous connection to your friends and family. Using VPN's that have no logs is the best way to go.

The Software is available for all platforms and has been described in a leaked DHS document to be one of the few programs that create an anonymous message transport because of its End-to-End encryption and its ability to never store information outside of the users device. All information that traverses the network is highly encrypted and also has the ability to self destruct given a set time frame.
Image below is a screen shot of the doc area that explains there Wickr assessment.
postimg.orge...
You can read the very informative document in full here provided by the Intercept
theintercept.com... vert-messaging-apps/

Specifications for the software

*Wickr username, application ID and device ID are cryptographically hashed with multiple rounds of salted SHA256;
*Data at rest and in transit is encrypted with AES256;
*As part of Perfect Forward Secrecy, each message has a new encryption key that is deleted as soon as message is decrypted;
*Message encryption keys are encrypted with a key produced using ECDHE;
*Messages are bound to both the receiver’s application and device;
*No password or password hashes ever leave user device;
*All user content is forensically wiped from the device after it expires;
*Your UDID (Unique Device Identifier) is never uploaded to our servers so you are always anonymous to us;
*Wickr’s Secure Shredder forensically erases all deleted data on your device so it cannot be recovered;
*All user communications are cleared of any metadata.
~ Confirm Wickr's Privacy by reading there statement to law enforcement below
www.wickr.com...

THIS THREAD IS IN NO WAY ADVERTISEMENT AND IS MEANT TO BE A INFO GUIDE TO THE COMMUNITY.

There is a huge amount of demonizing going on right now by the powers that be about covert messaging apps and all of it is pure BS. Read the intercepts take on this.

The Big Secret That Makes the FBI’s Anti-Encryption Campaign a Big Lie
theintercept.com...




edit on 31-8-2016 by 3ncrypt0Rdie because: corrected word




posted on Aug, 31 2016 @ 08:59 PM
link   
AFAIK, Wickr still has some problems not least of which is that they haven't documented how users' identities are verfied by other users. The problem here is that the app might be vulnerable to MITM attacks. I believe Signal gets a better rating from the EFF for that reason and because Signal's code is open source — essentially Wickr is something of a black box technology — and that's worrisome in light of some of the bugs that have been caught like unencrypted passwords found in memory not only after the user had authenticated (to the app) but after the app was closed.



posted on Sep, 1 2016 @ 06:07 AM
link   
There is no perfect encryption system, you need proper trust and thats very hard to establish and lets not forget that if we can exchange enough information to securely establish both sets of identity securely then we'd use that route.

As said above both the fact its possible to use MITM and the source codes not available to have a look over both are a worry as is the fact that by now i'd expect a visit or two from the spooks to make requests with NSL's or whatever their government uses.



posted on Sep, 1 2016 @ 08:14 PM
link   
Yes what you both have said is accurate and may be occurring. The main reason for the thread was to give people an introduction into the world of CryptoApps to allowing them to understand how things work and to lean more. Thank you in your response for it is helping in this process.

Yes it is true, MITM is always a real question and auditing the code is paramount.
This example is mainly unique because of the attention it got from the DHS and that it is easy to get the hang of for people to experiment with. The security features also provide a good entry into secure message drops.
It is always best to send all text over the wire in PGP/GPG form as to create another layer of strong encryption, for secure read of the data or information.
Also when using any type of security or anon type application, or network platform, it is always good practice to place a Log-less VPN service that you trust. Trust only thought testing and security audits from community members and from the corp between you and the type of technology at play.

Did you guys get a chance to read the going dark doc from this thread? If so whats your take on it?

I See the link for the image showing the assessment has been removed. To read the DHS's assessments of Wickr and all of the other popular, crypto messaging apps go to page 8 in the going dark document from this tread.
On Wickr : encrypt0rdie
edit on 1-9-2016 by 3ncrypt0Rdie because: (no reason given)

edit on 1-9-2016 by 3ncrypt0Rdie because: (no reason given)

edit on 1-9-2016 by 3ncrypt0Rdie because: update on the link thats down from original post



posted on Sep, 1 2016 @ 08:32 PM
link   
a reply to: 3ncrypt0Rdie
The Working Intercept link for the Document about covert messaging applications is located here.
Going Dark Covert Message
Applications




edit on 1-9-2016 by 3ncrypt0Rdie because: (no reason given)




 
1

log in

join