This is due to phishing attacks and account takeover attempts, not due to the platform itself being insecure.
They state that wire can be signed up with using an email instead of phone number, so it’s less likely that someone will know the validation account used to sign up.
Feels to me like it’s just a different attack vector. Maybe it’s harder to do attacks on wire, but they didn’t really say that in this article.
My gut says it’s less attacked just cause it’s less used, not that it’s more secure. But I’m certainly willing to admit that I haven’t looked into wire much.
Thank you. I do wish the public conversation were more about actual tech vs social engineering and public-vibe opinion.
I like the fact that Wire uses a separate key for every device and every 2-person pair, even in a group chat.
But I hate how much metadata that Wire leaks. I do not want my ISP/VPN provider to be able to track where I am and with whom I am messaging. IP addresses, routing paths, packet sizes, timing…
Both protocols encrypt what you say. Wire betrays where you were when you said it and gives a lot more clues about who you said it to. Exactly what you want people to use, if you are a nation-state able to monitor corporate ISPs and VPNs.
Interesting, didn’t know anything about Wire. Are the ISP/VPN selling your data your main concern? Foreign nations enter your mind as far as threat model? Maybe easier to speak generally on what relatively normal (but nerdy) people might do best to care about
This is due to phishing attacks and account takeover attempts, not due to the platform itself being insecure.
I mean, it’s not that Signal has security issues per se, but it doesn’t have the German government’s security people with control over what goes into releases, either.
If you remember the wake of Signalgate, the US doesn’t allow use by American officials of Signal to do their communications because they don’t certify it for classified information transmission and do have their own app that officials are supposed to be using.
On March 15, Secretary of Defense Pete Hegseth used the chat to share sensitive and classified details of the impending airstrikes, including types of aircraft and missiles, as well as launch and attack times.[1][2] The name of an active undercover CIA officer was mentioned by CIA director John Ratcliffe in the chat,[3] while Vance and Hegseth expressed contempt for European allies.[4][5]
A forensic investigation by the White House information technology office determined that Waltz had inadvertently saved Goldberg’s phone number under Hughes’ contact information. Waltz then added Goldberg to the chat while trying to add Hughes.[15] Subsequently, investigative journalists reported Waltz’s team regularly created group chats to coordinate official work[16] and that Hegseth shared details about missile strikes in Yemen to a second group chat which included his wife, his brother, and his lawyer.[17]
On March 18, 2025, the Pentagon sent a department-wide memo warning, “Please note: third party messaging apps (e.g. Signal) are permitted by policy for unclassified accountability/recall exercises but are NOT approved to process or store nonpublic unclassified information”—a category whose release would be far less potentially damaging than that about ongoing military operations.[27] A former NSA hacker said that linking Signal to a desktop app is one of its biggest risks, as Ratcliffe suggested he had done.[28]
According to the article, German government information security people do that for Wire:
Klöckner highlighted that Wire is already provided by the Bundestag administration and is certified by Germany’s Federal Office for Information Security (BSI).
Some weird ass fork by a company founded and staffed by Israeli ex-intel officers that allows automatic backup of chats even if they are set to delete after x days
Yeah that incident was also due to a phone number issue. Someone somehow had the name associated with the phone number saved incorrectly. Something to do with iOS and how it saves numbers automatically.
This is due to phishing attacks and account takeover attempts, not due to the platform itself being insecure.
They state that wire can be signed up with using an email instead of phone number, so it’s less likely that someone will know the validation account used to sign up.
Feels to me like it’s just a different attack vector. Maybe it’s harder to do attacks on wire, but they didn’t really say that in this article.
My gut says it’s less attacked just cause it’s less used, not that it’s more secure. But I’m certainly willing to admit that I haven’t looked into wire much.
It‘s her approach to frame the technology instead of acknowledging that she is the victim of a social engineering attack.
Thank you. I do wish the public conversation were more about actual tech vs social engineering and public-vibe opinion.
I like the fact that Wire uses a separate key for every device and every 2-person pair, even in a group chat.
But I hate how much metadata that Wire leaks. I do not want my ISP/VPN provider to be able to track where I am and with whom I am messaging. IP addresses, routing paths, packet sizes, timing…
Both protocols encrypt what you say. Wire betrays where you were when you said it and gives a lot more clues about who you said it to. Exactly what you want people to use, if you are a nation-state able to monitor corporate ISPs and VPNs.
Interesting, didn’t know anything about Wire. Are the ISP/VPN selling your data your main concern? Foreign nations enter your mind as far as threat model? Maybe easier to speak generally on what relatively normal (but nerdy) people might do best to care about
I mean, it’s not that Signal has security issues per se, but it doesn’t have the German government’s security people with control over what goes into releases, either.
If you remember the wake of Signalgate, the US doesn’t allow use by American officials of Signal to do their communications because they don’t certify it for classified information transmission and do have their own app that officials are supposed to be using.
According to the article, German government information security people do that for Wire:
Weren’t they also using an insecure clone that sent their messages in plaint text to be archived?
Important point about Signalgate: Hegseth & team weren’t even using Signal; they were using some weird-ass fork
Some weird ass fork by a company founded and staffed by Israeli ex-intel officers that allows automatic backup of chats even if they are set to delete after x days
Every. Fucking. Time.
Yeah that incident was also due to a phone number issue. Someone somehow had the name associated with the phone number saved incorrectly. Something to do with iOS and how it saves numbers automatically.
feels like typical security through obscurity