"Use Signal, use Tor" remains the gold standard for securing personal communication, but they are not a good fit for enterprise deployments where corporations want to use mobile device management (MDM) software to provision thousands of employee devices. A new partnership between secure messaging service Wickr and censorship circumvention tool Psiphon proposes that enterprises instead "use Wickr, use Psiphon."
Unlike Signal and Tor, which are designed to offer the greatest political freedom to the greatest number of people, Wickr and Psiphon are designed with very different goals in mind. Wickr is a for-profit software company that offers end-to-end encrypted communications for enterprises that plugs and plays nicely with MDM software and includes optional split-key deployment so that enterprises can monitor and control (hint: with notice) their employees' messaging.
Psiphon, invented at the Citizen Lab at the University of Toronto, and long favored by the US State Department as a delivery vehicle for official American government propaganda, such as Voice of America and Radio Free Europe, now hopes to branch out from propaganda delivery and help global enterprises stay connected.
If Wickr and Psiphon can't compete with Signal and Tor in the political freedom stakes, they can and are competing for paying enterprise customers who need secure messaging and collaboration tools with always-on availability, regardless of geographical location.
Wickr plays nicely in the enterprise
According to Wickr COO Chris Lalonde, Wickr plays well with MDM solutions, enabling enterprise customers to provision thousands of employees, manage employee security access when they switch roles or leave the company, and, of course, to peer over their employees' shoulders at work. Wickr also makes it possible for corporate security departments to ensure compliance with relevant regulations, such as data retention.
"It's just a lot of things that large enterprises have become accustomed to," Wickr CEO Joel Wallenstrom, tells CSO. "They want to have a certain amount of control over how things are used."
The messaging app open-sourced its core crypto libraries last year, but has not released the remainder of its code, an understandable decision for a for-profit company to make, although one that does leave lingering trust issues.
Wickr is more than just a corporate clone of Signal with a price tag for the enterprise version. The app also offers a Slack-like interface. Slack, you might recall, is not end-to-end encrypted. All your office gossip, all your strategic planning, all your confidential chatter? It gets decrypted and stored on Slack's server. If that doesn't send chills up your spine, it ought to.
That doesn't make Wickr the Second Coming either, but well worth reflecting on your organization's dependence on Slack, and possible e2e encrypted alternatives.
Psiphon punches through the Great Firewall
Psiphon has 200,000 daily active users in China and around 350,000 weekly active users, according to Michael Hull, president of Psiphon. Travelers to China will struggle to get Tor working, and VPN service can be flaky from behind the Great Firewall. Psiphon is one of the most reliable ways to stay connected when visiting the Middle Kingdom.
The censorship circumvention tool has a proven track record of ensuring information availability to its target audience in the face of government censorship in places like Russia, China and Iran. Psiphon has given Wickr API access to its service, and Wickr clients plug directly into Psiphon's global network of proxies.
The anti-censorship tool uses some fairly sophisticated methods to ensure state censors cannot block its traffic. "Psiphon utilizes obfuscated SSH as well as derivatives of the MEEK transport that utilizes both direct and domain fronting methods," Hull explains in an email.
Psiphon was notably unaffected by Google's controversial decision to end domain fronting for Signal last year. The decision drew howls of protest from digital rights groups like Access Now, because domain fronting made it easy for users around the world to circumvent state-sponsored censorship.
Again, Psiphon ain't no internet freedom tool. Psiphon does not provide anonymity, and its FAQ explicitly says that: " If you require anonymity over the Internet then you should use Tor instead of Psiphon." Chinese citizens who use Psiphon in China are probably in for a world of hurt. It's a fair guess the Chinese government knows who you are, even if they can't censor your internet traffic.
If you need to ensure connectivity to your home office while on a business trip, either in China, Iran or just a coffeeshop that filters or degrades VOIP traffic, Psiphon might be a good fit for the job. "There are all kinds of different restrictions around the world, not just China," Wallenstrom says. "For large organizations....in some places it's harder to ensure connectivity."
Of course, you could just use a VPN. Wickr hopes to add value by offering Psiphon integrated directly into its app and making the experience seamless.
Who should use Wickr/Psiphon?
If your enterprise needs censorship circumvention for traveling employees, plus MDM-compatible end-to-end encrypted messaging, including a Slack-like client, and are willing to pay for this service, then you should check out the Wickr/Psiphon partnership.
If you're a journalist, or activist, or an individual who just cares about democracy on the internet, then you should use Signal and Tor instead.
More on encryption:
- 4 hot areas for encryption innovation
- 5 myths about data encryption
- The race for quantum-proof cryptography