• United States



Wickr: Free texting app has military-grade encryption, messages self-destruct

Sep 17, 20136 mins
Data and Information SecurityMicrosoftMobile Apps

If you value privacy and security, then try the free, self-destructing encrypted messaging app Wickr so you can 'leave no trace.'

If you have an Android or an iPhone, and if you value privacy and security, then please do yourself a tremendous favor today by installing Wickr, a self-destructing messaging app that uses military-grade encryption for texts, pictures, audio, video and PDFs and also exceeds NSA’s compliancy standards for Top Secret communications. Equally terrific, the experts behind Wickr say it’s your data; you own it. Wickr is setup so it is technically impossible for its creators to access your messages. Like WhatsApp or Skype, it’s free. Unlike those apps, Wickr uses Perfect Forward Secrecy, offering you a chance to “leave no trace.” Wickr for iPhone launched more than a year ago, but now the Android version is here!

We can scarcely go a day without hearing about government surveillance or three-letter agencies pushing to have secret backdoors built into software. Nico Sell, CEO and co-founder of Wickr, said she was approached by the FBI at the RSA security conference. The agent asked for a secret backdoor, but Wickr said no.

The security and privacy experts behind Wickr believe privacy is a fundamental human right. They publish transparency reports [pdf] that show the number of government requests for data, not that they could hand over the content of Wickr messages even with a properly issued subpoena. By using Perfect Forward Secrecy, the “encryption keys are unique, used only once and then forensically destroyed. Each message is encrypted with its own unique key. Only the intended recipient(s) on the intended devices can decrypt the messages.” Wickr severs do not even have the decryption keys, your messages can never be accessed, “therefore, no criminal or rogue government can take them from us.”

You may not be a fan of reading privacy policies, but you really should check out Wickr’s to learn how the app provides the best available privacy and anonymity features. “We canʼt see information you give us. Your information is always disguised with multiple rounds of salted, cryptographic hashing before (if) it is transmitted to our servers. Because of this we donʼt know – and canʼt reveal – anything about you or how you use the Wickr App.”

Wickr also takes security very seriously. Regarding the use of military-grade encryption, Wickr states, “Our encryption is based on 256-bit symmetric AES encryption, RSA 4096 encryption, ECDH521 encryption, transport layer security, and our proprietary algorithm.”

Deletion is forever. When you delete a message, or when a message expires, our “secure file shredder” technology uses forensic deletion techniques to ensure that your data can never be recovered by us or anyone else. You own your data. We do not share or sell any data about our users. Period.

Dr. Robert Statica, Wickr cofounder and CTO, announced [pdf] that the app went multi-platform with the introduction of an Android Beta version to “provide the masses free private international messaging.” He noted additional layers of security beyond perfect forward secrecy: “Users are anonymous; each message is bound to the device; metadata is cleared from attachments; all deleted files on your phone are shredded. No other app does this.”

Wickr is not the only self-destruct messaging app. Although Silent Circle is great from a security and privacy angle, it is not free; there is a monthly fee. Then there’s Snapchat, which has a “bad reputation as a self-destructing sexting app for teens,” and it’s not secure. It is possible to secretly save videos, or a person could use Snap Save and the sender would not be alerted the image was saved. At the TechCrunch Disrupt conference, Snapchat co-founder Evan Spiegel said more than 350 million pictures are sent through Snapchat every day, but he reminded people, “Snapchat is not a great way to send photos you want to keep safe and secure.” From a digital forensic point of view, the metadata is stored for Snapchat images.

In fact, security researchers behind the Def Con 21 talk “This presentation will self-destruct in 45 minutes: A forensic deep dive into self-destructing messages” looked at Snapchat, Facebook Poke and Wickr; Wickr was the only one they could not penetrate.

Wickr’s privacy management has a “Black List” mode that states, “Everyone can message you now! Tap ‘+’ to block a user.” Or you can switch to “White List” mode so “no one can message you now!”

Under settings, you can setup the secure file shredder to “clean deleted files from your device” as well has setup the session timeout, “how long it takes your app to lock,” and the default self-destruct time. Those all come with default values, so you don’t have to change anything if you don’t want to, or you can tweak the time before self-destruct when you send a message.

In case you need it, the app provides integration with online storage services Dropbox, Box and Google Drive.

Protecting yourself by using Wickr self-destructing messages means that you and whoever you’re communicating with both need to use the app. When it comes to setting up your contacts, you can choose to allow friends to find you via email address or phone number. You can opt to add people you know that already use Wickr, or search for Wickr users via Wickr ID connect. Since it is now available for both iPhone and Android, and it’s absolutely free, then please encourage your friends and family to try Wickr. I highly recommend this app.

Like this? Here’s more posts:

  • 4 billion call records added daily to AT&T database for DEA phone surveillance
  • Nuke data: BleachBit for Windows has 1300+ cleaners to help protect your privacy
  • School starts mass social media surveillance of students for their ‘safety’
  • Government-funded P2P surveillance fallout: Tell-all book, lawsuit, FTC complaint
  • Researchers develop attack framework for cracking Windows 8 picture passwords
  • 12 years after 9/11, are privacy and liberty casualties of the terrorism boogeyman?
  • Been groped by TSA agents? Former DHS official implied privacy advocates are to blame
  • Is Microsoft an enemy of the internet by helping the NSA undermine encryption?
  • Cautionary tales: Teen beauty queen and baby spied on via hacked cameras
  • Microsoft Research: Secret tags in 3D-printed objects, hooked to the Internet of Things
  • Gmail is the preferred email service of terrorists, claims former NSA chief
  • Implanted RFID chips to implanted invisible headphones: Modded bodies and privacy

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.