Seems like a good idea. I wonder what journalists on the list think about it. I know there are a number of Knight Fellows and other journalists on the list, so I hope they chime in.
BTW, here is the press release received via Twitter in response to an inquiry about Wickr's security: https://www.mywickr.com/en/downloads/RSA_Security_Announcement.pdf ***Attention Security Geeks, This One is for You*** Wickr Releases Perfect Forward Secrecy, No Back Door Guarantee, Transparency Report & Veracode Audit RSA ® Innovation Sandbox Recognizes Wickr as a Top Security Innovator of 2013 Visit the Wickr Demo Booth on February 25th By Dr. Robert Statica, Wickr Cofounder February 25, 2013 Today is the opening of RSA ® Conference 2013, the largest security conference in the world. In honor of this event, we are making some announcements that only security geeks, like us, understand. Wickr provides more advanced encryption technology than pricey alternatives To kick things off, we changed our key encryption algorithm from RSA 4096 to ECDH 521. Isn’t that ironic?! This elliptical curve encryption algorithm enables us to offer perfect forward secrecy to mainstream consumers with faster performance. If Suite B specifications are good enough for NSA Top Secret information, then they are good enough for our family and friends. As a result of this change, Wickr provides the most advanced level of data and key encryption available on the market to date. Oh, by the way, Wickr is free. We’d also like to point out that we have not tried to reinvent encryption. While we do have a patentpending protocol for transport of the encrypted communication as well as ephemeral messages and media, this does not mean we are using patent-pending encryption. In fact, we use well-known encryption algorithms - AES 256, ECDH 521 and TLS. The receiver’s device is the only one to know the decryption key, which changes every message to prevent harvesting attempts. Our peer-to-peer data encryption/decryption does not rely on a centralized KDC (key distribution center) thus making secure communication easier than ever; even the non-technical can do it! Backdoors are so last century Additionally, the Wickr architecture eliminates back doors. We don’t use servers outside of the country because we don’t need to. Each message is encrypted, no matter what server it is sent through, rendering backdoors obsolete. By eliminating back doors, our architecture protects Article 12 of the Universal Human Rights Doctrine in the United Nations as well as the First Amendment to the Constitution of the United States. This mission is fundamental to Wickr and everything we do. Let’s be clear, open source code does not guarantee there are no back doors – it requires a good architecture and good intentions. This is our commitment to you. Encrypted and self-destructing messages tell no tales Today Wickr released its very first Transparency Report. The report shows we have had requests for information from law enforcement in 2013. It also shows we have absolutely nothing to provide in response to these requests because we don’t know who is communicating on our platform or what is being said. We do not store any personal identifiable information on our servers whatsoever. Our servers only see encrypted messages, and even those are deleted as soon as they are downloaded by the recipient. You can view the full report here. Don’t believe us? It is too good to be true? Rest assured, Wickr is the real deal. We’ve undergone a code audit from Veracode, the most respected secure coding experts in the world. Wickr’s app and server code scored a 100/100 after undergoing an extensive review conducted by Veracode professionals. You can verify the Veracode certified seal on our web site here. No such thing as 100 percent secure – but we’ll keep trying Wickr will never promise 100 percent perfect security solutions because we are security experts and understand that nothing can ever be 100 percent secure. We do, however, promise 100 percent commitment to becoming more secure, all the time. Security is an attitude we have built into Wickr from the ground up. RSA ® Innovation Sandbox recognizes Wickr as a top security innovator Wickr is proud to be recognized as one of the most innovative new companies at RSA this year. Visit us at the Wickr demo booth on February 25th at Moscone Hall E Room 134 from 1-5pm. More about Wickr Headquartered in San Francisco, Wickr is comprised of top security and privacy experts who strongly believe private communication is a universal human right that is extremely important to a free society. Today, this right is almost nonexistent. Companies like Apple, Facebook and Google offer messaging that is archived, easily traceable, controlled by the recipient and shared with strangers. We have flipped this concept on its head and are giving the control back to you, the sender. After all, who doesn’t want control of the messages and media they share with others? Wickr offers free worldwide text, audio, picture and video messaging with self-destructing media that is private, secure and anonymous. It clears metadata from files and permanently shreds deleted files from your device. Since the launch in June 2012, Wickr has seen exponential growth and 5-star reviews in the App Store. As a top ranked free social app in the U.S., China, India, Israel, Spain, South Africa and Brazil, we have served millions of secure messages. Wickr is the future of messaging. Join us if you haven’t already. - it’s free! On Mon, Jun 9, 2014 at 10:47 PM, Tony Arcieri <[email protected]> wrote: > On Mon, Jun 9, 2014 at 10:41 PM, Griffin Boyce <[email protected]> > wrote: >> >> A good experiment might be to send out releases of factual security info >> to counteract the dubious press releases that all too often turn into >> dubious articles. > > > I think it'd be pretty interesting for the cryptographic community to > produce some sort of resource for reporters on what tools are good and bad > and for what reasons. > > Press releases seem like an interesting idea too, especially if there were a > one-tool-at-a-time approach where a group of people could review and comment > on each tool individually. > > This would generate the kind of news cycle the tech press loves. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
