Wickr, the encrypted messaging app, finally goes open source

All it took was nearly five years and a shuffle of senior management.

(Image: file photo)

Finally, Wickr has released its core crypto code to the open source community.

The end-to-end messaging service launched in 2012, long before Signal took off and rolled out encryption of its own.Yet Wickr became one of the last to publish its code to the open source community.

The service's use of encrypted and disappearing messaging, à la , helped to gain users' that their messages wouldn't , leaked, or exposed to either hackers or federal agents.

But the company's choice to restrict access to its crypto code made it for anyone to be sure that the service was free from vulnerabilities or backdoors, except for a very few select cryptographers and security auditors.

Wickr hopes that publishing the source code will allay those fears and nullify one of the app's critiques -- that nobody could be certain the app was truly secure.

The company released the code on GitHub along with a technical white paper.

"It is now time to begin opening the source code so our customers and partners can easily review the crypto codebase and validate the promises we make to Wickr's users," said Joel Wallenstrom, Wickr's executive.

But while the source code release was months in the making, the company didn't consider the move until recently.

When we met former chief executive in May, he said in the face of his company's critics there there would be no release of source code, citing the company's proprietary intellectual property and a for-profit business structure as barriers.

He departed the company several months later, and the company underwent an internal about-face.

While the service was initially used by dissidents and activists, the company late last year announced its leap into government and enterprise markets with its secure professional-level service in an effort to challenge the collaborative apps, like Slack and Convo, while making the service free for personal use.

Security 101: Here's how to keep your data private, step by step Security 101: Here's how to keep your data private, step by step Here's how to protect you against hackers and government surveillance.

When Wallenstrom took over at the helm in November, his was set on bolstering that enterprise customer , and pushing an open source mantra, something which he believes is important in the security space.

The company said it listened to "key voices" to a push towards opening its code to the public, including the Electronic Frontier Foundation, which its most recent "Who Has Your Back" report gave the company de facto full-marks for its privacy and security .

But that still wasn't enough to convince some companies to turn over their internal communications systems to an untrusted during a time of greater scrutiny in the wake of high-profile hacks and suspicion of surveillance.

Wickr hopes that now that anyone can the code, it will ease the minds of privacy-minded companies.

The response to Wickr's open-sourcing so far has been positive.

"You can't leak what you don't have," said Dan Kaminsky, a veteran security researcher who also advises Wickr.

"For years, Wickr has been at the of ephemeral communication. With Wickr , they are allowing to be confident that what is discussed is not distributed. And by opening their code, they are giving the engineering community strong reasons to trust their ," he said.

Opening its code to the world may be unfamiliar territory for the company, but Wallenstrom calls it "an important in Wickr's growth."

Realistically in security, service will only get you so far. It's trust that these companies strive for. In Wickr's case, it's late to the party, but it's better now than never.

Show Comments