The new apps for Windows, Mac and Linux promise not to keep any record of your communications. Wickr doesn’t store conversations or metadata on its servers, and it uses multi-layer AES256 and ECDH521 encryption to send messages to other users. (The company also offers a $100,000 bounty for anyone who finds serious vulnerabilities in its encryption.)
Each message also includes a self-destruct timer, with a maximum length of six days and a minimum of three seconds. Beyond just removing messages from the chat window, Wickr users a ‘Shredder’ that periodically wipes message history from users’ hard drives and RAM, and claims that shredded messages can’t be recovered through forensic investigations.
To sign up, users create a name that allows other users to find them, along with a password for signing in and using the app across multiple devices. Users have the option to enter an email address and phone number – Wickr says it stores ‘cryptographically scrambled representations’ of this information on its servers – but this is not required. After signing in, users can chat with groups of up to 10 people and send text, images, video and audio messages.
Here’s the caveat: There’s nothing stopping the message recipient from taking a screenshot and storing or distributing it. While Wickr’s Android app is able to block screenshots, this feature is not possible on iOS and doesn’t seem to be available on the desktop versions. In other words, sending a self-destructing message through Wickr still requires a measure of trust.
Why this matters: With the potential for government snooping and data breaches, there’s clearly a need for messaging apps that don’t keep a record of users’ communications. While Wickr isn’t the only example – BitTorrent Bleep and Silent Circle are other options – its combination of free apps and broad platform support stands out for now.