Screen Shot 2017-05-05 at 1.17.52 PM.png

You are in charge, always. 

SECURELY CONNECTING THE WORLD


 

CRYPTO BLOG

 

SECURITY IS FOR EVERYONE.

Whether personal or business, your conversations & data are private by design.

 

End-to-end encryption

Content is encrypted locally on user devices and is only accessible to intended recipients. Wickr never has the decryption keys.

Ephemerality

 

No conversation lives beyond its useful life – you decide when your content gets automatically deleted for good.

Perfect forward & backward secrecy

Every message, file and call is encrypted with a new random key. As of now, breaking just one key would take trillions of years to decipher.


Zero knowledge

Even in the case of a breach, Wickr servers have no user communications - they are undecipherable in transit and deleted upon delivery. 


User Key Verification

After exchanging keys with your contact, Wickr provides tools to help verify the identity of the person using the keyson the other side of your conversation.


Network Controls

Wickr enables your business to run your own private network. Control and centrally manage security policies for your users.


noun_1007327_bfbfbf.png

Federation

Users within one Wickr network can communicate  with partners in other Wickr networks while still maintaining security and ephemerality controls.

 

Secure calling

Not only is your calling on Wickr end-to-end encrypted, it is also protected with forward security - whether 1:1, or in conference calls.

WICKR’S MESSAGING PROTOCOL

This infographic is designed as a high level visualization of the Wickr Messaging Protocol. For more information, please see the technical white paper by Chris Howell, Tom Leavy & Joël Alwen here and the source code here.

Special thanks to Whitfield Diffie, Paul Kocher, Dan Kaminsky, Adam Shostack, Scott Stender & Jesse Burns for reviewing this paper and/or code and providing their insightful comments and invaluable advice.

Wickr employs multiple layers of encryption to secure your data and messages, both at rest and in transit, including:

  • Wickr username, application ID and device ID are cryptographically hashed with multiple rounds of salted SHA256;
  • Data at rest and in transit is encrypted with AES256;
  • As part of Perfect Forward Secrecy, each message has a new encryption key that is deleted as soon as message is decrypted;
  • Message encryption keys are encrypted with a key produced using ECDHE;
  • Messages are bound to both the receiver’s application and device;
  • No password or password hashes ever leave user device;
  • All user content is forensically wiped from the device after it expires;
  • Your UDID (Unique Device Identifier) is never uploaded to our servers so you are always anonymous to us.

SECURITY, VERIFIED.

Premium data deserves premium security. That’s why we are committed to working with world-leading experts to thoroughly inspect our code. Wickr's messaging protocol is also available for public review. 

“Aspect found no weaknesses in the latest version of Wickr software that would allow Wickr or a third party to gain access to unencrypted user messages." Read more here.

“Wickr met or exceeded the security score outlined in the Veracode Risk Adjusted Verification Methodology for an application at the high assurance level."

iseclogo copy.png

“Wickr performs strong end-to-end (mobile to mobile) encryption such that they cannot decrypt communications." Read more here.

Screen Shot 2017-04-26 at 2.21.24 PM.png

BUG BOUNTY PROGRAM

Under Responsible Disclosure Terms, qualifying security vulnerabilities can be rewarded with a bounty of up to $100,000 US depending on our assessment of severity as calculated by likelihood and impact.


As a company of InfoSec experts, we know security is a team sport. Securing the world’s communications requires all resources available to us to ensure our code can withstand emerging threats. White-hats, academics, security engineers and evangelists have been responsible for some of the most cutting edge, eye-opening security revelations to date. The Wickr Bug Bounty is designed to encourage top-notch security researchers to help us identify and mitigate any potential issues in Wickr ecosystem. We pledge to drive constant improvement with the goal of keeping Wickr the most trusted messaging platform for our users.

Trust built on transparency

User trust means everything to us, which is why we’re committed to being transparent and predictable about how we handle user data and how we respond to law enforcement requests for user information.


 
 

"Wickr has adopted all of the best practices we’ve identified as part of this report. We commend Wickr for its strong stance regarding user rights, transparency, and privacy."