Wickr: Redefining the Messaging Platform, an Interview with Co-Founder, Chris Howell

In the modern era, messaging applications are a constant target for attackers, exposing vulnerabilities, disclosing sensitive information of nation states and insider-employee inappropriate behaviors or practices. There is a constant need to prioritize one's cybersecurity and upgrade one's infrastructure to the latest and greatest of defensive technologies. However, the messaging tools that these same organizations tend to rely on often are the last to be secured, if at all. This is where Wickr comes in. Wickr is an instant-messaging application and platform offering end-to-end encryption and content-expiring messages. Its parent company of the same name takes security seriously and has built a product to showcase that. I was able chat with co-founder and CTO, Chris Howell, who was gracious enough to provide me with more information on what Wickr can achieve, how it works and who would benefit from it.

Petros Koutoupis: Please introduce yourself and tell us about your role at Wickr.

Chris Howell: I'm co-founder/CTO and responsible for technical strategy, security and product design. You can read my full bio here.

Petros: What do you see as a weak point in today's messaging apps?

Chris: By far, at least when it comes to security, the weak point of virtually all messaging apps to date (and all other apps and services, really) is that they're built with the assumption that users will have to trust the service. The problem with that way of thinking is can we really trust the service? That's not to say there are bad people running them, necessarily, but how many breaches (for example, Equifax 2017) or abuses (for example, Snapchat 2019) do we need to see to answer that question? Once the service is built that way, messaging users generally suffer in two ways. First, at some key point on their way to the recipient, messages are readable by some number of folks beyond the recipient. Now, the service typically will point to various security certifications and processes to make us feel okay about that, but in most cases where there are humans involved, what can happen will happen, and whatever controls are put in place to limit access to user data amount to little more than a pinky promise—which when broken, of course, leaves the user with a loss of privacy and security. Second, having been so trusted, the service typically prioritizes "virility" and its own growth over the users' need to control their own data, leading to behavior like scanning message content for marketing purposes, retaining messages longer than necessary, and abusing contacts to aid the growth of the service.

Petros: How does Wickr help address that?

Chris: The right way to think about trust when you want security is that less is more. The concept of zero trust as a security goal, which really hasn't changed much since we were keeping secrets in kindergarten, is that, ideally, if you don't need to trust someone, don't, and if you don't need to trust anyone, great. Practically, it means the less people or things you need to trust with something important to you, the better off you generally are. Wickr is built with this zero-trust mindset. Our encryption is true end-to-end, meaning once they leave the sender's app, our messages literally can't be decrypted until they get to the recipient's app. You don't need to trust us to not read your messages as they flow through our service because we can't read them even if we wanted to. You also don't need to trust a whole slew of others in the chain either, such as a malicious 5G network or an attacker on a compromised Starbucks' Wi-Fi network. We make conscious efforts to minimize the kinds of information we collect and store related to our users to only what's genuinely necessary to provide the service, which again flips the trust model around from the norm. We don't want to collect user information, precisely because we don't want to take the risk of losing or abusing it, which, let's be clear, it's really the users' risk—they stand to lose.

Petros: Who would benefit most by using Wickr?

Chris: Teams and enterprises should take an especially close look at what we have to offer. Well, anyone, really, who wants to use a messaging product that prioritizes user security and privacy interests over all else, but we've worked hard in the past year and more to build out our Pro and Enterprise products. The feedback we're getting is great, and it's amazing to see how much net risk (aka headaches) we're reducing in the eyes of those who bring us in (CISOs, GCs, Execs) by addressing head on what is an often overlooked and taken-for-granted aspect of corporate security.

Petros: What does Wickr's future look like? As in, what exciting features or functions can or should users be expecting in the near future?

Chris: I think we've recently and quietly developed two capabilities that are just beginning to blossom into game-changers in the secure team and enterprise messaging space. The first is compliance, which is the ability to support corporate governance and regulatory requirements for things like message archiving and DLP. This was a big need for our larger customers especially and a fun technical challenge for us to tackle in a secure way. It's been especially rewarding too, because so many who have come to know us as an ephemeral messaging app are frankly (and pleasantly) shocked to learn that we can now offer both—ephemeral messaging and compliant/managed messaging. The second is integration, which was another fun technical challenge to tackle and one that allows our customers to integrate external services, APIs, chatbots and the like into Wickr. The potential here is awesome and we're already seeing customers run with it in some really creative ways like interacting with workflow tools and AI engines and automating content delivery.

Petros: Is there anything else you'd like to share with our readers?

Chris: Just that they shouldn't be afraid to expect more from their tools in terms of privacy and security, and that there are now better ways for their businesses and families to communicate. There is no need to compromise your security away.

To learn more, visit wickr.com.

Petros Koutoupis, LJ Editor at Large, is currently a senior performance software engineer at Cray for its Lustre High Performance File System division. He is also the creator and maintainer of the RapidDisk Project. Petros has worked in the data storage industry for well over a decade and has helped pioneer the many technologies unleashed in the wild today.

Load Disqus comments