Wickr Announces General Availability of Anti-Censorship Tool
5.10.2018 securityweek Security
As the balkanization of the internet continues, traveling businessmen are left with concerns over the integrity of their communications from some regions of the globe. Increasing censorship, blocking and other restrictions in many world regions have left internet users unprotected because secure communications are banned.
In some countries such as Saudi Arabia and UAE, says Wickr, enterprise deployments may be difficult because of the national Telco's monopoly over networks. They restrict various end points and UDP, so all traffic goes through them for monetization or tracking purposes. As a result, some customers have to deploy outside of their region (such as India), to avoid having UDP packets get rate-limited and their tools rendered unusable.
To help solve this problem, Wickr has announced the general availability of its secure open access protocol to circumvent censorship for all Wickr Me and Wickr Pro (via admin console) users. It combines unrestricted access and end-to-end encrypted collaboration features in a single app, no matter where users are located.
The enterprise version of the tool was announced in August 2018, with the promise that it would be rolled out to other versions of Wickr, including the free version, in the future. That roll out is confirmed today. The tool comes from Wickr's collaboration with Psiphon. Psiphon describes it as a circumvention tool that utilizes VPN, SSH and HTTP Proxy technology to provide uncensored access to Internet content.
The Psiphon technology uses SSH as its core protocol. This prevents deep packet inspection by ISPs. On top of this, Psiphon has added an obfuscated-openssh layer that transforms the SSH handshake into a random stream, and adds random padding to the handshake.
When a Wickr client starts with Psiphon enabled, the client attempts to connect to up to 10 different servers simultaneously, and uses the first to be fully established. This minimizes user wait time if any of the servers are blocking certain protocols, are blocked by their address, or already running at full capacity and rejecting new connections.
This last point is important. It means that the Wickr/Psiphon product has value beyond just foreign travel. Domestic mobile workers often use low capacity public wifi with limited security. Wickr's encryption can secure the content, while Psiphon ensures minimal delay in the communications.
It is important to note that the Wickr/Psiphon tool is a communication optimization, security and anti-censorship tool -- it is not an anti-law enforcement tool. "Wickr provides full transparency to both law enforcement and our users on the type of metadata that is collected through our products, as well as any data requests we receive," CEO & President at Wickr told SecurityWeek. "The data we capture is very limited in scope to protect user privacy but done in a way that also supports law enforcement."
ISPs, however, remain the weak link in any secret communication. "As to ISPs," continued Wallenstrom, "they are in the business of monetizing user data and were given the green light to do so last year." They can legally collect and sell the data they collect -- but their storage of collected data presents a further risk.
"The risk to users of exposure could be very high and breaches over the years have pretty much confirmed this," he continued. "Short of stopping customer data collection and monetization altogether, ISPs should be transparent about what information they take and ensure proper safeguards are in place. In turn, users can limit their exposure by using privacy tools such as a VPN that masks browsing data from ISPs and encrypted messengers that protect sensitive communications from getting caught in a data sweep."
Psiphon was started more than 10 years ago at Citizen Lab, one of the worldís top research hubs dedicated to building anti-surveillance tools. Psiphon was responsible for keeping access to Telegram during Iranian protests, WhatsApp in Brazil and other tools. "There are probably 30 to 40 countries in the world where governments, ISPs and security agencies are all colluding together to control the local population and economy," Michael Hull, president of Psiphon Inc, told SecurityWeek. "This is the problem that Psiphon was founded to solve."
San Francisco-based Wickr was founded in 2011 by Chris Howell, Kara Coppa, Nico Sell, at Robert Statica. It has raised a total of $73 million in venture funding.