Encrypted Messaging Apps Wire And Signal Turn To Ephemeral Messages

Wire added ephemeral messaging to its secure communications app with a new feature called Timed Messages. This, combined with similar efforts from the Signal messaging tool, shows the need for a hybrid approach to digital privacy that doesn't simply rely on end-to-end encryption (E2EE) to defend the public's privacy.

Timed Messages automatically delete themselves from both the sender's and the recipient's devices after a certain amount of time has passed. Unlike other messaging tools, like Facebook Messenger's secret conversations or Google's Allo, these private messages don't have to be sent in a new thread. Wire users are able to put an expiration date on anything they've sent to another Wire user via the latest version of the app, which is available now.

Wire explained the motivation behind Timed Messages in a blog post:

"Not everything we share is created equal. There are certainly moments we want to keep around and revisit days, months, or even years later. There are others that only make sense in a particular moment in time. That’s where Timed Messages come in. They are a great way to make sure what you’ve sent will only be available for a limited period. You’ll keep the chat history tidy and save space on your devices."

The release of Timed Messages comes shortly after Signal, another secure communications service that is popular among privacy advocates, added disappearing messages to its apps. Signal creator Moxie Marlinspike was careful to explain why ephemeral messages are not a perfect solution for private communications in his blog post about the feature:

"Disappearing messages are a way for you and your friends to keep your message history tidy. They are a collaborative feature for conversations where all participants want to automate minimalist data hygiene, not for situations where your contact is your adversary — after all, if someone who receives a disappearing message really wants a record of it, they can always use another camera to take a photo of the screen before the message disappears."

Ephemeral messages are nothing new. Snapchat is the most famous example of a messaging app that doesn't hold on to user data forever, and its limitations are well known: There were some problems with messages not actually being deleted, which was also true of WhatsApp's deleted messages, and dedicated users can take screenshots of any messages they want to keep. So why are apps devoted to privacy turning to similar mechanisms?

It's most likely because not everyone is worried about state-sponsored actors intercepting their messages as they travel along a network. They're worried about a stolen phone revealing their credit card information, a family member digging through message logs, or a jealous partner monitoring their contacts. The E2EE used by Wire and Signal addresses government surveillance but doesn't address the other issues.

Neither E2EE nor disappearing messages are enough to keep people safe from everyone. Governments can exploit a lack of E2EE to collect information about millions of people, which appears to have happened at Yahoo, and laymen can use their physical access to a device to view saved messages. Apps that want to help people defend their privacy, full stop, instead of addressing just one problem or the other must take a hybrid approach to security.

Privacy doesn't end with encryption or ephemeral messages, it begins with them. These Timed Messages and disappearing messages show that Wire and Signal both seem to understand that.

Create a new thread in the News comments forum about this subject
This thread is closed for comments
2 comments
Comment from the forums
    Your comment
  • devilsclaw
    what's preventing someone taking a screen shot or a analog picture or the message. what can be seen cannot be unseen.
  • grimfox
    They address that right in the article. There is nothing. It's not meant to prevent the recording or saving of the message it's meant to remove the message from the app after a time period that's it. It's not useful to everyone but the author did list some use cases right in the article.