If you use a workplace collaboration tool like Slack or Hipchat, it’s easy to fall into an assumption of privacy, throwing around gossip and even sensitive business as if it were normal cubicle chatter. It’s not. Anything you write in one of those collaborative chatrooms can be stored, and is potentially vulnerable to government surveillance, hacking, or a subpoena in a run-of-the-mill lawsuit.
The encrypted-messaging startup Wickr wants to solve that potential Slack-snooping problem. Today it’s launching Wickr Professional, software it hopes will be the most workable combination yet of Slack’s chatroom-based messaging, the privacy of encryption, and the ephemerality of Snapchat-style self-destructing messages.
Unlike other collaboration tools, which encrypt messages as they travel from a user’s device to a company’s servers but store those communications in an unencrypted state, Wickr uses end-to-end encryption. That means only the people on either end of a conversation can decrypt and read messages. That’s an important security step, but Wickr CEO Joel Wallenstrom argues that it’s really the software’s ephemeral messaging feature, which allows administrators and users to set self-destruction timers for messages as short as a few seconds, that sets Wickr apart.
“End-to-end encryption is kind of table stakes these days,” Wallenstrom says. “We’re really trying to break through the idea that you have to keep everything forever, and that just layering encryption on will save the day…A setting that makes secrets not stick around forever is a good thing.”
The notion that written records of sensitive conversations can come back to haunt their authors has been made especially clear over the last year: WikiLeaks illustrated it yet again with the leaked emails of the Democratic National Committee and Hillary Clinton staffer John Podesta that injected chaos into the party and Clinton’s campaign. Hulk Hogan’s lawsuit against Gawker for publishing a video of him having sex dredged up embarrassing conversations from the media company’s Campfire collaboration software, including obscure wrestling sex jokes and at least one picture of an uncircumcised penis that Gawker’s editor-in-chief had shared with staff.
Locking Down the Water Cooler
Wickr hopes to capitalize on that growing anxiety over stored, sensitive conversations. Its Wickr Professional tool will expand the features of its software beyond the free encrypted and self-destructing messaging app Wickr Messenger that it’s offered for more than three years, which the company says is now used by “millions” of people. (It declined to offer a more specific user count.) It’s a booming market; Slack alone has exploded from two million daily users to four million in just the last year. Wickr also hopes to command a premium for its secrecy features. Wallenstrom says that a typical installation will cost about $50,000 a year for a company with a hundred users, more than three times the cost of Slack’s premium version. “It’s not free. It’s a serious tool,” says Wallenstrom. “But for the things we’re helping them protect I think it’s pretty fair.”
Wickr Professional, like Slack, will allow users to create chatrooms for group messaging, share files, and eventually make audio calls, though that calling feature will only be added in the coming months. Unlike Slack, Wickr users will be able to set self-destructing message policies for both individual messages or entire rooms, quickly erasing all traces of messages on some sensitive topics, while storing others for posterity. For bosses who want both end-to-end encryption and a a log of all conversations, or for regulated industries that require an auditable history, the software will offer a feature that acts as essentially another silent participant in conversations, recording everything without giving employees access to a chat log. The paper trail lives only with the bot. But in all other cases, it says its ephemeral messages will be erased completely—thoroughly enough that they can’t be leaked, handed over to FBI agents, or subpoenaed by Hulk Hogan’s lawyers.
A Crowded Market
Wickr won’t be the first to offer end-to-end encrypted collaboration software. It will compete with a growing list of privacy-focused communication companies including SpiderOak, ClearChat, and Symphony. But unlike some of those tools, Wickr offers both self-destructing messages and perfect forward secrecy, an encryption feature that changes the encryption key with every message to make cracking its communications more difficult. And thanks to its Messenger app, Wickr already has an existing user base from which to draw—as well as around 20 customers for a beta version of Wickr Professional—and a decent reputation for security. Its advisory board includes renowned security researcher Dan Kaminsky, and its earlier software has been audited by security firms iSec Partners, Veracode and Aspect Security, all of which gave Wickr Messenger a clean bill of health.
Even so, it may be too soon to trust Wickr’s encryption with your darkest secrets. Wickr Professional, like Wickr Messenger, remains closed source, which has prevented a wider crowd of cryptographers and security auditors from examining its code for vulnerabilities. Johns Hopkins computer science professor Matthew Green has written that this obscurity makes its real security a mystery. “Should I use this to fight my oppressive regime?” he asked of Wickr Messenger in 2013. “Yes, as long your fight consists of sending naughty self-portraits to your comrades-at-arms. Otherwise, probably not.” (Wickr has hinted at open sourcing its code in the near future: A spokesperson tells me that the company has “exciting news soon on that front.”)
Still, even Green says he’s pleased to see companies like Wickr taking on the challenge of building security features into collaboration software. “It’s insane that companies have so much sensitive information on unencrypted tools like Slack,” he writes. “Being able to end-to-end encrypt that information is really compelling.” And if its timed message-destruction can prevent an embarrassment of WikiLeaks or Gawker lawsuit proportions, it may end up being the most compelling feature of all.