Searched the cpunk archives and was surprised to find no mention of wickr yet. I thought I'd run it through stef's seven rules of thumb to detect snakeoil so here goes: * not free software - Closed source (although audited by Veracode) * runs in a browser - no * runs on a smartphone - yes * the user doesn't generate, or exclusively own the private encryption keys - unsure (displays a message about 'securing your phone using military grade encryption' during first app launch/sign-in, believe local keys are generated during this step.) * there is no threat model - (claims to be 'last messaging app standing with no 0days to date', claims nation threat attacks were expected from day one, claims zero knowledge company infrastructure server configuration) * uses marketing-terminology like "cyber", "military-grade" - displays message 'securing your phone using military grade encryption' during app setup * neglects general sad state of host security - unsure Additional notes: - Offers desktop app for Win/OSX/Linux since 2014/12 - https://wickr.com/ appears to require javascript to view - Founder Nico Sell is long time Def-Con organizer, founded Def-Con for kids (now called Rootz Asylum) in 2010 - Wickr company infrastructure security audited by iSecPartners