How-to: Use Wickr Me in Whonix

From Whonix
Jump to navigation Jump to search
Wickr Logo

Using Wickr Me in Whonix over the Tor anonymity network.

Introduction[edit]

Wickr Me can be installed in Debian and provides various functionality in addition to end-to-end encrypted messaging: [1]

With Wickr Me, you can instantly connect with your friends 1:1 or in groups - now with fully encrypted voice calling, voice memos - new additions to the trusted end-to-end secure sharing of files, images, and videos. Take full control over who has access to your content and how long it remains accessible.

The application touts various privacy and security benefits, including: [1]

  • no access to messages or contact lists
  • users' address books remain private and not stored on Wickr servers
  • each message being encrypted with a new key
  • no phone number or email address registration required
  • nil storage of meta-data
  • communication in private groups of up to 10 users
  • partial open source code [2]
  • an expiration time can be set on messaging content
  • incorporation of perfect forward and backward secrecy for user content

To learn more, refer to the parent websitearchive.org.

Info COMMUNITY SUPPORT ONLY : THIS WHOLE WIKI PAGE is only supported by the community. Whonix developers are very unlikely to provide free support for this content. See Community Support for further information, including implications and possible alternatives.

Warning[edit]

Wickr Me is considered a security risk and installation is discouraged as per software installation best practices:

  • Unsigned software: It is not possible to follow the security advice of always verifying software signatures, since installation is through snap which does not yet verify software signatures. [3]
  • Installation procedure: The third party package manager snap is required, which is generally discouraged. [4]
  • Proprietary software: Only the Wickr Me encryption protocol is open source. The rest of the client application source code and other elements remain proprietary and unavailable for public scrutiny. [5] Avoid non-freedom software.

non-freedom

See Avoid non-freedom software.

Related: Whonix Policy On Non-Freedom Software

If proceeding despite the risk, it is recommended to use a separate Whonix-Workstation for greater safety.

Installation[edit]

Overview[edit]

Choose an installation source. You can install either:

  • A) From wick.com, or
  • B) From Snap.

From wickr.com[edit]

Undocumented. Unspecific to Whonix.

Probably better than installing from snap.

From Snap[edit]

Notes[edit]

Info Platform specific notice:

Currently, attempting to install Wickr Me over snap over Tor will result in an error because Wickr developers instructed snap store to block downloads over Tor. This is also called geo-blocking. (forum discussionarchive.org) To circumvent this, the only option is to install Wickr Me using snap using a mechanism called sideloading, in short snap sideloading.

Workarounds:

  • A) Download snap without (!) Tor method: With high anonymity risks is to download the snap package must be without Tor, then manually transferred into Whonix-Workstation and installed there. Or, alternatively
  • B) Post-Tor Tunnel-link method: A Post-Tor Tunnel-link should allow installation from within Whonix-Workstation. To learn more about tunnels, see Tunnels/Introduction.

Both workarounds are awful and it would be much better if the user found an alternative to Wickr Me.

Instructions[edit]

Note: The following instructions must be run in another Debian installation (Kicksecure, Debian, separate physical machine, etc) (anonymity risks) or while having set up a Post-Tor Tunnel-link. (UserTorproxy/VPN/SSHInternet)

1. Open a terminal.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Workstation App Qube (commonly named anon-whonix)Xfce Terminal

If you are using a graphical Whonix with Xfce, run.

Start MenuXfce Terminal

2. Install dependencies.

Install package(s) snapd following these instructions

1 Platform specific notice.

2 Kicksecure logo Update the package lists and upgrade the system Onion Version .

sudo apt update && sudo apt full-upgrade

3 Install the snapd package(s).

Using apt command line Kicksecure logo --no-install-recommends option Onion Version is in most cases optional.

sudo apt install --no-install-recommends snapd

4 Platform specific notice.

5 Done.

The procedure of installing package(s) snapd is complete.

3. Download wickrme package:

snap download wickrme

4. View the downloaded file names.

Such as with a file manager of your choice or use the ls command.

ls

Expected output will include similar file names to the following:

wickrme*.assert
wickrme*.snap

5. Copy the downloaded files to your Whonix-Workstation using your preferred file transfer method.

Inside your Whonix-Workstation:

1. Open a terminal.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Workstation App Qube (commonly named anon-whonix)Xfce Terminal

If you are using a graphical Whonix with Xfce, run.

Start MenuXfce Terminal

2. Install dependencies.

Install package(s) snapd following these instructions

1 Platform specific notice.

2 Kicksecure logo Update the package lists and upgrade the system Onion Version .

sudo apt update && sudo apt full-upgrade

3 Install the snapd package(s).

Using apt command line Kicksecure logo --no-install-recommends option Onion Version is in most cases optional.

sudo apt install --no-install-recommends snapd

4 Platform specific notice.

5 Done.

The procedure of installing package(s) snapd is complete.

3. Navigate to where you transferred your files.

Might be easiest to transfer the files to your home folder.

4. Install Wickr Me.

sudo snap ack wickrme*.assert

sudo snap install wickrme*.snap

Start Wickr Me[edit]

You launch Wickr Me from the application launcher (under Internet or by searching).

To launch Wickr Me from the commandline, run:

wickrme

If you haven't rebooted since installing snap, wickrme might not be in your PATH. You can reboot now or run:

/snap/bin/wickrme

Figure: Wicker Me in Whonix

Troubleshooting[edit]

snap[edit]

error: snap "wickrme" not found[edit]

As a workaround, try to install any other snap package first.

snap install vlc

Then try to install Wickr Me again. [6]

read: connection refused[edit]

The following error occasionally appears when trying to install Wickr Me (snap install wickrme): [7]

error: cannot install "wickrme": Post
       https://api.snapcraft.io/v2/snaps/refresh: dial tcp: lookup
       api.snapcraft.io on [::1]:53: read udp [::1]:60220->[::1]:53: read:
       connection refused

It is suspected the server sometimes bans certain Tor relays from connecting. Try changing the Tor circuit, then repeat the command.

realpath: No such file or directory[edit]

Sometimes running:

wickrme

Results in the terminal displaying this message:

realpath: '': No such file or directory
realpath: '': No such file or directory
realpath: '': No such file or directory
realpath: '': No such file or directory
Could not create NETLINK socket: Operation not permitted (1)
Failed to initialize udev, possibly due to an invalid system configuration. Various device-related browser features may be broken.

With Wickr Me still starting and showing an error during sign in that it could not connect to the Wickr Me Network (attempting to reconnect). This might be caused during the original installation of Wickr Me through snap install wickrme. Try reinstalling Wickr Me with the --devmode flag enabled and it should fix the issue. To do that, follow the steps below.

1. Remove Wickr Me.

snap remove wickrme

The command needs to be run twice. The first run will disable the "wickrme" package, while the second invocation will remove "wickrme".

snap remove wickrme

2. Verify Wickr Me is no longer installed.

Run.

snap list

It should no longer show wickrme.

3. Reinstall Wicker Me.

Use the following command.

snap install --devmode wickrme

4. Relaunch Wicker Me.

Start "wickrme" again.

wickrme

Forum Discussion[edit]

Footnotes[edit]

  1. 1.0 1.1 https://snapcraft.io/wickrmearchive.org
  2. The encryption protocol Wickr-Crypto-C source code is available on GitHubarchive.org.
  3. For better security and stability, wickr.com could provide Debian downloads, or better yet an apt repository for Debian.
  4. https://forums.whonix.org/t/snap-store-snaps-snapcraft-io-a-new-software-source/7631archive.org
  5. By comparison, the Signal protocol, client application and server are fully open sourcearchive.org.
  6. A bug report was drafted, but could not be submitted to https://bugs.launchpad.net/snapcraftarchive.org because of the following error:
    Timeout error
    
    Sorry, something just went wrong in Launchpad.
    
    We’ve recorded what happened, and we’ll fix it as soon as possible. Apologies for the inconvenience.
    
    Trying again in a couple of minutes might work.
    
    snap install wickrme reports 'snap "wickrme" not found' even though 'snap find wickrme' had found it
    
    Actual Result:
    
    Debian buster based.
    
    sudo apt update
    sudo apt install snapd
    
    snap find wickrme
    Name     Version  Publisher  Notes  Summary
    wickrme  5.48.9   tleavy     -      E2E Encrypted Anonymous Messaging
    
    snap install wickrme
    error: snap "wickrme" not found
    
    Expected result:
    
    wickrme gets installed or shows a better error message than 'snap "wickrme" not found' if not available for this system.
    
    System information:
    
    lsb_release -a
    No LSB modules are available.
    Distributor ID:	Debian
    Description:	Debian GNU/Linux 10 (buster)
    Release:	10
    Codename:	buster
    
    dpkg --print-architecture
    amd64
    
    uname -a
    Linux host 4.19.94-1.pvops.qubes.x86_64 #1 SMP Sun Jan 12 05:45:26 UTC 2020 x86_64 GNU/Linux
    
  7. https://forums.whonix.org/t/wickr-problem-help/7552archive.org

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!