What is Reddit's opinion of
Threema?
From 3.5 billion Reddit comments
➔ Threema website
By popularity on Reddit, this Service is:
100 reviews of this app found across Reddit:
Näyttäisi olevan suoraan Threeman markkinointisivuilta napattu, suomennettu vain. Jokainen joka on tällaisia vertailuja ollut väsäämässä kyllä tietää, että jotenkin kummasti siihen valikoituu sellaiset mittarit että oma tuote on aina paras. Ja joskus niissä suoraan valehdellaankin kilpailijoiden ominaisuuksista tai niiden puutteesta.
Signal attempts to become your default messaging client on android.
Once it does this you cannot export your own text messages to a backup, another messaging app, or move to an iphone if you so desire.
If you allow signal to handle your texts, then signal owns your texts instead of you... and that's the most antithetical thing a privacy centric app should be. Putting a users data under their control instead of locking control away from them should be a core pillar of any privacy software. Why isn't that the case with signal?
Ignoring of course the entire issue that server code on github hasn't been updated in months and years and you can't audit the bridges between your cellular carrier or the OWS server systems. Signal has a shitload of issues still.
If you actually care about your privacy or data, Threema.
Here's the latest external audit of their fully open sourced systems.
The difference is semantic - a vulnerability is not intentional, while a backdoor is.
I would actually argue that this is a backdoor because it is intentional.The "x's security key has changed" message is deliberately vague and offers no context as to what the security risks might be.
There are a lot of ways to circumvent the usability downsides that come with fixing it. Besides those mentioned in the article, there are things like Threema's verification levels. A visual indicator that will actually tell you how secure your communication is. This should be the norm for all async instant messaging applications, really.
And depending on how paranoid you are, you could allow only contacts with certain trust levels.
Tbh, security in WhatsApp is shady as hell - everything from vulns that get discovered to the murky details on crypto implementation makes me want to stay away.
Telegram hat halt echt eine Menge Features, die einem zunächst mal unnötig für einen Messenger vorkommen mögen, aber wenn man sich mal dran gewöhnt hat, dann sind alle anderen Messenger eben echt spartanisch ausgestattet. Vor allem Signal.
Hoffe, dass Threema seine Multi-Device-Funktionalität möglichst bald zur Verfügung stellen kann. Fände ich einen akzeptablen Mittelweg zwischen komfortablen Features und Sicherheit.
From the Threema FAQ:
> Why don't previews in push notifications work properly? > > If you see an ID instead of a contact's name in a push notification: a sender's name is not visible in a push notification for recipients using Threema on iOS or on Windows Phone due to technical limitations of Apple and Microsoft. These operating systems don't support background decryption of message contents.
In Whatsapp I still get so see the message content on my iPhone's lock screen when I receive a message as a push notification. So if Apple hasn't changed something in iOS recently which allows client side decryption of push notifications without opening the app that means the push notification has to be decrypted on the Whatsapp servers. But then it's not end-to-end encryption at all. Does anyone know more about that?
As stated in the quoted blog post, we entered the partnership with Afinum (a year ago) in order to gain access to additional resources. Of course, Threema’s founders continue to lead the company.
So, to answer your question: Yes, it is a partnership. And it should go without saying that Afinum fully shares our values in regard to security and data protection. Thanks to this partnership, we were able to publish our apps’ source code, and Afinum supports us in the B2B area. For example, they helped us in finding our new Head of Sales (cf. https://www.itreseller.ch/Artikel/94595/Miguel_Rodriguez_verstaerkt_Vertrieb_von_Threema.html).
Threema has had audits: https://threema.ch/press-files/2_documentation/security_audit_report_threema_2019.pdf
If I required as much security as possible, I'd use Signal. But I don't, and Threema has a better balance of usability and security for me. Heck, I think WhatsApp has a good balance too. Aesthetics and features matter.
Threema makes absurd claims on their web page about competing instant messengers using just TLS. Their audit is shallow (just a non-technical summary) and it's made by a small relatively unknown company with apparently just five people specializing in auditing. Threema is proprietary code and does not feature any kind of actual forward secrecy and even the claims that it uses open source peer reviewed libraries like NaCl is very hard to verify.
Signal on the other hand is FOSS and not only is the X3DH+double ratchet state of the art, it has an actual protocol audit available, reproducible builds, end-to-end encrypted calls. Last but not least, Signal does not falsely claim to provide provide protection for metadata even though it would appear not to collect it. Use Signal.
If the legal requirements are fully met, we can provide the following information associated with a given Threema ID: Hash of phone number, if provided by the user Hash of email address, if provided by the user Push token, if a push service is used Public key Date (without time) of Threema ID creation Date (without time) of last login
Here’s a statistic of all requests by authorities that we have received since 2014:
Year Requests by Swiss authorities Requests by foreign authorities with Swiss legal assistance Requests that have met the formal requirements Requests that didn’t meet the formal requirements Handing over of data (# cases) Handing over of data (# IDs) 2020 105 () 104 1 98 558 2019 101 () 98 3 93 317 2018 28 (*) 25 3 25 69 2017 2 2 4 – 3 12 2016 – 1 1 – 1 1 2015 1 – – 1 – – 2014 – – – – – – * Since the new BÜPF act has come into force on March 1, 2018, Threema can no longer distinguish between requests by Swiss authorities and requests by foreign authorities with Swiss legal assistance.
Last update: 2021-01-04
I'm trying to get people I talk to on a regular basis to switch to threema. I've even offered to reimburse them 4$ for the app if they buy it. It even encrypts meta data. https://threema.ch/en
However most people respond with the same bullshit that you talk about. I don't care I have nothing to hide. They continue using Facebook, WhatsApp, and Kik for messengers. It's a battle you'll unfortunately never win. I share your frustration.
linkme: Threema
You geht a Threema-ID that has 8 letters and/or numbers. Using telephone number and/or e-mail is possible but not neccessary.
- Text chat Yes
- Only allows chatting with people you have 'added' Yes
- An invisible or appear-offline mode Online Status is not shown. So always invisible
- Android and iOS compatible Yes
- Light battery/CPU load I don't know. I never had problem with it
- Open source No. But it got audited by a swiss IT security company. They say Threema does everything that it promises.
- Good security (similar to Telegram, Signal, etc.) Yes
- Free phone calls between users No. Can't say if this will ever be a feature
- Windows/OSX/Linux app No. Can't say if this will ever be a feature
Disable iCloud and then re-enable it, it should refresh. After this, immediately switch to https://signal.org/ or https://threema.ch/en
Not only that this backup issue WILL happen again, it’s not encrypted so all your chats can be visible if compromised and doesn’t help you when you get errors like this that corrupt the file and make it irreversible to obtain your back up data. I’ve experienced this before.
So yeah, re-enable your iCloud storage and once that’s in order, ditch this for the apps mentioned above. Also https://telegram.org/ has a feature to backup your WhatsApp data to telegram and continue the convo there.
I hope this helps.
I like Threema too https://threema.ch/en/ Outside of the Five Eyes Alliance. Although read this if you're paranoid. No smoke without fire lol https://www.reddit.com/r/Android/comments/bv3pc2/europol_has_broken_the_threema_encryption_at/
> Threema ist IMO single device.
Mindestens eine Sache ist hier falsch: Threema gibts für Android und iOS und 'IMO' bedeutet "in my opinion", es ist aber keine Meinung ob etwas existiert oder nicht.
I use a competing password manager on Linux, but I have to say this is truly an impressive port. I'm only going for at least "source visible" software when it comes to security though.
Have you considered moving towards a model like the one Threema took, where the source code is visible, but the commercial interest is still viable?
https://threema.ch/en/open-source
I don't mind paying money for software -- I ultimately get paid because other people do so. I just don't love when I can't see/change the source of something so critical to my day to day as a password manager.
>As of today, the Threema apps are open source! To celebrate this occasion, the apps are available at half price until December 28. That’s 100% transparency at 50% of the price. Those who don’t use Threema yet have more compelling reasons than ever to regain privacy now.
Upps, stimmt. Ich kannte für Telegram bisher nur den EFF Audit. Danke für den Hinweis, ich vermute du meinst dieses Paper?
Als Alternative wäre vielleicht noch Threema interessant (relevanter Audit), wobei ich persönlich zu wenig Leute kenne, die Threema benutzen. Im Endeffekt ist es eine Frage persönlicher Vorliebe: theoretische Angreifbarkeit ohne generelle Metadatenauswertung (Telegram) vs. sichere Kommunikation ohne critical mass bei Nutzerzahlen (Threema) vs. Auswertung der Metadaten aber sicheres Protokoll (WhatsApp).
Ich persönlich würde eins der ersten beiden wählen, weil selbst in Metadaten so einiges drin steckt. Die Wahl zwischen Telegram und Threema fiel dann eher aus Bequemlichkeit auf Telegram :(
Ob Telegram/Threema Metadaten zu wirtschaftlichen Zwecken minen (sprich: weiterverkaufen) ist mir nicht bekannt. Da bleibt allerdings auch wenig Wahl, mobile Peer-to-Peer-Messaging Dienste sind ja eher noch in den Kinderschuhen.
Telegram's security is doubtful.
Threema, all things considered, is superior (and the end-to-end encryption can be verified by anyone). Their crypto whitepaper shows they have done their homework.
I'm interested in Threema right now. Supposedly perfect end-to-end encryption and a lot of smart features, with adoption that's very high in my target countries right now. It's not open source, unfortunately, but the concept is good, and the "three dots" verification system they use is nifty.
I may end up buying it to fiddle later today.
Hi u/DangerPizzaSlice, thank you for you inquiry!
Yes, the Threema Work and Threema apps are completely compatible and generally identical regarding features. Also, both are compliant with the EU General Data Protection Regulation. You can find more information on the differences between Threema Work and Threema here: https://threema.ch/en/work/support/diff.
Should you have further questions, do not hesitate to contact us directly: [email protected]. We are always happy to help! ^pm
The connectivity with the server seems to be up again.
A Threema Safe backup does not contain messages (see https://threema.ch/en/faq/threema_safe_contents), so those messages are probably lost. However, your contacts should be back, they are part of Threema Safe.
You can also trigger a manual contact sync by pulling down the contact list. Maybe that helps?
There is no Threema Cloud, where you can backup all your chats to. You can backup to the Threema servers only your ID: https://threema.ch/en/faq/threema_safe. These data are backup to Threema: https://threema.ch/en/faq/threema_safe_contents.
Yes is similar to Signal. Threema has other advantages, so the one time payment is worth it.
Imagine all the Threema users want to make Full backups inclusive chats and media to the Threema Servers. Then Threema would need a lot of storage. Through media like pictures and videos the backups can get big. These extra servers would cost money and who should pay that? The apps are too cheap to cover these costs. Would be only possible with a subscription.
Hi, sorry to hear that!
Problems in relation to push notifications are typically caused by restrictions on certain device types. Please follow these instructions: https://threema.ch/faq/nopush. However, possible causes could also be network restrictions, security, cleaning, or other system optimizer apps (such as CClenaer, Clean Master, Security Master, etc.), or other optimizing mechanisms of the operating system that prevent Threema from running in the background (e.g. storage/memory manager).
If you need help resolving those issues, please get in touch with our support team. We will gladly help you: [email protected]. ^pm
Absolutely agree with you there. They explained it in their Messenger comparison as followed: "The security and reliability of this feature [“Self-destructing” messages] is questionable. Depending on the operating system, the content of a message can still be accessed in the operating system’s notification log after the message has been deleted in the app."
Threema got a transparency report too: https://threema.ch/en/transparencyreport
They also have almost no data.
Even though i like the transparency of Signal, i cant believe that they only got two court orders in five years with that many users. Also they need to store the push-token of the device to send push notifications, but they say they don't have it.
I use Signal and like the NGO approach, but their communication about data requests seems a bit too good to be true for me.
I’ll do you one better. Use threema. It’s open source. Gdpr compliant. Swiss jurisdiction. Has had a security audit in the last year. NO PHONE NUMBER REQUIRED.
https://threema.ch/en/messenger-comparison
Edit:most important. Runs its own servers.
You put "Signal" as top Instant Messaging alternative, but you should actually add Threema and put it above Signal. With Threema, you don't even need a phone number or an email to use it. Much better than Signal for privacy:
Look at this: https://threema.ch/en/messenger-comparison
> Seems a problem of 1.39.5
Yeah I saw this thread and the "workaround", but on Linux you can't go back to 1.39.4, only 1.38.something, and then the app simply refuses to sync with your phone until you update.
> Plus it has the way better interface.
Absolutely!
> How did you find this bot?
The ECHOECHO one? It was in my contact list when I connected my browser to Threema Web. It just sends your messages back at you to test the app. If you invite it to a group it stays quiet, though (which is useful here.)
I wish there was a list of bots available somewhere, but not to my knowledge ¯\_(ツ)_/¯ The other one I found is Threema Channel, but that's it. Wait, no, there's the Corona Radar, too!
Oh and I forgot to mention in my previous comment: Earlier today Signal (iOS) managed to crash 4 times in a row within a minute because I was switching back and forth between it and Threema. Threema didn't crash.
I gave them a go recently. They both work fine if you're a mono-device kinda guy, but when you have more than one it gets a bit complicated.
Signal: Their desktop app refused to send anything, but I could receive messages just fine. On my tablet, somehow not all messages from conversations started on my phone would sync. All in all, it was a pretty unreliable experience.
Threema: No desktop app, but a web interface that works perfectly as long as your main Threema device is turned on and has a web access. There's a tablet app, but you can't use your Threema ID on more than one device at once, so you have to jump through hoops to get it to work "properly." Note: they're currently working on an actual multi-device function.
Other notable things based on my preferences and needs:
Signal
- - Phone number mandatory
- - - - - - Sends a notification to your Signal contacts when you join their service
- + Self-destructive messages available
- + Can delete already sent messages
- + Stickers (but you can't re-order them)
- + Can send messages to yourself
- + Link previews
Threema
- + No phone number required
- - No self-destructive messages
- - Can't delete already sent messages (you can only delete them for yourself)
- - No stickers
- - Can't send messages to yourself (there's a workaround: create a group chat with ECHOECHO and it'll work)
- - No link preview
So, while Threema lacks a few features I'd like to have, what it does, it does it perfectly. Signal seems good on paper, but it's still unreliable for me and overall, it lacks polish. I'll stick with Threema for now.
E2EE makes multi-device access VERY complicated.
- Telegram’s cloud-backed model isn’t built to support E2EE chats by default and that’s why it is even more complicated to introduce them for TG team.
- Signal solves this challenge by using local storages on each of your devices - the challenge here is you can only access your chat history on a given device from the time of your first login on that specific device. This is why, Signal’s multi-device access falls short vis-à-vis TG. I think Threema does the same.
- WA used to do it through over-the-network syncing (which needs your primary device to be on all the time). It also requires you to give WA permission to access your local network signal (not sure what this actually meant, but it was a separate permission I had to allow on my iPhone)
Threema’s explanation makes it a bit clearer.
Have a look at https://threema.ch/en/faq/status_expl
If you see the closed envelope, it means that the message is sent to the server but not received by your partner (may be received but not seen if using Windows Phone).
Just had a look at threema.ch on semrush. Looks like the traffic IS increasing. Have a look at where the traffic is coming from: https://www.semrush.com/info/threema.ch
​
That said, I agree. Would be great with increasing rise in the user base.
Vieles davon ist open source. https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
Ist meiner Meinung nach das vernünftigste. Verknüpfung von zB Handynummern ist freiwillig. Daten werden lokal gespeichert.
Threema isn’t open source but they underwent independent code audits and have a good reputation in the security community. Also an alternative to Signal. It’s always good to have the choice. https://threema.ch/en/faq/code_audit https://threema.ch/en/blog/posts/independent-security-audit-confirms-threema-lives-up-to-its-promises
As an addition to all suggestions below I'd recommend Swiss Messenger Threema (https://threema.ch/en). It might cost like 3 Dollars but their security protocol is excellent. In addition, you don't need to give your phone number.
I would generally disencourage from using Telegram as an alternative if you want privacy. It has end-to-end encryption but they are kind of shady and intransparent.
I think one cannot be sure whether or not it is possible to remove all traces especially if you have linked Skype with Microsoft. Best probably is to delete your account locally and globally so that it doesn't "hang around" in the cloud. Even better is, if you stay away from all similar apps and messengers such as WhatsApp. If you want to keep chatting but to be secure at the same time, i recommend you try Swiss Messenger Threema as a replacement (https://threema.ch/en/). It is always nice to see when people actually start caring for privacy.
We simply don't know how much data WhatsApp shares with Facebook (it certainly does). We do know however, that WhatsApp collect a massive amount of Metadata from all users. It certainly is a bad idea to use Whatsapp if you hate Facebook. As an alternative, I recommend Swiss Messenger Threema (https://threema.ch/en). You can go completely anonymous and don't even have to provide your phone number.
I asked Threema support about this last summer.
Q: Is there a way to set the location where a backup will be saved? If I could backup to the 64 GB SD card I have installed, that would solve my problem. If the data file could be set to be stored on the SD card in the first place, that would also make things easier for me. I did not see any option to do this in the options.
A: Thank you for your inquiry. Currently the feature you mentioned is not available. We take the requests of our users into account, but are not able to disclose if or when such a feature will be implemented in Threema. We will gladly accept your future suggestions on the following site: https://threema.ch/en/feedback
I'm a bit of an outlier since I'm using a weird ROM on an outdated phone. Maybe it works for newer Android versions. I'm a bit sketchy on the details but I think they changed something about how storage management works between 5.x and 7.x
Um auf Deine Frage zu antworten...
Der Ausstieg bei mir war weniger "schmerzhaft" als erwartet. Ich habe immernoch Kontakt zu allen Freunden, die es wert waren. Es gibt aber ein paar Änderungen.
- Ein oder zwei Kontakte muss ich jetzt per SMS anschreiben.
- Ich ersticke nicht mehr in der Flut von unnützen Facebook-Pfostierungen.
- Ich telefoniere mehr.
So habe ich es gemacht:
- Ich habe mir Threema zugelegt. Das Tool ist unabhängig zertifiziert sicher und lagert seine Daten verschlüsselt in der Schweiz. Und es kostet Geld! Das ist gut! Denn wer nicht bezahlt ist die Ware und nicht der Kunden.
- Ich habe meinen Freunden mitgeteilt, dass ich WhatsApp ab dem Tag X nicht mehr nutze, ich aber gerne in Kontakt mit ihnen bleiben möchte. Dafür muss dann Threema oder die SMS genutzt werden. Sieben meiner Kontakte sind gewechselt.
- Facebook habe ich einfach gelöscht und vermisse es gar nicht. Auch hier solltest Du es ankündigen und in Zukunft auf die gute, alte E-Mail, Threema, SMS oder Skype verweisen.
Und heute? Ich lebe sehr gut damit. Ich habe keinen meiner Freunde "verloren", bekomme trotzdem noch alle Ereignisse mit.
Das wichtigste ist Deine Kommunikation gegebüber Deinen Freunden beim Ausstieg, wenn Du nichts verpassen möchtest.
Edit: Telegram: Mich persönlich beruhigt es nicht gerade, dass Telegram in Russland sitzt.
Consider either Silent Phone and/or Threema. Please note that both are not fully Open Source and both have some sort of cost associated with them.
Threema itself is not open source. But the NaCl library it uses for encryption is open source. https://threema.ch/validation/
I also use it and like it very much. Especially because it is not necessary to use a phone number for registration.
In that case, why do Threema themselves claim that Google Play Services are required? The most likely explanation to why Threema works on Blackphone is that Blackphone's proprietary operating system (Silent OS) includes a built-in alternative to GCM. At this point, open-source operating systems like Paranoid Android and CyanogenMod don't include built-in alternatives to GCM, even though there are FLOSS projects like GmsCore.
I use Signal and I'm also a fan of https://threema.ch/en which is cross-platform and has some neat features missing from Signal like trust level, no requirement to link to phone number (anonymous), etc.
Edit: Recent news about Threema's popularity in Germany (3.5 million users worldwide) http://www.businessinsider.com/threema-encryption-messaging-app-america-launch-isis-2015-6?r=UK&IR=T
> Jedes mal wenn ein neuer Mitspieler dazukommt müsste ich 20 Leute neu einladen und die alte Gruppe löschen? Nein danke, das ist einfach nicht benutzerfreundlich.
Geht seit längerem ohne neuen Gruppenstart:
Threema ist zwar leider nicht open source aber ein audit gab es jetzt wohl. Link
Das Problem ist aber sowieso die Verbreitung von weniger sicheren kostenlosen Massengern auf dem Markt. Das macht es schwer Leute dazu zu bringen zu wechseln.
Threema supports end to end encryption for group chats. Source
I've tried to talk with the Telegram team and they are far from responsive. I use both programs, but at least the Threema support team returns my emails.
Threema's crypto is in fact NaCl which was implemented by one of the todays most renowned cryprologists, Daniel J. Bernstein. They never refused an independent audit they just say they think is pointless if not done for each and every new version of the app. Open Source doesn't help either since there's no way for users to verify if the package provided in the app store really corresponds to the published source code anyway.
They also clearly state in their comprehensive whitepaper that PFS in only available on the transport layer.
The most important advantage of Threema is that you don't need to provide a valid phone number in order to use the app. So if you're in for privacy or anonymity, this is the app you should use.
According to this article, Telegram is not that safe:
"To sum it up: avoid at all costs. There are no new ideas, and they add their flawed homegrown mix of RSA, AES-IGE, plain SHA1 integrity verification, MAC-Then-Encrypt, and a custom KDF. Instead of Telegram, you should use well known and audited protocols, like OTR (usable in IRC, Jabber) or the Axolotl key ratcheting of TextSecure."
A user on security.stackexchange.com says: "Telegram is by no means secure. For commonly accepted definitions of secure, not the one Telegram made up."
I'm sticking with Threema. All messages are en- and decrypted on the device, the servers are in Switzerland and the encrypted messages are only on the servers until they are delivered to the recipient .
> How are they charging people
They charge poeple because you don't walk into a store and grab a bread without paying.
> do they offer something unique?
- Zero metadata collected
- Signup without any personal info
- Financial stability
- Own infrastructure (No AWS/Azure bullshit)
- GDPR Compliant
- Swiss jurisdiction
threema.ch/en/messenger-comparison
It's simply a different, more traditional business approach, apparently one that not many people understand. It is fair to pay a small one time fee to ensure the continued operation of the messenger, rather than relying on ads or crypto ponzi schemes.
> I don't think they will ever gain a high enough user base to become a mainstay
Threema might not have as big of a userbase, but the customers are better. The customers know that good and private software is not cheap and that it needs funding. They also offer services like Work or OnPrem.
Signal is good, but not perfect (read here). The main drawbacks are US jurisdiction and AWS server infrastructure, while Threema is based and has server infrastructure in Switzerland.
> Muss ich nicht trotzdem jeweiligen Unternehmen vertrauen, dass der Code auch so 1zu1 deployed ist und nicht irgend eine Middleware in den APIs hängt, die trotzdem Zugriff auf die Keys hat und mitlesen kann?
Dazu gibt es reproducible builds. Damit kannst du verifizieren, dass die Applikation auch genau dem veröffentlichten Quellcode entspricht. Allerdings ist dies aufgrund von Einschränkungen von Apple nur unter Android mit vertretbarem Aufwand möglich.
Dank Ende-zu-Ende-Verschlüsselung muss man dann der Middleware und dem Server auch nicht mehr vertrauen.
Ich empfehle dir bzgl. asymmetrischen Verschlüsselungsverfahren nachzulesen um deren Funktionsweise zu verstehen. Dies sollte deine Frage automatisch beantworten.
Abgesehen davon:
https://threema.ch/docs/work/threema_privacy-security_de.pdf
https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
Ja. Die Verschlüsselung der Nachrichten weist aber nicht Perfect Forward Secrecy auf (siehe deren Whitepaper, Seite 14), d.h. der Betreiber kann den Inhalt der Nachrichten entschlüsseln, wenn er später an einen Schlüssel kommt.
Ich werde das in der ursprünglichen Nachricht ändern, das ist falsch.
No, we do not see any file names when you send files via Threema. As /u/AwayAluminium wrote, all content (including the file name) is encrypted locally on your device.
You can find technical information about the file sending process in our cryptography whitepaper, in the section "Media Access Protocol".
Happy file-sending! ^db
No, not yet possible. It still in development:
There is a workaround with using groups for messaging. So you could create a group with your id, your tablet id and your chat partner.
Details you find in the FAQ:
You probably just got rate limited, even though it looks like it. Stuff on the internet isn't free.
You can contact Threema at the bottom of their FAQ page: https://threema.ch/en/support They'll probably help you.
Actually, it's not that much and Threema writes this information on their website: https://threema.ch/de/transparencyreport
You could also request these data: https://threema.ch/de/faq/get\_my\_data
Many details are optional, like phone number, email address and push token. In principle, it is the same or even less than Signal, because the request comes with the phone number in Signal and with the ID in Threema.
The publickey is public anyway.
We receive numerous great feature suggestions every day, and we’re constantly working on improving the Threema app. However, we’re not able to implement all features (at once), we're currently working on our multi-device functionality.
With open sourcing our applications, larger groups, quotes for media messages and the first version of our desktop application we delivered some of the most requested features while working on the multi-device functionality. Stay tuned for more information about our new desktop client and more features. ^jf
> Nobody will ever verify the cipher suite / protocol version in use out of band. Maybe a single time verification of the key which Signal recommends, but that's the best you ever can expect.
I agree that noone does it in Signal. It's very prominent in the UI of Threema though: https://threema.ch/en/faq/levels_expl
It's also the primary way for contact discovery if you choose to not link your phone number.
Als Kunde von Threema erwarte ich sogar, dass sie ihre Software rechtskonform gestalten, sonst haben sie ganz schnell einen Kunden weniger. Also wenn das in der EU tatsächlich kommt, dann erwarte ich ein fristgerechtes Update für unsere on premise Lösung: https://threema.ch/de/onprem
Apropos on premise: das gibt's bei Signal auch. So halboffiziell zumindest. Man benötigt dazu halt u.a. Google, AWS und Apple Dienste, lulz. https://community.signalusers.org/t/server-systems-minimum-requirement/1064
Mit backdoors ist das so eine Sache. Die haben Vor- und Nachteile. Ein Vorteil ist aber ganz bestimmt, wenn ich die backdoor selbst im Griff habe.
Would you rather pay with your metadata or actually paying for a service with money.
>No Collection of User Data, No Ads
Services that are financed by advertising collect user data in order to target their ads. Threema is not financed by advertising and does not collect user data.
Also the apps are opensource.
>and is an internal, non necesarry practice.
That's exactly why I'm wondering what the "legal requirements" for this practice are.
>That is possible, but since they don't publish it, I assume it's forever as a zero trust model would provide the best security.
I think that's a misunderstanding: I was talking about the retention period on Proton's side, not Google's, because Proton also has to store them on their servers for push notifications to work. Obviously, when it comes to Google, zero trust is adequate, but I think we can expect more from ProtonMail. However, trust requires transparency, and imo ProtonMail's transparency w has been somewhat dissatisfactory lately.
>Again though, this is unlikely to be given to authorities for the same reason as above.
Except in the current case, they actually confirmed they gave this information to the authorities - which actually illustrates my point, because they didn't disclose that they could be coerced to do that anywhere beforehand. (They only added the fact that they even have this information to their privacy policy in the latest update).
Imo, a good privacy policy should outline as precisely as possible what personal (including pseudonymous and derived) data is processed, how long it is retained; and what exactly the legal requirements for this data processing, its retention and possible disclosure are. Right now, ProtonMail's privacy policy is severely lacking in this regard. An example on how to do it better would be Threema's privacy policy.
https://threema.ch/en/faq/data
I don't see anything regarding what happened.
https://threema.ch/en/messenger-comparison
"Signal requires users to disclose personally identifiable information. Threema, on the other hand, can be used anonymously: Users don’t have to provide their phone number or email address. The fact that Signal, being a US-based IT service provider, is subject to the CLOUD Act only makes this privacy deficit worse."
Again no word about ifs and whens regarding Threema.
"In terms of security and privacy protection, there’s no match for Threema. It’s the only service that can be used anonymously, i.e., without providing personally identifiable information (such as a phone number or email address)." - Threemas Promise
Additionally the swiss jurisdiction is promoted which we now saw isn't worth much more than others.
Signal on the other hand pretty much state very clear that they don't provide an anonymous system.
When using Google's push notification system (part of Firebase and Play Services) your phone only needs to maintain a single connection for push notifications - the connection to Google. Any app that wants to send you a notification sends it to Google, and Google forwards it to you. Note that Google cannot read the contents of those push notifications as they're encrypted. This is battery preserving and generally recommend by app authors.
Some privacy-minded messengers (e.g. Threema and Signal) provide builds that do not use Google's system. Those builds are usually distributed through their websites (.apk download) or F-Droid. Without Google's system, each of these apps has to maintain it's own connection for push notifications. The more apps you install the more your battery life will be affected. This is generally discouraged by app authors. Signal even puts this option in a so-called "danger zone" on their website. You may also notice delayed push notifications or missing push notifications as these apps try to minimize battery usage.
Hi, there might be a network restriction imposed by the network administrator of your employer. In order for all features to work, the ports listed in the following FAQ must not be blocked: https://threema.ch/faq/ports. We will gladly answer further questions: [email protected]. ^pm
If you are having issues when sending messages while the app is open, the most likely culprit is the internet connection and not a battery saver mode.
Can you check what kind of speeds you are getting when using our speed test at threema.ch/speedtest? ^jf
Provided that a stable Internet connection is established, messages are typically delivered within a few seconds if the background permissions on the recipient’s phone are configured correctly.
Which state are the messages in when they are not delivered quickly? Are they sending, sent or delivered (threema.ch/faq/status_expl)?
Oh right, google directed me to the Threema.Work page.
Still about 300-400 ₹. This is nothing for some, and will feed a family in a village. This is a serious hurdle.
I think this was the post: https://threema.ch/en/blog/posts/md-architectural-overview-intro
It does not say "desktop client for 2021" explicitly, but multi-device support might include desktop as well as tables or other phones.
Use Threema is a better app. Dont use phone number and dont notify to any of your contancts, tottaly encrypted. Here is the site https://threema.ch/en send me you ID we can chat in groups using threema.
I've had issues with not being able to make a call on wi-fi.
The speedtester on the Threema site is useful. Tech support told me if your connection has a Jitter score of more than 30 call quality is affected. However, I can use WhatsApp, Skype and Facetime on the same network without call quality being affected.
I just stick to using data most of the time. My moto handset seems to have various speed test scores no where near as fast as a laptop.
​
On my Android phone I managed to improve the quality of calls on wifi by resetting the network connections and reconnecting to the wifi. The downside of this is you lose all the wifi connections in your library and have to reconnect to every network again with wifi passwords etc.
>No, a push token is not in itself tied to an ID. A government would need a warrant to get information about an ID from Threema (which is not that easy with Swiss legislation) and then another warrant to find out more about the token.
That's what I'm saying. See Threema transparency report .... very few requests get denied. And then they just send a second letter to Apple. Done.
I use Android so not sure if is available on iPhone. Here read the FAQ https://threema.ch/en/faq/privacy_push
If you are new and you want to avoid bigTech like Apple and Google and avoid data harvest, you can try LineageOS.org with a compatibly phone (avoid full Chinese phone) without play store, replace with f-droid store and Izzy repository.
If by chance you still want to chat sometimes we can use Threema. Send me your ID private message.
"No contact lists are stored when synchronizing contacts: The email addresses and phone numbers from your address book get anonymized (hashed) before they reach the server. Once the comparison is finished, they are immediately deleted from the server."
Robotic voices are typically due to connection speed. If a contact is unverified (a single red dot) or you have enabled “Always relay calls”, the connection speed will depend on your connection speed to our servers in Switzerland. To allow Threema to make a direct connection to your contact, disable the “Always relay calls” option and verify your contact (https://threema.ch/en/faq/levels_expl).
This is most likely due to a network issue. Please contact us at [*SUPPORT](threema.id/*SUPPORT) or through our support form threema.ch/en/support#contact. If you can add the information outlined in this post, we can get started right away.
I suspect it's due to the recipient not disabling battery optimization for Threema, causing the push notification to Threema that there's a call incoming to be delayed. If you're also seeing delays in messages reaching the recipient's phone, battery optimization is very likely the case.
Yes, once we publish an application for the desktop, that will be available on Linux as well. However, right now we cannot disclose more information about it. The technical details about our multi-device approach are outlined here: https://threema.ch/en/blog/posts/md-architectural-overview ^db
Threema does it without leaking anything or downgrading the TLS. So how could it be compromised exactly? I understand the risks but if it’s done correctly, then what’s the issue? Unless this is the signal protocol being direct affected and because of that, it would cause a vulnerability.
Here’s a reference to Threema’s Web client. Maybe Signal could do the same? https://threema.ch/en/faq/web_info
Why you said "long time"? This is the news I read from Nov 2020, to be release in 2021. https://threema.ch/en/blog/posts/md-architectural-overview-intro
​
"Also not sure why you're talking about company features, they are not features for general communications." Why you said that? Is for general communications, anyone can use it, or you mean free? like everyone that want a free service? That is the reason everyone is on whatsapp or facebook, if that the reason probably is nonsense to keep argue.
> If you're switching for privacy reasons, choose signal. Telegram has some more features, but it really isn't on the same level as Signal.
Hu, no, or rather not exactly.
I absolutely agree that Signal is better than Telegram for security, but Signal isn't the holy grail for privacy either, as it links the phone number to the account.
For privacy, choose Threema, which is designed for privacy in mind, and that makes use of one of the strongest privacy laws by being based in Switzerland unlike Signal, which is based... in the US.
It's however not free, and while the single fee is low (~$4), this adds another difficulty to convince your contacts to move.
TLDR: Signal is good. Threema is better.
Do not use Signal, it is not meeting your needs.
Use Threema.
Telephone numbers and emails are not required.
You generate your own unique eight character/digit Threema User ID, randomly, which is also disposable; if you do not want to use it again/anymore; you can generate a completely new Threema User ID.
I don't use Threema, but their documentation indicates that they use either port 3478 or port 53 for calls. I believe disabling the DNS IPS toggle should solve the alerts, but I don't know if there is a way to stop the app from trying to use port 53, outside of blocking it with a firewall rule.
Matrix läuft über irgendein fancy quelloffenes Protokoll (Internet). Als Server nimmt man halt einen der öffentlichen, oder hostet selber einen, was nicht so kompliziert ist. Es gibt mehrere verschiedene Clients, aber Element scheint gerade der mit den meisten Features zu sein (auch p2p Videochat oder Gruppen VC über Jitsi).
Einfacher ist wsl. Threema, was auch verschlüsselt und quelloffen ist, kostet aber einmalig (?) 4€ oder so.
Here is an article which compare threema, signal WhatsApp and telegram in terms of SecurityPrivacy, Features and Portability. Keep in mind that this article was written by Threema!
I am also a bit worried. The only information they provide are the already done changes: https://threema.ch/en/versionhistory
But no roadmap or at least a plan of what is coming. The version history already shows that there are not many updates in general what does not look very promising...
The app cannot even group multiple photos which were sent at the same time (a really simple but useful one). No sign of group video calls (did they miss 2020?). Taking chats with you when switching from iOS to Android and the other way around... not possible.
Less features and languages for iOS? Not convincing.
The assumption that with their new investor they focus more on Threema Work seems not to be wrong... probably more realistic to make money there.
Because a picture is worth a thousand words.
So, this shortcut is provided as is because really, I don't have much time to spare right now, but I wanted to share. Hope it fills some kind of need, I know it does for me.
Yes, I too wish it would open Threema automatically, but the URL actionthreema://compose?image=pasteboard doesn't seem to work (Threema doesn't "see" the pic in the pasteboard) and I can't wrap my head around it. So I went at it a bit differently.
And yeah, I didn't include a link description because I think it's superfluous.
It should work just fine with every link you encounter in your browser of choice. (Don't be afraid when the shortcut asks for an authorization to access a specific website, it is needed to parse the page and extract the info we need. If it asks to access DuckDuckGo at one point, it is because your link doesn't provide a preview picture, so I'm using DDG to get the website's favicon instead.)
You'll notice that unopened YouTube links simply have for title "YouTube". That's because YT webpages are a Javascript mess, you have to open a link for a page to be populated with decent HTML code.
Well anyway, cheers everyone!
Unfortunately I can’t find that comparison chart in speeds I saw long ago. The difference as you mentioned probably isn’t felt unless you’re using an Android device with very modest specs.
Anyway,
Pulled this directly from the website, and come to think of it I’m not sure if this is referring to what modern TLS cyphers already do, so perhaps this is nothing unique among IMs
‘Forward secrecy: Threema provides forward secrecy on the network connection (not on the end-to-end layer). Client and server negotiate temporary random keys, which are only stored in RAM and replaced every time the app restarts. An attacker who has captured the network traffic will not be able to decrypt it even if he finds out the long-term secret key of the client or the server after the fact.’
My understanding of E2EE. And yes, I do believe E2EE is something of a magic black box - that’s the entire freaking point of using it for privacy.
E2EE makes multi-device access VERY complicated.
- Telegram’s cloud-backed model isn’t built to support E2EE chats by default and that’s why it is even more complicated to introduce them for TG team.
- Signal solves this challenge by using local storages on each of your devices - the challenge here is you can only access your chat history on a given device from the time of your first login on that specific device. This is why, Signal’s multi-device access falls short vis-à-vis TG. I think Threema does the same.
- WA used to do it through over-the-network syncing (which needs your primary device to be on all the time). It also requires you to give WA permission to access your local network signal (not sure what this actually meant, but it was a separate permission I had to allow on my iPhone)
Threema’s explanation makes it a bit clearer.
TL;dr - E2EE is difficult and complicated, but that doesn’t mean it is impossible. Currently it is the gold standard for offering privacy on chat apps, and that’s for a reason.
Allow me to also introduce Threema. It's a Swiss messenger app that has it's servers in Switzerland, meaning that they obey swiss data protection laws. In my opinion it's the best app for secure texting. It does cost some $3 I believe, but IMO that's more than fair. Remember, if something's free, you're most likely the product. Comparison between Threema, Telegram, Signal and WhatsApp
>Wenn Sie Threema über den Threema Shop bezogen haben und ein Update verfügbar ist, erhalten Sie in der App eine entsprechende Benachrichtigung, durch deren Bestätigung die Aktualisierung gestartet wird. Sie können die Aktualisierung auch unter «⋮ > Einstellungen > Über Threema > Auf Updates prüfen» manuell anstossen.
Und genau dafür gibt's Reproducible Builds, damit kann man beweisen, dass der publizierte Source Code auch wirklich für das Release genutzt wurde!
Das habe ich vermutet, aber explizit nicht gelesen.
Hier liest es sich so als ob am Ende eine apk raus kommt die identisch mit der aus dem store ist
https://threema.ch/en/open-source/reproducible-builds
Ist natürlich möglich, dass der Server irgendwie über device id oder Google Konto weiß, dass du es nicht gekauft hast?
Wobei ich ja jetzt vermuten würde, dass eben threema nicht die Google services nutzt..?
> Vielleicht könnte man irgendwie einen dezentralen Reflektor- und Key-Exchange per BT oder BLE machen.
Threema kann schon immer einen dezentralen Key-Exchange per QR-Code.
> Threema vertraut (afaik durften nicht einmal Experten den Quellcode anschauen)
Da liegst du sehr falsch: Weiterer Audit bestätigt Threemas Sicherheit
Und in Kürze: Threema startet mit Open Source und neuem Partner in die Zukunft
>EDIT: As I got informed by comments, I seem to have miscredited Signal a lot by putting it in the same bucket as Telegram and Threema. I does seem to be a lot better than those two.
Threema is one of the best messengers out there. There was another audit just a couple of days ago: Threema blog, and it soon will be open sourced. No phone number or mail address is needed and as to me it's absolutely on the same level as signal!
Threema’s primary components are Open Source
Audits can be viewed on their whitepaper
Conspiracy Theories ? You guys are doing too much.
I get the fanfare and high esteem for Signal after all it’s the first established well regarded secure messenger…it’s security protocol is also what other popular IMs or their alternative private modes are based on, but it’s not the only private-secure messenger in this arena…
Threema is also a well regarded robust IM with no need to provide even burner number by using a random Threema ID - there’s two caveats though...that you’re willing to forgo ephemeral messages and that people be willing to pay for the service. Once the clients are open source here shortly probably by year’s end I’d recommend giving Threema consideration. By the way, the latest audit report recently conducted by a team from Cure53 is also available for public view.
https://threema.ch/press-files/2_documentation/security_audit_report_threema_2020.pdf