Migrate to Threema or simpleX

Greetings,
After everything that has happened in Telegram that the vast majority knows an accurate summary is this (in my opinion); x.com
I wanted to look for a suitable messaging to the “optimal” level of privacy that I think is what we are looking for users of this forum. In the topic that was proposed a few weeks ago of simpleX, I saw this comparative table:
https://www.securemessagingapps.com/
And I would like to know if you would be willing to pay to use Threema, I know it is complex to pay especially when it has always been free, jumping to a paid application (which is not so much), is complex. Ideally I would like all messaging applications to be connected so that everyone can choose which one to use and communicate with whomever they want.
The main reason I chose Threema is because it is a swiss app and their privacy laws are high (vs UK or USA).
Maybe it should be “advertised” to encourage its use (either Threema or simpleX), because we know how difficult it is to migrate from a messaging or social networking application.
What do you think community, which application should we support?
Atte a Telegram widower.

PS: This post was translated by DeepL, if you find any inconsistency.

Signal is the most and best recommended for all here.

The problem with other apps is that not many or only you will be using them in your social circles. And no one I know would pay for a messaging app even if it’s a one time payment.

SimpleX is becoming more popular in the community but I personally still feel it’s a little complicated to use and set and understand how it works for a lay person to quickly sign up and begin using it. It really needs to simplify itself.

At least Signal is more mainstream in the encrypted messaging app space and it’s free and easy to use that also has reliable audio and video calling - and that’s what we need for mass adoption from all today.

4 Likes

This comparison chart is very outdated, Messenger-Matrix • Kuketz IT-Security Blog is much more actively maintained.

At privacyguides, legal jurisdiction doesn’t necessary matter if the tech is trustless and collects minimum metadata. I would pick SimpleX Chat.

3 Likes

easy, simpleX is recommend The Best Private Instant Messengers - Privacy Guides

Threema is not: Threema (Instant Messenger)

3 Likes

But the page is recommending Signal, being that it has privacy problems (watch out with the name of this page), asking for phone number, we agree that in 2024 that should not exist less recommend (and Matrix WTH).
On the criticism of Threema that it is paid is not a valid point, less technical, but it is understood that people choose free, so people choose free vpn and it happens what happens.
Also Threema has external audits constantly and the post you posted is from 2020, no application is perfect, the issue is how they solve their problems.
I understand perfectly that they are already “married” with signal, it is the same effect as wassap, people are not choosing the best, they just move where the mainstream moves.
I have no problem recommending SimpleX, it is the best free option in the industry, at least it has audits, Signal is far behind in that sense.
I understand the whole philosophy of why Signal is recommended but maybe the bar should be raised.

Use simpleX if the choice is between threema and simpleX, it is recommended by PG, and better imo.

Jurisdiction doesn’t matter too much if protocols are well implemented and audited. Can’t reveal what they don’t have/log.

Off topic (Other suggestion)

Why not also look at discord? If it’s not very sensitive (Discord is NOT E2EE). You can create disposable accounts, run it in a browser and hide IP, timezone, etc. from it. Just a suggestion, might help skip user friction if you are trying to retain community members.

Seems slightly misleading. Briar is marked as having metadata privacy, when it does not always (IP leaks in mesh network, so protection only on Tor). Same with SimpleX (Servers know your IP and some other data by default). Plus they still lay emphasis on jurisdiction. Rest looks good, thanks for sharing!

1 Like

Why should Signal not exist?

Any project that ditches something as basic as Perfect forward secrecy for “it’s making our development work on group chats hard” is something that shouldn’t exist in 2024. But alas, snakeoil salesmen abound in Privacy space.

This sentence doesn’t make sense. You stated these reasons:

Signal is free.

SimpleX last audit was 2022 (and they have a decent reason for not having it rn), Signal’s last was 2023. What are you talking about?

Would be happy to engage if any other technical criticism remains!

1 Like

Who assures me that the data that is hosted by Amazon, Microsoft, Google and Cloudflare (where signal is), is not tapped by the NSA.
Jurisprudence is important, even more so in a country that is the spyware of the world.

Signal protocol ensures your messages cannot be read without your keys even if you hand them the data yourself.

Everyday more than half of your internet traffic passes through cloudflare. Almost all of your cloud data passes through parts of the companies you listed.

If you are that paranoid, let me help you with a scenario. Let’s say you use SimpleX or something else and NSA wants to tap you. They can simply generate fake CA certificates and break TLS, leaking literally anything that’s unencrypted on its own and relies on TLS (TLS is how you communicate with internet, think of it as the bus that carries your data to whatever place you want to send it to). Or they can plant bugs on all the phones in the world. Or they could do XYZ. See, how absurd it gets?

Please do threat modelling and understand the technologies you are using. Otherwise the only private thing you would be able to do is not participate in the society. A helpful read for me has been this: Fermat's Library | Reflections on Trusting Trust annotated/explained version.

I never said it’s not. I said it doesn’t matter too much if the protocols and clients are implemented well.

4 Likes

For Threema:
Paid service but also with no universal license, meaning you need to paid it multiple times if you are using different platforms.
It is nice if you have a closed group and you all decide to use Threema but that’s pretty much all you can get.

For SimpleX:
It is already recommended. Though, tough to migrate from Signal still.
No battery optimization and no contact discovery makes it again ideal for closed tech-friendly groups.

Also the politics direction behind an app or the team behind it, should matter too. For example i am super excited about the Cwtch messenger because of this, even if it is way behind in progress from the two above.
Signal also wins in that matter, over Threema or SimpleX.

2 Likes

https://privacyspreadsheet.com/messaging-apps