Threema (Instant Messenger)

I certainly haven’t done an in-depth analysis of both services, but from what can be seen of them, they could be good recommendations to consider as instant messaging services.
(Websites: Wire and Threema)
Also, I’ll take the opportunity to ask the PrivacyGuides team about this source I found for this thread. I understand that it is not well simplified, but it makes a pretty accurate analysis in my opinion about several messaging services.
Best regards

I have not heard of any technical problems with Threema, but we do not recommend paid messengers because overcoming the “network effect” is difficult enough for capable free alternatives like Signal and Matrix as it is.

As far as Wire, there are a number of reasons for this which you can read here: Delisting Wire from PrivacyTools.io

6 Likes

On Threema, I would like to point you to this discussion about it on GitHub:

I don’t believe it’s something that we can currently recommend, and it doesn’t offer something that the other options we recommend don’t (that I know of). We’re going for quality, not volume.

4 Likes

Good morning.

@jonah
I can understand Wire’s case, although with respect to their legislation, it is better than the alternatives you recommend (Server location: Signal=USA. Applicable legislation in decentralised cases: Session=Australia, Element=UK… while the legislation applicable to Wire is that of the European Union (better than that of the other services)), but well, I can understand it.
Regarding Threema, I think that the fact that it is a paid service should not rule it out as an option to consider, for the same reason that a paid VPN is always recommended over a free one. With a paid service you can be more confident that they won’t benefit financially from your information, as you are already paying them directly, plus, as you say, Threema doesn’t have any technical problems (or doesn’t seem to). By the way, you can pay for the Threema license with Bitcoin, and this in my opinion is a favourable point to take into account.

@matchboxbananasynergy
About the PFS mentioned, the same happens with Session, as it does not support PFS but uses its own protocols and methods to offer a level of security-privacy similar to PFS. Threema, by the way, does the same as Session in this sense, it does not use PFS but mentions that it uses its own systems that in practice are very similar in results to PFS. Incidentally, Threema acts legislatively in an integrated manner in Switzerland, so in this respect it is much better than the options you recommend.

2 Likes

We don’t really consider server location anymore. It entirely depends on the threat model of the user in regard to whether that is a good or bad thing.

For someone living in Iran, a server location in the US is probably a good thing.

In regard to Signal, their servers don’t hold any private data anyway. It’s not really a selling point.

While one of the developer’s is australian, due to it’s decentralized and open source nature, it’s really quite irrelevant.

While element.io is owned by New Vector, and that’s based in London, a server can be anywhere (if it’s not Matrix.org), as can a client.

Additionally the client may not necessarily come from a centralized source, such as if it is from a third party, like Fluffychat, a Linux repository, or Flatpak or something like that.

The main reason we don’t recommend Threema, is because there really is no reason to.

2 Likes

Threema is nice but will forever be niche because the average non-technical user isn’t going to know that when you switch phones you can lose your ID because your phone number is not your identifier.

2 posts were merged into an existing topic: Wire (Instant Messenger)

Another problem about threema.

3 Likes

In the december, they actually added Perfect Secrecy in their new ibex protocol, so is it time to actually add Threema as recommended tool?

1 Like

We would want to wait till it has had more thorough testing although they claim they’ve had some recent analysis (July 30, 2023), literally 11 days ago. The previous protocol did have some issues.

My personal issue with Threema is that in order to use their desktop program I need to also use their Android or iOS programs and I don’t always use Android based operating systems on mobile and never use iOS. If I could use their desktop program stand alone I just might as from a technical standpoint I like what I see.

2 Likes

They’ve been working on standalone (multi-device) client for some time (still activated by phone app though). First release should have been last year, now it’s still in beta, but still only available for iOS users. And that is also the main reason why I don’t use it as much as I would like to, as I usually type from PC
https://threema.ch/en/download-md

Wire switched to business use only, even though private usage is still possible. And not even small businesses, they are targeting enterprises and governments, have on-premises hosting option for them, so I really wouldn’t consider it as an alternative for popular messengers

I am/was using both, really liked Wire, as it had (has?) almost perfect balance between usability and privacy. But IMO, Signal is better for most of the users. I don’t see any advantage of Threema, expect server location (not a big deal due to Signal’s privacy policy) and option to send images in original/larger resolution

1 Like

It seems like it’s time to review this decision. The “some issues” linked above all come from the pre-Ibex protocol. They state in their disclosure that they worked with Threema to address their findings and they haven’t audited Ibex, which is what Threema has been running for nearly a year:

On the 29th of November 2022, Threema released a new protocol, Ibex, in order to further mitigate our attacks. The Ibex protocol aims to provide forward security for the E2E layer in Threema. We have not audited this new protocol.

Ibex has also now been audited: Security Proof of Threema’s Communication Protocol

1 Like

What does threema offer not fulfilled by the existing options?

1 Like

There are currently two recommended services: Signal and SimpleX. Firstly, I want to put it out that I don’t have the expertise to audit the privacy claims of any of these services, so I have to trust the audits. So, assuming that all the claims of these services are true, as assured by the audits, here goes:

Signal

  1. Signal requires a phone number in order to register. This is a privacy concern for many reasons, including disclosure of that phone number to contacts and account takeover after willingly or unwillingly surrendering one’s phone number for any given number of reasons.
  2. Signal notifies other Signal users who have your Signal-registered phone number in their contacts that you are registered to use the service. This is great for discoverability, but it’s not great for privacy.
  3. Signal’s encryption of contact data relies on a proprietary feature of Intel CPUs called SGX. I don’t love relying on a single vendor source for server hardware due to protocol design, and SGX has had vulnerabilities before. Signal claims its CPUs weren’t impacted by this, but here’s a recent one: SGX, Intel’s supposedly impregnable data fortress, has been breached yet again | Ars Technica

SimpleX
I actually really like SimpleX and have no privacy-related criticisms of it. However, given the weaknesses of Signal, I think it’s potentially a good idea to list other, comparable, options in this section. For what it’s worth, SimpleX and Signal both rely on donations whereas Threema operates as a for-profit business. Some may see that as a good or bad thing, but it is at least a differentiator from the two current recommended options.

Removing the rejected tag because Threema no longer obviously doesn’t meet our criteria, but I’m still not sure recommending it is the right move either. In the wise words of @dngray:

The general consensus since the cleanup is we don’t want to be recommending a gazillion instant messengers which really offer nothing over anything else. Centralized messengers are really not that special.

That being said, I can see the value in a polished (unlike SimpleX) messenger with non-identifying identifiers (unlike Signal).

I really still have a hard time getting over it being a paid app. I would pay for such an app if I had a use for it, but the number of my contacts who would pay for such an app I could probably count on one hand, and I feel like that means it’s not really going to drive adoption of private-by-default messengers the same way Signal does :frowning:


Two things I would like to know from people who like Threema:

  1. If Signal added usernames but you still had to register with a phone number (which would not be shared with your contacts), would you use it instead of Threema? (Especially because Signal is $0…)
  2. If Signal added usernames and let you register without a phone number too, would you use it instead of Threema?
3 Likes

Personally, I find the phone number requirement to be a huge turnoff. I don’t plan to keep my phone number indefinitely. That means that I will lose my Signal account. If Signal did not require a phone number to be associated with an account in any way, that would be great.

On the “paid app” thing, that’s actually another issue with Signal. It’s not really “free” because you are required to maintain a single phone number in order to use the service. If I had any contact where money was the reason they didn’t want to use Threema, I would give them the money to buy it. It’s not expensive. It’s much cheaper than a single month’s phone bill.

1 Like

Briar and Session are currently listed and do not have a cost associated while also not requiring a phone number. I’ve never used Threema so curious what it offers over the existing options.

It’s interesting to want to avoid Signal due to needing a phone number (though maybe not for much longer), but prefer Threema which requires identifying payment information. Sure you could possibly use a gift card, but I suppose with Signal you could also use a burner number.

3 Likes

It’s not true that you must purchase Threema with a payment method that identifies you as a purchaser: Pay Threema’s Android App with Cash and Remain Anonymous

If you use a burner for your Signal account, you risk it being hijacked by whoever gets that number next or simply losing access to it whenever you need to replace your device and no longer have the same burner number.

Not to necropost, but I did try out Threema with a handful of people recently and it isn’t bad

pros:

  • officially maintained/supported FOSS Android app, unlike Signal
  • clear business model (one time fee + enterprise) as opposed to a lingering loan (Signal) or VC (Element & SimpleX)
  • strong metadata protections
  • all the expected features are supported, plus nice to haves like group video calls and bonuses like ability to draw sketches
  • no phone number required, unlike Signal
  • fairly well polished, unlike SimpleX

cons:

  • no read receipts in group chats
  • has a one time fee without any sort of trial period which makes onboarding friends/family/whoever difficult
  • proprietary server
  • code over wall open-source client (ie. no real commits, just dumps)
  • they rolled their own crypto library, Ibex, (again)
  • weird handling/response of the issues regarding their previous crypto library
  • accepts bitcoin, but not eg. monero

re: Briar: image support in 1:1 chats was added like 3 years ago, and it still doesn’t have support for images in group chats and they get resized down to a painful 32kb

4 Likes