I certainly haven’t done an in-depth analysis of both services, but from what can be seen of them, they could be good recommendations to consider as instant messaging services.
(Websites: Wire and Threema)
Also, I’ll take the opportunity to ask the PrivacyGuides team about this source I found for this thread. I understand that it is not well simplified, but it makes a pretty accurate analysis in my opinion about several messaging services.
Best regards
I have not heard of any technical problems with Threema, but we do not recommend paid messengers because overcoming the “network effect” is difficult enough for capable free alternatives like Signal and Matrix as it is.
As far as Wire, there are a number of reasons for this which you can read here: Delisting Wire from PrivacyTools.io
4 Likes
On Threema, I would like to point you to this discussion about it on GitHub:
I don’t believe it’s something that we can currently recommend, and it doesn’t offer something that the other options we recommend don’t (that I know of). We’re going for quality, not volume.
4 Likes
Good morning.
@jonah
I can understand Wire’s case, although with respect to their legislation, it is better than the alternatives you recommend (Server location: Signal=USA. Applicable legislation in decentralised cases: Session=Australia, Element=UK… while the legislation applicable to Wire is that of the European Union (better than that of the other services)), but well, I can understand it.
Regarding Threema, I think that the fact that it is a paid service should not rule it out as an option to consider, for the same reason that a paid VPN is always recommended over a free one. With a paid service you can be more confident that they won’t benefit financially from your information, as you are already paying them directly, plus, as you say, Threema doesn’t have any technical problems (or doesn’t seem to). By the way, you can pay for the Threema license with Bitcoin, and this in my opinion is a favourable point to take into account.
@matchboxbananasynergy
About the PFS mentioned, the same happens with Session, as it does not support PFS but uses its own protocols and methods to offer a level of security-privacy similar to PFS. Threema, by the way, does the same as Session in this sense, it does not use PFS but mentions that it uses its own systems that in practice are very similar in results to PFS. Incidentally, Threema acts legislatively in an integrated manner in Switzerland, so in this respect it is much better than the options you recommend.
We don’t really consider server location anymore. It entirely depends on the threat model of the user in regard to whether that is a good or bad thing.
For someone living in Iran, a server location in the US is probably a good thing.
In regard to Signal, their servers don’t hold any private data anyway. It’s not really a selling point.
While one of the developer’s is australian, due to it’s decentralized and open source nature, it’s really quite irrelevant.
While element.io is owned by New Vector, and that’s based in London, a server can be anywhere (if it’s not Matrix.org), as can a client.
Additionally the client may not necessarily come from a centralized source, such as if it is from a third party, like Fluffychat, a Linux repository, or Flatpak or something like that.
The main reason we don’t recommend Threema, is because there really is no reason to.
1 Like
Threema is nice but will forever be niche because the average non-technical user isn’t going to know that when you switch phones you can lose your ID because your phone number is not your identifier.
Regarding Wire, pretty sure this is still true:
1 Like
Another problem about threema.
2 Likes
In the december, they actually added Perfect Secrecy in their new ibex protocol, so is it time to actually add Threema as recommended tool?