Privacytools.io: 🆕 Software Suggestion | Threema

Please read:

• https://restoreprivacy.com/secure-encrypted-messaging-apps/threema/
• Section 6.3 shows some security problems with Threema such as:

We practically carried out a replay attack on Threema with a proof-of-concept implementation. The attack breaks No Duplication and Additive Closeness. We further observed that Threema does not achieve Perfect Forward Secrecy, Future Secrecy, or Traceable Delivery.

https://ieeexplore.ieee.org/abstract/document/8406614
does somebody know whether they are resolved?

seems like a good addition to the list.
The official clients are still paid, but if the application is open-source I don't see why that is should to be a blocker for including it.

Threema still does not provide PFS, but has a more limited forward/future secrecy on the transport level.

Due to the inherently asynchronous nature of mobile messengers, providing reliable Forward Secrecy on the end-to-end layer is difficult. Key negotiation for a new chat session would require the other party to be online before the first message can be sent... Due to these and the following considerations, Threema has implemented Forward Secrecy on the transport layer only.

So it seems like they use a more traditional encryption scheme without PFS, but I don't see that necessarily warranting exclusion from the list if the encryption scheme they do implement is solid.

So it seems like they use a more traditional encryption scheme without PFS, but I don't see that necessarily warranting exclusion from the list if the encryption scheme they do implement is solid.

I actually think that this is problematic. It of course depends on your thread model, but the Signal protocol offers a far better standard for securing your messages. If anything they should only be listed as worth to mention. I think we shouldn't recommend it as long as they do not offer the same standards that can already be achieved. Signal's protocol is fully open source and proven secure. Therefor also implemented by many others, I really wonder why Threema has chosen not to do so.
PFS is essential to protect against modern attacks and needed to protect conversation history. I am not saying Threema is bad but I don't see the value of recommending it.

Not to go into Whataboutism, but aren't their compromises to both Signal and Threema, with signal requiring phone numbers?

In this particular case I do feel that Threema being paid kind of defeats the purpose, a messenger should be something really accesible for everyone.

Personally i don't see this is a huge problem. Exposing that you use Signal is not really a big deal to me. In addition to that it's also possible to sign up with a VOIP or prepaid number. And above that Signal is actually slowly migrating away from this requirement and has said to introduce usernames in the near future. (see https://community.signalusers.org/t/hide-phone-number-entirely-in-group-chats/17192/15)

Not to go into Whataboutism, but aren't their compromises to both Signal and Threema, with signal requiring phone numbers?

And above that Signal is actually slowly migrating away from this requirement and has said to introduce usernames in the near future. (see https://community.signalusers.org/t/hide-phone-number-entirely-in-group-chats/17192/15)

Nice looking forward to that.

AFAIK Signal will still require phone numbers, the only change is that you will be able to hide this from others, just as Telegram does.

• Reproducible builds on Android (iOS wip) https://threema.ch/en/open-source
• independent audit https://threema.ch/en/blog/posts/audit-2020-en

Personally i don't see this is a huge problem. Exposing that you use Signal is not really a big deal to me. In addition to that it's also possible to sign up with a VOIP or prepaid number. And above that Signal is actually slowly migrating away from this requirement and has said to introduce usernames in the near future. (see https://community.signalusers.org/t/hide-phone-number-entirely-in-group-chats/17192/15)

Not to go into Whataboutism, but aren't their compromises to both Signal and Threema, with signal requiring phone numbers?

In some countries, prepaid numbers are not available anonymously.

@romanholiday12 then just get a VOIP number or SIM from another country. It's not that hard to get around.

Not to go into Whataboutism, but aren't their compromises to both Signal and Threema, with signal requiring phone numbers?

You can create a Threema account without filling in your cellphone number.

It will ask something alike: "are you sure you want to create a totally anonymous account, the number can be used for recovery or some such".
Then just proceed.
Threema is also buyable from their own website independent from any play or ios store.
Though I have no clue if they accept anonymous payments with crypto and or tor connection.

Yes they allow crypto payments

@LongJohn-Silver

I do feel that Threema being paid kind of defeats the purpose, a messenger should be something really accesible for everyone.

While I agree that this would be best, is it a reason not to list it as an available option? The goal of PrivacyTools is to "provide services, tools, and knowledge to protect your privacy against global mass surveillance," not to protect your wallet against being used.

Currently there is only one option listed if you want a secure, general purpose messenger like everyone else uses: Signal. It has various downsides, not least that its reliance on Amazon services doesn't support the aforementioned goal according to PrivacyTools itself, and alternatives like Matrix/Element or Jami are not as mature as Threema in terms of UX and features. I'm actively looking for a Telegram replacement that comes close to the experience of Telegram (so that friends and family will not mind using it) and the only options I see are Threema, Signal, and perhaps Wire. If I didn't already know of them, PrivacyTools would have me go with Signal exclusively. If Threema is listed, people can make a more informed choice.

Adding to this, it's interesting as an option as it has different features compared to Signal (for example not requiring a phone number).

Whether recommended or not, it is worth mentioning.

The official clients are still paid, but if the application is open-source I don't see why that is should to be a blocker for including it.

If you look at say Signal or Wire, although open source there isn't anyone bothering to make alternative clients for a centralized service. Also I don't see anything about server source code there. One of the criticisms of Keybase was always the closed source server component and eventually led to it's removal.

I don't see the point of swapping one centralized service for another. Matrix is maturing rapidly and doesn't require me to trust one company's servers. In regard to metadata, Signal is pretty minimal there with metadata using sealed sender.

The scope of that audit was only the ios/android apps https://threema.ch/press-files/2_documentation/security_audit_report_threema_2020.pdf

No server source is a negative point for Threema, but similarly it's negative that Signal is a USA-based service which PrivacyTools says is "not recommended". The former needs some payment method, the latter a phone number. The former had a recent and stellar audit report, the latter never paid for or published any sort of audit -- but they have sealed senders. Up and down, back and forth, it's not at all clear to me that one is better than the other.

Regardless, I don't think anyone here proposed to "swap out" Signal for Threema. They should both be mentioned since they have different downsides that different people weigh differently.

Or just remove both, that makes sense too given that Matrix is indeed the better choice for privacy and Matrix/Element is indeed maturing real fast -- full agree with you there. As it stands, though, Signal is recommended as the one and only good centralized service, above Matrix/Element even. That's not a status quo we should aim to maintain.

No server source is a negative point for Threema, but similarly it's negative that Signal is a USA-based service which PrivacyTools says is "not recommended"

There is some context to that, firstly the source code for Signal's server software is available https://github.com/signalapp/Signal-Server. However with any centralized service, if you deployed it, people would require a special client too that points to your server. That is one of the downsides in general of centralized services.

In regard to the USA thing, we've been thinking of removing that/refining it for some time, as it is an ancient part of the site. Essentially the arguments for that are made in this part of the issue https://github.com/privacytools/privacytools.io/issues/1437

In regard to Signal, we know exactly what metadata is available https://signal.org/bigbrother/ it's not much at all.

The former needs some payment method, the latter a phone number.

Neither were intended to be anonymous. If you require that something like Matrix/Briar over Tor fits the usecase better.

the latter never paid for or published any sort of audit

There has been a number of audits: https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 also in general the Signal Protocol is very well understood, and there are a number of implementations. It has in fact influenced OMEMO, and Matrix's own Olm encryption.

Or just remove both, that makes sense too given that Matrix is indeed the better choice for privacy and Matrix/Element is indeed maturing real fast

That's likely where we will end up, which is why I don't want to add any centralized services which have significant downsides, over the one currently listed.

In general we've done away with "worth mentioning" as something is either good or it is not. We aim now to supply a usecase for option A, a usecase for option B instead. This helps reduce the "what do I need?" threads.

As it stands, though, Signal is recommended as the one and only good centralized service, above Matrix/Element even. That's not a status quo we should aim to maintain.

No it isn't and likely when the Matrix P2P functionality drops we will be only recommending that. https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix/