
Threema – Seriously secure messaging - octosphere
https://threema.ch/en
======
dane-pgp
Here's the obligatory reference to the source code not being fully open:

[https://threema.ch/en/faq/source_code](https://threema.ch/en/faq/source_code)

Yes, they sent some source code for security review in 2015, but there is no
guarantee that the binary you download is related to that source code at all.

Nowadays I'd expect a secure messaging app to not just be open source, but
also have reproducible builds (checked by third parties). It would be nice to
have Binary Transparency too, so that people can check that they are being
offered the same binary as other users are getting.

~~~
huhtenberg
> _reproducible builds_

Are there any IMs that actually have these?

~~~
BlackLotus89
Signal since 2016 [https://signal.org/blog/reproducible-
android/](https://signal.org/blog/reproducible-android/)

------
dbrgn
Since they haven't come up yet, and since the website obviously contains
primarily marketing content, here are a few relevant links that might be of
interest to the HN crowd:

\- Cryptography whitepaper: [https://threema.ch/press-
files/2_documentation/cryptography_...](https://threema.ch/press-
files/2_documentation/cryptography_whitepaper.pdf) Covers the technical
aspects.

\- Transparency report:
[https://threema.ch/en/transparencyreport](https://threema.ch/en/transparencyreport)
Covers the legal aspects.

\- Reverse engineering of the protocol (33c3):
[https://media.ccc.de/v/33c3-8062-a_look_into_the_mobile_mess...](https://media.ccc.de/v/33c3-8062-a_look_into_the_mobile_messaging_black_box)

\- Third party open source re-implementation of Threema for the desktop (Qt):
[https://openmittsu.de/](https://openmittsu.de/)

\- Source code of the web application: [https://github.com/threema-ch/threema-
web/](https://github.com/threema-ch/threema-web/)

\- Protocol developed to enable trustless WebRTC signaling between app and
browser: [https://saltyrtc.org/](https://saltyrtc.org/)

Obligatory disclaimer: I'm working for Threema as a developer.

------
kekub
My personal experience with Threema seems to differ from the general view on
it: We use Threema for private communication within my team at work. I am the
group admin. When my iPhone broke two years ago I had to do a full backup,
because there is no other way on iOS to move to another phone with Threema.
This has not changed since then, because I had the same issue when I upgraded
to a new phone 2 months ago. It was not even possible to assign an additional
admin nor to pass my permissions. A colleague had to clone the group (at least
there is a function for that). Of course I still get push notifications for
the old group- even though there is no way to join it from my new phone. The
only thing that I like about it is the integrated poll feature.

~~~
TimWolla
I believe this is going to be fixed with Threema Safe:
[https://threema.ch/en/blog/posts/threema-safe-
en](https://threema.ch/en/blog/posts/threema-safe-en). It is already rolled
out for Android and iOS should be soon according to the blog.

------
newscracker
I haven't looked at Threema for a few years now. So I checked the website and
browsed through the FAQs.

I like that it doesn't need a phone number or email address to create an
account, and thus offers a better degree of anonymity compared to other
popular apps like Telegram, Wire, WhatsApp and Signal.

A few downsides I noticed are:

* It doesn't offer a desktop client (unlike say, Wire).

* Threema web uses the phone as a proxy and is not independent.

* Probably the worst thing, which is a weak point (in the users' eyes) that it shares with Wire, is that the chat data backups are not cross platform. If you backup your chat on Android, you can only import it back on Android (and similarly for iOS). [1] If you switch platforms, you can "export" your chats, but that cannot be imported to preserve continuity.

I'll still try it out to see how good it is, but I don't think this will get
anywhere close to being my go to chat app anytime soon.

[1]:
[https://threema.ch/en/faq/data_backup](https://threema.ch/en/faq/data_backup)

~~~
dbrgn
Since December there's a new cross-platform server based backup:
[https://threema.ch/en/blog/posts/threema-safe-
en](https://threema.ch/en/blog/posts/threema-safe-en) The design is documented
in the crypto whitepaper: [https://threema.ch/press-
files/2_documentation/cryptography_...](https://threema.ch/press-
files/2_documentation/cryptography_whitepaper.pdf)

Because the backup must be automatic, in the background and reliable, it is
limited to a small size, which means that chat contents aren't backed up. But
everything else (contacts, groups, key verification levels, privacy settings
etc) are.

You can host your own backup server. The protocol is WebDAV compatible,
alternatively you can use projects like this Rust based backup server that I
wrote:
[https://github.com/dbrgn/sekursranko/](https://github.com/dbrgn/sekursranko/)

~~~
newscracker
> Because the backup must be automatic, in the background and reliable, it is
> limited to a small size, _which means that chat contents aren 't backed up._
> But everything else (contacts, groups, key verification levels, privacy
> settings etc) are.

Chat contents not being backed up is practically useless for me, and I'd guess
for many other common users. While security is important, convenience is more
important. Allowing backup of chat content to iCloud or iTunes or the Google
account would make this more attractive. I also don't think normal non-techie
users would really (want to understand) what's a Threema ID backup, Threema
Safe, and all the other variations of managing data and keeping it alive over
time. I'd suggest that your team focus on simplifying is part.

~~~
dbrgn
If convenience is more important than privacy, then by all means, use
WhatsApp! It backs up your data unencrypted to the Google cloud. Or use
Telegram. It backs up your conversations to Telegram servers, where Telegram
can read them. Convenient, yes.

Threema values convenience, but only if it's not in violation of your privacy.

As an example of this, the Threema Safe backups are anonymous. We don't know
which backup file belongs to which user. This has some usability downsides,
but the obvious huge upside that we don't know which backup file belongs to
which user.

Another example: Your avatar is not stored on any server. Instead it's sent
along with your messages if it changes. This has the usability downside that
people won't immediately see your changed avatar if you don't exchange any
messages. However, it has the advantage that we don't know how all our users
look like (in case they use a picture of themselves as avatar).

As a service provider, user data becomes a liability. The less you have, the
better :) In German, there's a word called "Datensparsamkeit" (data frugality)
that describes this concept well.

------
harryf
Threema is “big” in German speaking countries - they’re usually high up the
paid app charts in Germany, Austria and Switzerland and may have reached a
level where (social) network effects are working in their favor.

They got a significant boost in German press and downloads when Facebook
bought WhatsApp which seems to have propelled them ever since.

What’s interesting about this is it shows that while the majority “don’t care
about privacy” a significant minority do care - enough to allow a company to
thrive.

------
adev_
Being "Swiss made" does not make me trust you more if you are proprietary.
Privacy and proprietary software are mutually exclusive.

That's a big disadvantage you have in front of Signal, Matrix and
alternatives.

------
bjoli
Have they fixed their forward security yet? Being "froward secure on the https
layer" doesn't really cut it in this day and age. If I delete messages on my
phone I don't want an messages retained on the server to be easily decrypted
if someone gets my key. It is a rather simple trust issue.

~~~
zahllos
It does not seem so according to their whitepaper, which I downloaded today.
Unless this is out of date. They also describe the prekey mechanism used in
Signal, WhatsApp, Wire etc as experimental and unreliable, which is an
interesting assertion to make given the success of the protocol underpinning
these clients.

~~~
iforgotpassword
Not that I know enough about crypro to make an authoritative statement but
generally speaking, more often than not, if something's successful it
primarily means it's accessible and easy to use, rather than being robust and
secure. (That is not to say that that's mutually exclusive.)

~~~
zahllos
I don't quite understand what you're replying to. The experimental and
unreliable scheme they describe is used by WhatsApp, who have probably an
order of magnitude or two more daily users.

I'm not saying threema is unsuccessful. I am saying their justification for
not providing end-to-end forward secrecy isn't really valid.

------
motohagiography
While I use Signal and am a proponent of secure messaging in general, it would
be valuable to discuss the threat models for different messengers and privacy
techs.

Threema looks smart, and I what I think is missing from the material is what
threats it addresses and how.

Does it:

\- protect the content of your messages from mass interception? (appears to,
barring crypto errors)

\- protect the anonymity of you and your correspondents from network operators
and their staff and admins?

\- protect your contacts and messages from reading and exfiltration by other
apps on your phone?

\- protect content of your messages from corporate mobile device management
tools?

\- protect anonymity of correspondents and contents of messages from targeted
malware that has rooted or jailbroken the device? (probably not, but wickr's
aliases can mitigate it somewhat)

\- protect anonymity of you and your correspondents from captive portals? (+
message secrecy/integrity)

\- protect message content and correspondent anonymity from
theives/attackers/co-workers with phone imaging forensic tools?

\- protect group membership from infiltration using unauthorized, stolen, or
cloned app memory images?

This isn't a complete threat model (I generate these for a living), but having
short answers to these would go a long way to making a case for a secure
messaging product.

------
Nykon
Used to be a fan of threema until they were subjected to. The revised Swiss
Federal Act on the Surveillance of Postal and Telecommunications Traffic in or
around 2016.

Backdoors introduced by law, as far as I've gotten into it. I no longer can
recommend it.

~~~
dbrgn
Even under the revised BÜPF, the government has no power to ask for backdoors.
They can only ask for data that is already stored (which is very little
metadata in the case of Threema, since collecting as little data as
technically possible is the guiding principle for Threema).

More information can be found in the transparency report:
[https://threema.ch/en/transparencyreport](https://threema.ch/en/transparencyreport)

(Disclaimer: Threema dev)

~~~
iforgotpassword
Since you outed yourself: does your company have an official stance on 3rd
party clients?

~~~
dbrgn
I can't give you any official answer (I'm here privately and don't speak for
the company), but the terms of use of Threema don't disallow reverse
engineering. As long as third party clients don't actively undermine the
business model or trademarks, this shouldn't be a problem. In doubt, just send
an e-mail to info@.

After all, [https://openmittsu.de/](https://openmittsu.de/) is a thing. (Note
that the developer of OpenMittsu does not offer the option of generating an
identity in the software itself, instead you generate an identity on your
phone and then transfer it to OpenMittsu through an ID backup.)

(Edit: Almost forgot: The "Threema Web protocol" has also been officially
documented: [https://threema-ch.github.io/app-remote-
protocol/](https://threema-ch.github.io/app-remote-protocol/) I would love to
see alternative clients that implement it, to allow using your Threema app
from other platforms.)

------
plolio
I don't like that the source code is not fully open so I prefer Signal. I
think the only thing holding Signal back is a proper UI. I use it with few
people but for most people it's just unusable.

~~~
acidburnNSA
Unusable in what way? My mom is using it just fine, sending pics, doing
encrypted voice, etc. Are you referring to some more advanced features?

------
rrggrr
I'll never talk my friend and vendors into pay up front for an app, and that
is why this isn't likely to succeed. You need to change the purchase model -
perhaps allow an individual to buy several licenses they can distribute with
one charge.

~~~
pizza234
It is actually popular in some countries.

People does pay for apps (and software in general), so ultimately, it's a
matter of perceived value vs. cost.

Given (at least) the relatively low cost (between 3 and 4 USD) and the
mediatic pressure about messaging security, in cultures/countries that are
more privacy-concerned, Threema does have a market.

~~~
dbrgn
Paid apps indicate a more sustainable business model than venture capital. As
developer, you are only obliged to your customers, which in this case are the
users, not the investors. Threema has no external investors.

------
xpaulbettsx
Threema is a nightmare, if you switch from iOS to Android or vice-versa there
is literally no way to migrate your data, and this fact is extremely
obfuscated by the help docs which mention "export" but surprise! There's no
importer. Its push notifications are extremely annoying as well, either just
not working at all, or notifying for every message in a huge group. Use Signal
instead.

~~~
dbrgn
As already mentioned in another comment, since December there's a new cross-
platform server based backup that will allow you to transfer your ID,
settings, contacts and groups to other devices:
[https://threema.ch/en/blog/posts/threema-safe-
en](https://threema.ch/en/blog/posts/threema-safe-en) The design is documented
in the crypto whitepaper: [https://threema.ch/press-
files/2_documentation/cryptography_...](https://threema.ch/press-
files/2_documentation/cryptography_whitepaper.pdf) You can also host your own
backup server.

The iOS integration is still in Beta, but will be released soon. Windows Phone
will also support this.

~~~
xpaulbettsx
But no actual content. Normal people don't care about this nonsense, they just
want to talk to their friends, and I get to explain to them why the only way
they can read their old messages is via a zip file full of TXT documents.

~~~
fabiandesimone
People that don't care about this just use WhatsApp, Facebook Messenger, etc.
They are well served, so not sure what exactly are you complaining about.

~~~
xpaulbettsx
They don't though. They get lured in by news of the "NSA spying on them",
install this app, and later find out all of the caveats after they're
committed and end up losing data. It sucks.

------
teekert
I love this, It's how such apps should work (pay directly, get what you
expect). Fortunately the vast majority of people I interact with think
everything should be free, don't care about or know about online privacy and
couldn't care less about getting an ad shoved in a their face from time to
time.

------
fencepost
Last I heard Threema was kind of third-place option behind Signal and
WhatsApp, at least in terms of use in English-speaking countries. I had the
impression it was significantly more popular in Germany, but I don't know
anyone in my circles using it.

On the upside, I like that they have a business model ("Threema Work") and
features that can make it viable for business use, though being European I
don't know if they've bothered with anything related to HIPAA and I wouldn't
expect them to support BAAs if required.

~~~
jorvi
Huh? WhatsApp is by far the biggest, with Telegram trailing a distant second
place, and other messengers even further behind. There is a case for counting
Facebook Messenger as second place, but afaik the only reason most people even
use it (and they do it begrudgingly) is because Facebook forces them by
excluding messaging from the main app.

~~~
fencepost
I phrased it badly, and I have a slightly odd niche - when I last looked at
this a few years ago I was trying to find ways to get doctors to stop sending
group SMS messages between themselves for patient handoffs.

At the time there wasn't much out there, and nothing run by Facebook was even
going to pass the initial sniff test as an option.

------
BlackLotus89
[https://media.ccc.de/v/33c3-8062-a_look_into_the_mobile_mess...](https://media.ccc.de/v/33c3-8062-a_look_into_the_mobile_messaging_black_box)
For everyone interested in the protocol itself.

Oh and of course the open source go library
[https://github.com/o3ma/o3](https://github.com/o3ma/o3)

Bought threema a few years ago. I got only two people that actually use it and
I really prefer signal, but I like some design decisions threema made :) (for
instance the verification+verificatiin indication)

Oh yeah and openmittsu was ok, but last time I tried it I could only use this
or my phone, so not really useful....
[https://github.com/blizzard4591/openMittsu](https://github.com/blizzard4591/openMittsu)

------
XiS
If you are currently using an Instant Messenger like WhatsApp, Viber, LINE,
Telegram or Threema, you should pick an alternative here.

src=[https://www.privacytools.io/#im](https://www.privacytools.io/#im)

------
dimensi0nal
It's proprietary.

------
kodablah
It says "full anonymity" but only mentions an ID. So an ISP can tell I'm using
it and what time as opposed to Tor or something which obfuscates the network
of whatever messenger? Surely on digital networks we've come to a better
definition of "full anonymity".

Also, I assume I have to trust the company, which is sadly normal in these
cases. I can't run a server on my own?

------
m3kw9
Should add the line, “As secure as we proclaim.”

------
mjg59
Eight digits of ID space isn't that many. What stops someone from just
registering all of them?

Edit: Not using phone numbers also comes at an additional usability cost - you
need to back up your ID and key information in order to be able to transfer it
to a new device. If you don't do that, and if your existing phone dies, you
need a new identity.

~~~
EugeneOZ
I'm so happy to see messenger without fucking phone number requirement. If you
think your phone number can't be stolen - you don't know real things.

And in their FAQ you can find you can use phone number if you want, exactly
for described purposes.

But as someone who was living in country where you can't trust your
government, I can't trust messengers where phone number is a requirement.

~~~
jakubp
This is interesting, how exactly can a phone number be "stolen"? I mean a
practical reality. I'm in Poland, have had the same number for >10 years with
several carriers in a row, contract-based. How can anyone "steal" it / take it
over?

~~~
monocasa
SS7 is horribly secured, and you can pretty easily forge that signaling
information.

For the past couple years here in the US, scammers have been calling with
stolen numbers that match your prefix more than a random caller probably
would. So for ABC-DEF-GHIJ all of ABC-DEF matching is a pretty good sign it's
a spammer if you live in a large metropolitan area. Unfortunately it makes
them nearly impossible to track back, because when you call the number back,
it's some random private number that didn't even make the call and has no idea
what you're talking about. I've had a couple very angry people call me and
yell to stop trying to sell them credit cards.

~~~
jakubp
I don't fully follow the prefix thing. So a scammer makes a call from a number
that's a prefix of my number? That doesn't affect 2FA, that won't show up as
"me" on my friends' phone screens when they call, etc... how is that an issue?

~~~
monocasa
The scammer is able to forge the signaling and routing. It's not that they
have numbers for your prefix, they're just able to connect to SS7, know that
they're calling 555-111-2222, and forge the signaling information for say
555-111-3333 hoping that you're more likely to pick up the phone, and you have
no way to call them back as they'll not be associated with that number once
the call is done.

> That doesn't affect 2FA

You can use the same techniques to say "I am 555-111-2222, route all sms for
that number to me".

> that won't show up as "me" on my friends' phone screens when they call

They absolutely can do that.

It's not that they bought numbers in each of the prefixes, it's that they're
forging the signaling information for another number in your prefix
dynamically, based on your number.

~~~
jakubp
Thanks :)

------
atmosx
How do these apps generate revenue? Do they sell stickers etc?

~~~
saagarjha
This app in particular costs money.

