Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
Privacy and encryption
Threema - Maximum Security Chat App
Message
<blockquote data-quote="HarborFront" data-source="post: 714475" data-attributes="member: 55987"><p>From what I gather</p><p></p><p>Pros</p><p></p><p>1) End-to-end envcryption</p><p>2) Do not require email or handphone number for verification during registration/sign up. Threema will generate an ID for its user so 100% anonymity is guaranteed.</p><p>3) The "read"-indicator and the "is writing"-indicator can be turned off for better privacy</p><p>4) Pay once for a lifetime license</p><p>5) After being delivered, the messages will be deleted from the Threema servers</p><p>6) The private key can be encrypted using a passphrase</p><p>7) Threema uses only permissions it really needs to work. The camera and microphone permissions are outsourced to separate plug-ins.</p><p>8) Address book synchronisation is optional</p><p>9) To ensure maximum security, both the connection between the app and the servers and the one between the parties communicating with each other are encrypted separately. The former is especially important as anyone capturing network packets (on public wifi for instance) can’t figure out who is messaging to whom.</p><p>10) Threema provides forward secrecy on the network connection (not on the end-to-end layer). Client and server negotiate temporary random keys, which are only stored in RAM and replaced every time the app restarts. An attacker who has captured the network traffic will not be able to decrypt it even if he finds out the long-term secret key of the client or the server after the fact</p><p>11) Users have total control over key exchange with encryption and decryption staying on their device only. The server operators or any other party are therefore unable to decrypt messages.</p><p>12) You can purchase Threema from its webstore (NOT Google Play Store) to avoid using Google Cloud Messaging (GCM) when it comes to push notification. Under settings/troubleshooting you can select Polling and Polling interval (5/15 out of 30 minutes). Threema will then poll the messages from the server just like IMAP polling without push. Messaging services using GCM for their alerts means Google can know when and who the messages have been send from/received.</p><p>13) The servers are located in Switzerland</p><p></p><p>Cons</p><p></p><p>1) Except for the encryption the rest is not open source. However, its source code has been independently audited</p><p>2) Another issue is when you have created a group but at a later stage you want to switch devices. Since the encryption happens on your device only, you won’t be able to continue with that group on another device. Even if you switch your identity over to another phone (this option exists), it still won’t help.</p><p>3) Messages do NOT self destruct on recipient devices. Some says this feature is useless since the recipient can always take a snapshot of the message on its device before it self destructs.</p><p></p><p><a href="https://decentralize.today/threema-secure-messengers-or-not-so-secure-part-3-6df427896caa" target="_blank">Threema — Secure Messengers.. or not so secure? Part 3</a></p><p><a href="https://www.reddit.com/r/Threema/comments/345qmr/reasons_for_using_threema_en_ger/" target="_blank">Reasons for using Threema [EN + GER] • r/Threema</a></p><p><a href="https://www.reddit.com/r/Threema/comments/7qq3sf/why_i_cant_recommend_threema/" target="_blank">Why I cant recommend Threema • r/Threema</a></p><p><a href="https://www.reddit.com/r/Threema/comments/41nfqw/i_just_learned_about_threema_why_should_i_use_it/" target="_blank">I just learned about threema. Why should I use it over signal? • r/Threema</a></p><p></p><p>A comparison of Threema against other secure messengers is done here</p><p></p><p><a href="https://www.securemessagingapps.com/" target="_blank">Secure Messaging Apps Comparison | Privacy Matters</a></p></blockquote><p></p>
[QUOTE="HarborFront, post: 714475, member: 55987"] From what I gather Pros 1) End-to-end envcryption 2) Do not require email or handphone number for verification during registration/sign up. Threema will generate an ID for its user so 100% anonymity is guaranteed. 3) The "read"-indicator and the "is writing"-indicator can be turned off for better privacy 4) Pay once for a lifetime license 5) After being delivered, the messages will be deleted from the Threema servers 6) The private key can be encrypted using a passphrase 7) Threema uses only permissions it really needs to work. The camera and microphone permissions are outsourced to separate plug-ins. 8) Address book synchronisation is optional 9) To ensure maximum security, both the connection between the app and the servers and the one between the parties communicating with each other are encrypted separately. The former is especially important as anyone capturing network packets (on public wifi for instance) can’t figure out who is messaging to whom. 10) Threema provides forward secrecy on the network connection (not on the end-to-end layer). Client and server negotiate temporary random keys, which are only stored in RAM and replaced every time the app restarts. An attacker who has captured the network traffic will not be able to decrypt it even if he finds out the long-term secret key of the client or the server after the fact 11) Users have total control over key exchange with encryption and decryption staying on their device only. The server operators or any other party are therefore unable to decrypt messages. 12) You can purchase Threema from its webstore (NOT Google Play Store) to avoid using Google Cloud Messaging (GCM) when it comes to push notification. Under settings/troubleshooting you can select Polling and Polling interval (5/15 out of 30 minutes). Threema will then poll the messages from the server just like IMAP polling without push. Messaging services using GCM for their alerts means Google can know when and who the messages have been send from/received. 13) The servers are located in Switzerland Cons 1) Except for the encryption the rest is not open source. However, its source code has been independently audited 2) Another issue is when you have created a group but at a later stage you want to switch devices. Since the encryption happens on your device only, you won’t be able to continue with that group on another device. Even if you switch your identity over to another phone (this option exists), it still won’t help. 3) Messages do NOT self destruct on recipient devices. Some says this feature is useless since the recipient can always take a snapshot of the message on its device before it self destructs. [URL='https://decentralize.today/threema-secure-messengers-or-not-so-secure-part-3-6df427896caa']Threema — Secure Messengers.. or not so secure? Part 3[/URL] [URL='https://www.reddit.com/r/Threema/comments/345qmr/reasons_for_using_threema_en_ger/']Reasons for using Threema [EN + GER] • r/Threema[/URL] [URL='https://www.reddit.com/r/Threema/comments/7qq3sf/why_i_cant_recommend_threema/']Why I cant recommend Threema • r/Threema[/URL] [URL='https://www.reddit.com/r/Threema/comments/41nfqw/i_just_learned_about_threema_why_should_i_use_it/']I just learned about threema. Why should I use it over signal? • r/Threema[/URL] A comparison of Threema against other secure messengers is done here [URL='https://www.securemessagingapps.com/']Secure Messaging Apps Comparison | Privacy Matters[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
