Threema. The Secure Messenger
To me it comes down to how many of your contacts are actually willing to use the messaging app. The unwillingness of many people to "install another messenger" on their phones seems to be one of the strongest forces in nature........
Threema. The Secure Messenger
Max-Zorin To me it comes down to how many of your contacts are actually willing to use the messaging app. The unwillingness of many people to "install another messenger" on their phones seems to be one of the strongest forces in nature
I use Signal and Threema (since it is FOSS): On Signal I have 70 contacts, on Threema 4. Nevertheless, Threema is a really good tool: It works really smoothly and reliable. I like the fact, that you can use it without a phone number.As a third messenger I use the xmpp app Conversations. This would be my favourite, but I gave it up to convince people. ;)I am happy when I can draw people to Signal which is not so hard.
I think if you consider all the trade-offs between security, privacy and usability (which goes hand in hand with a decent number of users), these two messengers are the only choice. For Signal I have got a significantly larger user base which is probably due to the fact that it is for free and people get more pleasant features they like from WA (e.g. stories). Threema is a bit more sober. However, I like the polls there a lot. BTW: With Threema you can decide for every single contact if this contact recieves a "read receipt" or "typing indicator". And you still can see those receipts yourself if your contact allows you to see them. Even if you don't allow that contact to see receipts for the messages he sent to you. You can also tell Threema to search your own contact list for contacts who have Threema without the necessity to share your own phone number. So you can find Threema users from your contacts without telling them that you use Threema (unless you text them via Threema of course).
The ETH cryptographers Kenny Paterson, Matteo Scarlata and Kien Tuong Truong carried out seven attacks in three different threat scenarios. In one attack, they managed to break authentication in Threema by exploiting the lack of proper key separation between different sub-protocols. In another attack, the researchers managed to recover users' private keys by observing the size of Threema-encrypted backups via a side-channel attack based on compression. Their work highlights some of the difficulties faced by developers of secure messaging systems. Paterson, Scarlata and Tuong Truong also draw three lessons for developers of secure protocols in general.
Threema is a provider of an encrypted messenger application based in Switzerland with over 10 million users and 7000 business customers. Along with Signal and Telegram, Threema is promoted as a secure alternative to WhatsApp. The messenger is among the top Android apps in the "for pay" category in Switzerland, Germany, Austria, Canada and Australia. The Swiss government and military use Threema for their official communications. German politicians, including the current German Chancellor Olaf Scholz, also rely on the secure messenger service.
Secure messaging apps use encryption to keep the contents of communications private and prevent unauthorized parties from accessing your chats and calls. The most secure messaging apps use end-to-end encryption, ensuring that only the message sender and recipient can see the correspondence.
EncryptionYour data is highly sought after by cybercriminals and advertisers. The best encryption software makes sure your personal data stays private. A secure messaging app offers end-to-end text encryption to enforce privacy.
Privacy policyIf you care about your privacy, make sure the companies providing your apps do too. A secure messaging app adheres to company policies that respect your privacy and protect your data.
Telegram is cloud-based, so it stores all your messages and pictures on a secure server. This lets you access your data on any connecting device, on a variety of platforms. However, this also leaves your data vulnerable if their servers are breached.
Considered one of the most secure messaging apps on the market, Signal protects your communications with end-to-end call and text encryption. Its encryption protocol is so secure that other leading apps like WhatsApp and Facebook messenger use it too.
Threema is an open-source, totally encrypted messaging app whose company headquarters are in Switzerland. Like other apps, it features messages, voice and video calls, and group chats. But unlike its competitors, Threema does not require a phone number or email to use, making it one of the best secure messaging apps for anonymity.
Facebook Messenger is a hugely popular secure messaging service, owned by the social media tech giant, Meta. It has a familiar interface that features one-to-one messaging, group messaging, stickers, photos, file transfers, and voice and video calls. It also has a disappearing message feature.
Overall, Signal is likely the most secure messaging app in 2023, considering the strength of its security features, the power of its end-to-end encryption protocol, and its open-source code base. It features disappearing messages and can be secured with a password. Recent updates have made Signal even more feature-rich and user friendly.
Being mathematically secure is not enough it has to be also secure when it executes in the time and power domains as well. These extra security domains were not those of research cryptograpers prior to AES.
The X3DH handshake is essentially multiple Curve25519 ECDH handshakes (one long-term, one short-term e.g. biweekly, one totally ephemeral), which are mixed together using a secure key derivation function (i.e. HKDF).
A recently discovered FBI training document shows that US law enforcement can gain limited access to the content of encrypted messages from secure messaging services like iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr.
As Forbes reporter Thomas Brewster said on Twitter earlier this week, past news reports have already exposed that the FBI has legal levers at its disposal to obtain various types of personal information even from secure messaging providers that often boast about providing increased privacy to their users.
Besides having end-to-end encryption of all messages, you could also scan thepublic key of another contact in form of a QR code, and this would mark thecontact as verified in the UI. It wasimplemented in a way that non-technical people could understand and use. As faras I know, Threema was the first messenger to offer a simple way ofauthenticating contacts in a mobile messenger with a single scan, and remainedthe only one for several years. Other messengers sometimes provided end-to-endencryption, but often without authentication, opening up the possibility ofMITM attacks. (Signal has introduced the marking of conversations as verifiedin 2017.)
Besides simplicity of implementation (which generally is an important aspect insecure software), the choice of NaCl long-lived keys also enabled thatout-of-band key verification feature mentioned above. Identities areirrevocably tied to a public key, meaning that once you've verified and storedan identity, you can be sure that messages from that identity are encrypted bythe corresponding private key. In contrast to protocols where each device hasits own device keys, and where users get used to regular "the key of yourconversation partner has changed" warnings, this means that once you've fetchedthe public key of a user, the directory server isn't able to replace thatpublic key with a different one. For the case where an identity is compromised,there is a key revocation feature built-in.
There were also a lot of other changes over the years to improve privacy andsecurity properties of our protocols and systems. Often, design choices that mayseem odd at first glance, are guided by external constraints. For example, earlyversions of iOS did not allow waking up an application in response to a pushnotification. This means that if you'd get an end-to-end encrypted message, theapp would not know who it's from, and could not display any name on the lockscreen. Without UX features like that, the user experience is not good, clearlyworse than when using a messenger that does not value privacy. As a workaround,the first version of Threema had the concept of the "public nickname", chosenby the user (optional and explicitly indicated to be public), which is includedin the non-E2EE header of every message. Nowadays, iOS has the concept ofnotification extensions, which can decrypt incoming messages, so the publicnickname became unnecessary metadata. In 2021 (after we dropped support for iOSversions that didn't yet support notification extensions) we implementedsupport for processing E2EE metadata (including the nickname). Additionally, westarted encrypting the push payload between the chat server and Apple's APNsserver. We also used this occasion for more modern algorithmic design choiceslike BLAKE2b as KDF and Protobuf as serialization format. (We've started usingBLAKE2b for a while now for newer protocols, to achieve better key separationand to avoid payload confusion issues).
In summary, expectations towards mobile messengers are changing andrequirements are increasing. Not just on the cryptographic side. A mobilemessenger, which was essentially a glorified SMS app in the past, must now beable to send files, view and edit videos and photos, offer end-to-end encrypted1:1 and group calls, offer multi-device capabilities and ease of use from thedesktop, and much more, all while remaining secure and shipping regular updatesand features.
Now on to the main findings! One thing that bugged me about the marketingwebsite of the research team was the fact, thatit summarized the broad idea and the worst-case impact for each attackscenario, but mostly did not mention the requirements, assumptions andprerequisites. A user that isn't technical enough to read and understand thepaper, but reads through the website, must assume that it is highly unsafe tokeep using Threema. In the worst case, they'll go back to use something likeWhatsApp or Telegram (since "messengers are all unsafe, so it doesn't matterwhich one to pick"). 041b061a72