Made in Switzerland
Threema is essentially very similar to WhatsApp but with more focus on security, anonymity and free from advertising. Hence, with the explosion of online social interaction, mainly through our smartphones, digital privacy has become a key concern.
Relying on the word and servers of big companies like Apple and Facebook (which owns WhatsApp) isn’t going to cut it. For such privacy-conscious people, there are third-party apps like Threema.
The name stands for “End-to-End Encrypted Messaging Application”, abbreviated to “EEEMA”. But that was a bit many “E “s, so it became “Threema”. According to Threema, the company finances itself through corporate subscriptions and app sales.
Behind the Messenger App is Threema GmbH based in Einsiedeln, Switzerland. As you know, Switzerland does not belong to the European Union. While WhatsApp reserves the right in its general terms and conditions to pass on information about users without informing the user, in the case of Threema a monitoring/information order from a Swiss court is necessary.
Before we dive into the review, we need to mention that Threema is, unfortunately, not an alternative for everyone: The app is only available for iOS and Android. While WhatsApp is only available on smartphones, Threema also works on tablets. However, you can’t connect both devices to the server at the same time. Keep in mind that only the last used equipment will show your messages.
Top Messenger by Users
Threema is far away from the above numbers; hence, counts 5 Million users in 2018. However, it is among the best selling messenger and usually benefits from global shifts such as Microsoft buying Whatsapp or thanks to Snowden.
Although when you install the App for the first time, you will immediately notice that combining security and convenience is like walking a tightrope. After you have installed Threema from your app store and installed it, launch the application. Now you need to create a key pair – a private key and a public key – for end-to-end encryption to work.
It’s easy to generate your key pair
The Messenger creates your secret codes from random letters and numbers with finger gestures. You will then receive your ID to confirm your authenticity.
Connecting with Threema Users
- You have three ways to get in touch and communicate with other users:
Threema itself recommends as the safest method to face your contact personally and scan his ID via QR code. With colleagues and friends in your immediate environment, it’s certainly excellent. Nevertheless, if your messenger contact is further away, the other methods come into play
- You can synchronise your address book. To do this, your contact partner must have assigned his mobile phone number and e-mail address to his ID. Once a day Threema synchronises these data automatically.
- The third and least secure method is the manual entry of the contact ID. Your contact list will later show you the security status of each contact.
But we’re not entirely done setting it up yet. Now, you can, but you don’t have to enter your e-mail address and mobile phone number and link it to your ID. Then give yourself a nickname used for your chat partners in push notifications. If you want to secure the access to Threema, you can also enter a passphrase in the settings, which is optionally requested after each start or in a predefined time interval. You can check the option to delete all data in the app after ten unsuccessful attempts.
Threema users decide about privacy
At WhatsApp, a security problem arises from reading the address book. Threema leaves this decision up to you, the user:
Basically, you can use the Messenger also without access to the address book. If you switch off synchronisation, the app does not read any address book data. You then have to enter your Threema contacts manually – via ID input or QR code scan. If you opt for synchronisation, the e-mail addresses and telephone numbers get hashed out of your address book, i.e. one-way encrypted.
The transmission of data to the Swiss servers utilises additional SSL security. They delete the hashes from their working memory as soon as the list of matching IDs has been determined. Threema itself ensures that it writes neither hashes nor matching results to a disk.
What Threema can do is missing in WhatsApp
It’s not easy to combine security and ease of use. While WhatsApp chose ease of use, Threema’s healthy mix of both works quite well. For example, to create the secret key pair during app setup, Threema is offline. The private and public keys don’t leave the phone during installation – everything happens locally. While the public key must get distributed so that encrypted messages can be sent, the private key remains on the device used. From both key pairs, the recipient’s public key and the sender’s private key, the app calculates a third key that encrypts the message itself.
The message recipient decodes a message with his private key. The Threema Server does not decrypt information, so they cannot be given to any authorities. So if a Swiss court orders report according to Swiss law, this information cannot consist of sent messages. And the data would also otherwise look rather meagre: If the recipient retrieves messages, they get deleted from the server. IP addresses or traffic data (who sent which message to whom and when) are also not stored. If the user decides not to link the e-mail address and mobile phone number to his ID, this data is not stored on the servers either.
Threema Call and Chat
According to Threema, calls and chat messages are also encrypted “end-to-end”. The keys are created on the device and do not leave it according to Threema. Besides, Threema makes sure that it generates as little metadata as possible when using this function. Thus, is uses the anonymous Threema ID for the connection instead of the user’s telephone number.
Another security feature is the use of a constant bit rate for audio encoding. This means that no conclusions can be drawn about the content due to the size of the data packets transmitted. Finally, a peer-to-peer connection is established between the callers whenever possible.
With the introduction of encrypted voice calls, Threema is moving up from its functional scope to that of its local competitors.
Threema offers the following functions
- Send text and voice messages
- Make voice calls1
- Share images, videos, animated GIFs and locations
- Send files of any format
- Use Threema on the Desktop
Threema special functions
- Create polls and polls
- Communicate with the Agree/Deny function without triggering a push notification.
- Hide especially private chats additionally and protect the access with a PIN or the fingerprint
- Use Threema Safe to create anonymous backups of your most important Threema data
- Choose between dark and light design
- Use Threema on tablets and devices without SIM card
- Verify contacts via QR Code
- Format texts in messages1
- Create distribution lists
- Chat completely anonymously. No mobile phone number required
- Contact synchronisation is optional
- Quote text messages
- Pin chats to
Threema Web Access
The plugin is required to use the app on the desktop. A QR Code Scanner is installed and linked to Threema. Afterwards, open http://www.threema.ch and scan the QR Code with your smartphone.
How about Secret Intelligence
The Federal Intelligence Service (NDB) has received new possibilities to obtain information through the adoption of the Intelligence Service Act (NDG).
With approval, the NDB will in future be able to search the entire Internet and e-mail traffic for specific keywords and addressees of e-mails using so-called cable reconnaissance.
Threema itself has stated several times that this cable education has no influence. The user himself applies the end-to-end encryption, and only little data can get obtained from the metadata.
Unfortunately, Threema has substantially fewer participants than Whatsapp or WeChat. This is actually regrettable because this messenger would really be a very good solution in today’s world especially in the professional exchange of information.
Hence, we hope to gain new users with this blog entry and to establish Threema at least in the business messaging.
Read our blog on reMarkable