Discover Threema, paid, E2E-encrypted messenger used by governments
| December 16, 2023While widely known and popular messengers like Telegram and Skype announce (fake) E2E encryption, let’s take a look at less popular, but MOST secure messenger on the planet, the Threema.
The difference is: Opposite to Telegram, which generates your private key on server (and stores it, allowing to decipher any of your messages, stored on same server), Threema uses real E2E encryption with no access to your private keys and messages. It does not require you to reveal your email or phone as well, no any details needed.
Threema is a highly secure messaging platform with basic features, a simple interface, and comprehensive customer support.
When we think about messaging platforms, most of us will not forget popular apps like Telegram and WhatsApp. A lesser known messaging app is Threema—a secure and anonymous platform from Switzerland.
Interested in Threema? Check out the website here
Unlike popular apps like Signal, Whatsapp, and Telegram, Threema is not a free app. You’ll have to pay a one-time fee of $2.99 to download it. This may be a deal breaker for some users, but to Threema’s 8 million active users, that’s a small price to pay for the security and privacy that the platform offers.
Like most messaging apps, you can use Threema to send text and voice messages, share files, media, and locations, and make voice or video calls. Compared to popular apps like Telegram, though, Threema’s features are pretty basic.
Threema allows you to protect your individual chats and hide them from the chat list on Threema’s main screen so that no one else can view your confidential messages. Notifications that you receive for messages in a private chat also contain no message preview.
Long-press a chat that you’d like to make private, and select Mark as private chat. You’ll then be prompted to create a PIN, which you’ll have to enter each time you want to show a private chat.
Interface and in use
Threema is available on Apple’s App Store and the Google Play Store as well as in the Threema Shop. You can also access Threema on your desktop simply by scanning a QR code with your mobile.
Setting up your Threema account is a simple process. Unlike platforms like WhatsApp or Telegram, you’re not required to provide your phone number, email, or any personal information during setup.
Instead, all you need to do is create a username and password and generate a Threema ID, which you can receive by starting the app and tapping around on the main screen. You’ll need to know a user’s Threema ID to start a conversation with them.
On all operating systems, Threema’s interface is simple and without frills. Those coming from WhatsApp will find that the two platforms have a similar interface. On the main screen, you’ll find all your active conversations. Click on a conversation you want to open and you’ll find that message bubbles are neatly arranged and easy to read. Overall, Threema’s interface holds no surprises and is easy to use.
The Secure WhatsApp Alternative for Public Authorities
Public authorities often have complex structures, several hundred or even thousands of employees, various offices, and countless areas of responsibility. Providing fast and secure communication tools to their employees can therefore be quite a challenge. Find out how an instant messenger can help authorities to enable seamless information exchange across departments.
What makes Threema secure?
Threema uses tried-and-tested asymmetric cryptography to protect messages and calls between sender and recipient (and the communication between the app and the servers). Threema uses the open-source library NaCl for encryption. Since the Threema apps are open source, anyone knowledgeable enough can confirm Threema’s security.
There are two layers of encryption: The end-to-end layer between the conversation participants, and an additional layer to protect against eavesdropping of the connection between the app and the servers. The latter is necessary to ensure that an adversary who captures network packets (e.g. on a public wireless network) cannot even learn who is logging in and who is communicating with whom.
All encryption and decryption happens directly on the device, and the user is in control over the key exchange. This guarantees that no third party – not even the server operators – can decrypt the content of the messages and calls.
Strength of the encryption: The asymmetric ECC based encryption used by Threema has a strength of 255 bits. According to a NIST estimate (page 54), this corresponds at least with the strength provided by 2048 bit RSA. ECDH on Curve25519 is used in conjunction with a hash function and a random nonce to derive a unique 256 bit symmetric key for each message. The stream cipher XSalsa20 is then used to encrypt the message. A 128 bit message authentication code (MAC) is also added to each message to detect manipulations/forgeries.
Perfect Forward Secrecy: Threema supports Perfect Forward Secrecy.