Is Threema secure enough to be a Signal competitor?

Threema has gained quite the traction amongst privacy minded folks. But is it really secure enough to call itself a Signal competitor? Spoilers: Not quite. From false comparisons on their website stating Signal potentially can compromise it’s users under a law order since it’s in U.S to using bad cryptographic protocols, Threema has done it all. So does Threema remain a valid option for privacy minded folks?

P.S: Argue with logical points. Refrain from indulging in Ad Hominem attacks or using unverified sources to back up your illogical claims. Pointing out signals flaws( requirement of p phone number ) to justify usage of Threema is absurd and won’t result in a productive discussion.

2 Likes

Henry touched on this in the latest Surveillance Report.

Starts at 17:36

3 Likes

That’s great. Good job.

2 Likes

It’s all relative. Threema is certainly a much better option than most mainstream messengers. But I can’t think of too many situations where it would be a better option than Signal. Still, everyone has their own threat models and priorities and it’s good to have options.

5 Likes

IMO Threema can be compared to Telegram. Good no of features, very bad security.Still Telegram ranks the worst out of the two since Telegram requires ph no. And uses dated protocols.

Encrypting messages costs a lot unfortunately, which have to be taken up by the concerned organisation. If Signal were to remove the mobile no. Requirement, they would have to see an influx of trolls and scammers sending messages encrypting all of which would cost an awful lot. If Signal were to be made paid, they would lose their non-profit status. And for my (and most folks around here) threat model, giving out Phone Number isn’t than big of a deal. The telecom companies already has my name attached with my phone number. Voter records already make my name and ph no public. There are bigger fish to fry for me. But I do acknowledge the threats other people might have to face, for example LGBT people living in an authoritarian regime like Saudi Arabia. For people with such threat models, I suggest using a VOIP number to register for Signal insead of using insecure alternatives.

I personally don’t find this comparison very fair…

Telegram doesn’t implement E2EE by default for new chats, nor does it do very much at all to protect your metadata, and Telegram actively says they don’t hand over user data to governments when it’s been confirmed they do - so no transparency.

Threema fairs significantly better in all of these issues, and while perhaps not being ‘as secure as Signal’ is probably secure enough for a large number of threat models. Versus Telegram I would argue isn’t secure nor private enough for anyone, given it doesn’t by-default protect them.

Just my two cents.

I mean Signal also requires a phone number, yet it’s still a great option for many different demographics and what they need for their privacy & security. Telegram even has a slight advantage from a privacy POV, as at least you don’t have to show your number to your contacts, thanks to its username support. Just different things to think about for different people!

2 Likes

Why not use Signal with VOIP ph no? Signal is free of charge, while Threema is paid and while money is not really an issue as the app costs the same as a starbucks coffee, why even waste that money too given Threema is quite insecure? Download signal, get a VOIP number( if you are oppressed) donate that extra bucks to Signal.

It really angers me that Threema despite having a solid funding and a paid app model did a crappier job at security than an Open source project funded by a few good individuals. I urge everyone to donate some money to Signal Foundation in recognition of the good work they do selflessly. I will try and do the same.

1 Like

About people saying Telegram isn’t secure - Talking about data and not metadata - is there any evidence messages were breaches once?

There are multiple blaring data breaches for telegram, I won’t bother posting much links (just look it up ) but here is one

Or multiple;

2 Likes

To the original question asked in this message thread, I think that yes, Threema is secure enough to be a Signal competitor. However, I think in most situations, Signal is the better choice. Where Threema has an advantage is in situations where using one’s phone number as one’s identifier is undesirable and for communicating with persons in regions where Signal is blocked (but Threema might not be).

If a phone number being known by a contact or associated with an account is a concern, Session is probably a better option at that point.

Session doesn’t match the security of Signal and doesn’t have the proven track record of Signal. Signal is just better than all other messengers and works fine for the threat model of 99% people on planet Earth (including whistleblowers).

Use VOIP numbers to register for Signal.