Threema

Threema is a proprietary, end-to-end encrypted instant messaging and voice over IP application for iOS, Android, Windows Phone, and desktop. It is developed by Threema GmbH, a Swiss company. The app allows users to send text messages, as well as make voice and video calls, share files, and location.

Like Signal, Threema is considered to be one of the most secure instant messaging apps available and offers end-to-end encryption, which means that the message is encrypted on the sender’s device and can only be decrypted by the intended recipient’s device. Threema also offers additional security features such as the ability to verify the identity of contacts, and the ability to create and manage a list of trusted contacts.

One of the key differences between Threema and other messaging apps is that Threema does not require users to provide a phone number or email address to register for the service. Instead, each user is assigned a random Threema ID, which is used for identification and encryption. This allows for greater anonymity and privacy for users.

Threema is not open-source, but it has undergone independent security audits and published the results of the audits.

Usage

Starting in January 2022, the Swiss Armed Forces has recommended that their troops use Threema[1], instead of WhatsApp, Telegram, and Signal. The reason for this is that Threema is based in Switzerland and its servers are not located in the United States, meaning that it is not subject to the CLOUD Act. Additionally, soldiers will be reimbursed for the cost of using the app. This is a great way for the troops to keep their conversations secure and private.

Threema vs Signal

Where both are on par with each other:

  • they’re both partly FOSS (Threema open-sourced at least their messenger app a while ago)
  • both use state of the art encryption which has been audited

Where Threema leads:

  • account registration: while Signal uses a phone number, Threema allows you to use IDs, which allows for more anonymity

Where Signal leads:

  • Signal is a non-profit organisation, whereas Threema is developed by a for-profit LLC, which may arguably turn out to be much more corruptible.

Where both suck:

  • centralisation: both messengers depend on servers operated solely by the organisation that’s behind it. If those servers go down (because the organisation ceases to exist), so will the messengers, even though they’re FOSS. There’s no way to run your own Signal or Threema servers.
  • proprietary code: Signal’s server software is partly closed source (they claim for spam prevention reasons), Threema’s is entirely (affair).
  • user count: the user base of both can hardly compare to cancerous, yet successful messengers such as WA and FB messenger, meaning: you typically have to ask people to install your messenger of choice. It’s not impossible, though!

What shouldn’t matter:

  • cost: people seeking a privacy-respecting messenger shouldn’t be put off by cost. Someone’s got to pay for the server costs. Threema costs you three bucks up front, and as a Signal user you should donate to keep it running. I’ve just done that.

What I personally use:

Signal, but more for historical reasons. When I started using it, it was still called TextSecure and Threema was still closed source. Therefore I had good reason to mistrust Threema. Closed source end-to-end encryption was and still is a joke. Since Threema opened up, I’d say it’s a reasonable alternative.