RSS Feed

New Threema audit

Threema is known for rock-solid security and unparalleled privacy protection. The algorithms and protocols used in Threema’s cryptography are well documented, and the encryption’s proper implementation can be verified at any time. On top of that, renowned experts periodically conduct independent audits to confirm Threema’s security.

Headed by Prof. Sebastian Schinzel, the Lab for IT Security of Münster’s University of Applied Sciences has thoroughly audited Threema’s code during the past months. With considerable effort and all the required technical expertise, the Android and the iOS app as well as Threema Safe were examined in great detail for possible security flaws. However, no critical vulnerabilities were found, and the researches gave Threema top grades:

  • “Threema takes the security and privacy of their users very seriously.”
  • “Threema performs as specified in the published documentation.”
  • “Threema’s security and privacy features are intact and effective.”

The audit report is publicly available in its entirety. The few minor issues that were put forward have been addressed immediately and are already fixed in the current app versions. Get an idea of the test procedure Threema has undergone:

Consult the audit report

Anonymity – the ultimate privacy protection

Conventional chat services identify their users by means of the users’ phone numbers. Since a phone number points to the identity of its owner, it’s not possible to use such services anonymously. But how is that a drawback? Why should you care about anonymity if you only communicate with friends you know personally?

In order to address these questions, it’s necessary distinguish two kinds of anonymity:

  1. Anonymity in regard to the chat partner – “horizontal anonymity”
  2. Anonymity in regard to the chat service – “vertical anonymity”

Threema accommodates both types of anonymity:

  1. Instead of a phone number, the Threema ID serves as unique identifier. Since this ID is a random sequence of characters, it doesn’t reveal any details about the owner’s identity. Therefore, it’s possible to contact someone via Threema without disclosing one’s identity to the contacted person.
  2. Linking personally identifiable information (such as the phone number or an email address) to one’s Threema ID is optional. Therefore, Threema as service provider has no way of knowing a user’s identity if they don’t link a phone number or email address to their ID.

Horizontal anonymity enables you to communicate with like-minded people in group chats without having to expose your identity in the process. Due to the rise of censorship in social media, this use case is becoming increasingly popular. Another typical scenario is the use of Threema as a whistleblowing channel, and there are even churches that use Threema as a “digital confessional”.

While anonymity in regard to the chat partner may not be of equal importance to all Threema users, vertical anonymity is relevant to all users in the sense that each of them chooses whether to use this privacy feature or not.

By disclosing your identity to every Internet service you use, a comprehensive record of your online activities can be compiled by combining the user data from the different sources. If, however, you remain anonymous to a service, you can be absolutely sure that the respective data will not be merged with your user data from other sources and therefore can’t be misused for advertising or other purposes.

If you decide to link your Threema ID to your phone number or email address (in order for your contacts to easily retrieve your ID), this data is safely stored on the Threema server in encrypted form. However, if you don’t disclose any personally identifiable information in the first place, your anonymity is guaranteed, and your privacy is protected in the best possible way. Because as long as someone’s identity is unknown, their privacy can’t be violated; that’s why anonymity is the ultimate privacy protection. In short, anonymity is to privacy what end-to-end encryption is to security.

New promo clip

Privacy protection is important. As a Threema user, you know that. But not all Internet users are aware of this and voluntarily hand over their data to the companies behind free messengers.

The new Threema video shows that it’s not worth saving on chatting and paying with private data. Protect your own as well as your friends’ private lives with Threema.

Are all encrypted chat apps equally secure?

These days, any popular instant messenger encrypts the transmitted messages; therefore, it doesn’t matter which service you use. Right? Not quite. For one thing, there are major differences regarding type and scope of the encryption, for another thing, as important as encryption is, it is only one aspect of comprehensive security.

End-to-end encryption

The term “secure instant messenger” is typically used to refer to chat services that end-to-end encrypt the transmitted messages. This is to say that only the intended recipient can decrypt and read the messages but not the service provider or any third party that might intercept the messages in transit. Not all popular chat services use this form of encryption. Even some of the services that are generally considered secure don’t use it by default or not across the board.

A secure instant messenger should not just end-to-end encrypt selected single chats; it should use a well-established method to end-to-end encrypt any kind of communication, including voice calls, media files, group chats, and status messages.

Handling metadata

The way metadata is handled is just as important for comprehensive security as message encryption. “Metadata” is any information relating to the communication except the message content itself, e.g., identity of sender and recipient, their IP addresses, time, place, and frequency of communication, contact lists, group memberships, profiles, etc. This data allows to draw insightful conclusions about the users, which is why certain companies systematically collect it and combine it with data from other sources. With the phone number as common denominator, it’s particularly easy to map user data across different sources.

A secure instant messenger should only generate data that’s absolutely necessary for message exchange. Because where there is no data, no data can be misused.

Security by design

In contrast to chat services that have introduced end-to-end encryption after the fact (and collect user data to this day), Threema was built from the ground up with security and metadata restraint in mind. For example, Threema can be used without disclosing any personal information because instead of a phone number (as with traditional messaging apps), an anonymous ID serves as unique identifier.

Besides encryption of messages and handling of metadata, the security of a chat service depends on several other factors. The independent website Secure Messaging Apps Comparison offers a detailed comparison of popular instant messengers based on a variety of such factors. Threema scores particularly well: It’s the service that ticks the most “nothing of concern” boxes.

Compare instant messengers on securemessagingapps.com

Threema Safe for iOS

iOS users can now protect themselves against loss of their Threema ID, contacts, group memberships, and privacy settings: Threema Safe, the anonymous backup solution for your most important Threema data, is now also available on iOS.

Since Threema Safe is platform-independent, it allows to transfer the mentioned data from Android to iOS (and vice versa). Threema for Windows Phone will add Threema Safe support with an upcoming update.

To learn more about Threema Safe, please refer to the FAQs. For more details about Threema 4.1 for iOS, please consult the change log.

Why you should care about privacy even if you have “nothing to hide”

You’re sitting in a coffee shop, talking to a friend. Suddenly, the waiter shows up, asks for your phone numbers, and wants to know who else you’re friends with and what you’re talking about. Do you provide the requested information? Would you provide the information if, in turn, you wouldn’t have to pay the bill? Is it safe to assume that you have something to hide if you don’t enter into this deal?

Internet users who disclose their privacy in order to access free online services often do so on the grounds of having “nothing to hide”. However, as closer inspection reveals, this position is untenable. Having nothing to hide might be a desirable state of affairs, but it doesn’t entail that it’s safe to disclose one’s privacy.

If you don’t feel comfortable providing the requested information to the waiter, that doesn’t mean you have something to hide. It simply means you wish to preserve the privacy you rightfully deserve. Maybe you’re discussing something mundane, like the weather, but you think it’s none of the waiter’s business. Also, you don’t know what the waiter might do with the obtained information and why he’s keen on acquiring it in the first place.

If you do not carelessly disclose personal information to strangers in real life, you probably shouldn’t provide the same information to online services, either. By combining several data points, it’s easy to draw a detailed picture of you; one which reveals far more than each data point would on its own – and one that could reveal more about you than you would imagine.

Today is Data Privacy Day. Protect your privacy, for example by using the services listed on privacyheroes.io.

Threema Safe: The anonymous backup solution for your most important Threema data

Thanks to Threema Safe, you will never lose your Threema ID, contacts, and groups again. Our new backup solution is anonymous, highly secure, automatic, platform-independent, and can be self-hosted. Once Threema Safe is activated, you can confidently forget about it.

Why Threema Safe is secure, how often backups are created, which data they contain, how to store backups on your own server, and more information can be found in the Threema Safe FAQs. Technical details concerning security are documented in the Cryptography Whitepaper.

Threema Safe is currently available for Android. iOS and Windows Phone will be supported soon. To learn what else is new in Threema 3.6 for Android, please refer to the change log.

Threema for iOS: Web client and more

Threema 4.0 for iOS is here! This major update adds support for Threema Web and allows to adjust notification settings on a per-chat basis. On top of that, it includes other enhancements as well as several under-the-hood improvements.

Web client for iOS

With Threema Web, you can conveniently use Threema on the desktop without compromising security. Simply connect Threema with your browser by scanning a QR code. You can then send and receive Threema messages on your computer, where all your chats are fully available. Save or send images and other files with ease by dragging and dropping.

As with the web client for Android, Threema Web for iOS was developed with security and privacy in mind. The communication between phone and PC is fully end-to-end encrypted, and after the session is terminated, the synchronized messages are immediately deleted in the browser. Technical details are documented in the Cryptography Whitepaper.

Individual notification settings

Notification settings can now be adjusted on a per-chat basis, allowing you to disable or mute notifications of any single or group chat indefinitely or for a specified amount of time. If, for example, the current topic of a group conversation does not concern you, simply deactivate notifications of the group for a given amount of time.

The 4.0 update includes many other changes and additions. For example, you can now delete multiple media files at once and create groups of up to 100 members. For all the details, please refer to the change log.

Threema Broadcast: Threema communication enters the next level

With Threema Broadcast, Threema introduces a new era of professional instant messaging. Never before has top-down communication been this versatile, secure, and straightforward.

  • Use feeds and distribution lists to send messages to any number of recipients, and turn Threema into a powerful newsletter channel. While users can subscribe to and unsubscribe from feeds, you manage the recipients of distribution lists yourself.

  • With bots, you can create interactive information-retrieval systems that allow your users to quickly get the answers they are looking for.

  • Manage central group chats together with any number of co-administrators, and participate in the group discussion right from your PC, without a mobile device.

Threema Broadcast is available free of charge to all Enterprise users of Threema Work. It is integrated into the management cockpit, ensuring a smooth interaction between the crucial tools for corporate communication. There is also the option to use Threema Broadcast as stand-alone service at affordable rates.

These are just some of the various benefits Threema Broadcast offers: You streamline the broad distribution of information, simplify employee support and customer care, and save time and money. Unlock the full potential of instant messaging, and lead your company to success with Threema Broadcast.

Visit the Threema Broadcast website

Threema for Android: New Threema Web version

The new version of Threema for Android includes some design tweaks, e.g., handy date separators in chats, as well as a streamlined group and chat management (tap and hold a chat in the chat overview to see all available options).

Furthermore, the 3.5 update adds support for Threema Web 2.0. The new web-client version improves performance, allowing for even faster and smoother navigation. “My ID” settings can now be accessed and adjusted directly in the browser (by clicking on your name).

The 2.0 update prepares the web client to be used via the iOS app. The beta test of Threema Web for iOS has entered the final stage.

Success Stories: A showcase of Threema Work’s versatility

Across the world, leading companies of all industries use Threema Work for fast and secure communication in the company.

Since the new EU General Data Protection Regulation (GDPR) entered into force, the demand for Threema Work has increased even more.

The Threema Work ecosystem covers a whole variety of use cases. Read our Success Stories to learn more about Threema Work’s versatility. Find out first hand how it can contribute to the success of your company, and learn how Threema Work helps our clients to communicate in an efficient, secure, and affordable way while leaving data-protection concerns behind.

Read the Success Stories

More reasons to use Threema Education

We have recently introduced Threema Education, a secure and privacy-compliant chat solution for schools and educational institutions.

Today, Threema Education becomes even more compelling because there are no more recurring costs. With a one-time purchase, schools can now permanently enable students, parents, and teachers to chat without exposing their privacy. Considering a usage term of five years, Threema Education is only CHF 1.82 (€ 1.58) per year for one user.

The General Data Protection Regulation (GDPR) has sparked a lively debate over whether the use of chat services for school purposes is legal or not. Due to the rigorous privacy protection, the use of Threema in schools is safe and GDPR-compliant.

Since Threema doesn’t require a SIM card or a phone number, it is also ideally suited for school tablets.

Learn more about Threema Education and start a free trial

Threema Web for iOS: Beta test begins

As it enters the beta stage today, the web client for iOS approaches the finish line!

Join the beta program to be among the first iOS users who can access Threema from the desktop. Put the web client to the test, and report any bugs you encounter.

The number of beta testers is limited. As usual, the “First come, first served” principle applies. Existing testers automatically participate in the beta program and don’t need to sign up again.

Thank you for your support, have fun testing!

Join the beta program

Why pay for Threema when you can get other encrypted messaging apps for free?

Guest article by Jaime Escuder

Often, when I ask people to join me on Threema, they balk. “Why should I pay for Threema, when I can use other encrypted messaging apps for free?” they ask.

Actually, there are a lot of reasons why Threema is worth paying for.

For starters, Threema is simply more enjoyable to use than other messengers and offers everything one would expect from a modern chat app, even allowing for encrypted phone calls.

Also, as a Swiss company, Threema is protected by Switzerland’s stringent and user-friendly privacy laws, meaning that it’s not subject to the vulnerabilities of America’s weak privacy protections like U.S.-based messaging apps are.

In addition, unlike many other apps, Threema doesn’t require your phone number, which means that its users can communicate with each other completely anonymously.

While each of these is a good reason to use Threema, there is another crucial aspect that is often ignored. It may seem counterintuitive, but the fact that Threema is a paid app is one of its greatest strengths.

At Threema, it’s the users, not investors, who are in charge

Threema does not operate under a typical Silicon Valley type of financial model, which is based on catering to advertisers. Instead, Threema charges a fee because, naturally, it has to cover its development and payroll costs. But what this means is that Threema is actually owned by its users and not by investors or venture capitalists who have an agenda.

Yes, mining a user’s data or accepting outside funding can allow an app to be “free,” but the truth is that nothing is free. If you’re not paying for a service, you can expect that your data is being exploited in some way, as we saw with Facebook’s Cambridge Analytica scandal. Threema’s reliance upon its users for support means that its only incentive is to make the best encrypted messaging app possible.

When you use online products that don’t charge for their services, you’re giving your privacy away for free. When you pay for a service like Threema, you’re paying to protect it.

Threema Education: A special offer

Attention, educational institutions! There is now a special offer for you: Threema Education. You benefit from a 60% discount compared to Threema Work Enterprise.

Instant messaging is arguably the most popular means of communication, especially among the youth. Students interact lively via chat apps and use them to coordinate their school projects. Teachers have also started using instant messaging to quickly and conveniently assign homework, organize field trips, etc. However, conventional chat apps are not suitable for schools due to their poor privacy protection; experts strongly advise against their use.

Stay on top of instant messaging. Get Threema Education to protect the privacy of both students and teachers, and allow them to strictly separate personal and school communication.

Learn more: Threema Education