Statement on ETH Findings

Last year, a student at the Department of Computer Science at ETH Zurich wrote his master’s thesis on Threema’s communication protocol. ETH Zurich has now published his work as a paper/preprint. The presented findings have been addressed or no longer apply to Threema’s current communication protocol “Ibex.” None of them ever had any considerable real-world impact.

Read on…

A Decade of Seriously Secure Messaging

Exactly ten years ago today, on 12/12/2012, the first ever Threema version was published in Apple’s App Store. We celebrate the tenth anniversary of this historic moment with three birthday presents: a humorous short film recounting Threema’s origin story, a 50% discount on the app, and our extended protocol suite that future-proofs the system for the next decade and further solidifies Threema’s security with the new communication protocol “Ibex.”

Read on…

Threema for iOS: Preview of Upcoming Multi-Device Functionality

With the desktop app and the web client, it has been possible to use Threema on the computer for a while now. At the moment, the desktop app and the web client require an active (end-to-end encrypted) connection to the mobile device. To send and receive Threema messages on the desktop even when the mobile phone is turned off, a multi-device solution is in development.

Starting today, a tech preview of Threema 2.0 for desktop is available, which allows iOS users to test the upcoming multi-device functionality ahead of time. To use the responsive new desktop application, which was redesigned from the ground up and is based on a totally new architecture, you will need the multi-device beta version of the iOS app.

Test the multi-device functionality now

At the moment, the tech preview of Threema 2.0 for desktop is only available for iOS, not for Android. In the future, support for multiple linked devices, including tablets and Android devices, is planned.

New Communication Protocol “Ibex” and Extended Protocol Suite

Just in time for the tenth anniversary, Threema introduces “Ibex,” a new cryptographic communication protocol that further solidifies Threema’s time-tested security and future-proofs the overall system. On top of that, the overhauled protocol suite receives additional key components that lay the groundwork for forthcoming features.

Read on…

Agree/Disagree Feature for Groups

In a conversation, you nod or shake your head to let others know what you think. In a messenger chat, the thumbs-up or thumbs-down icons are used instead. Threema was the first messenger to introduce the agree/disagree functionality, which allows users to react to incoming messages with approval (thumbs up) or disapproval (thumbs down) without triggering a push notification on the chat partner’s end.

This unobtrusive form of interaction is very popular among many users, and in certain situations, it is the most appropriate form of communication. It also allows those who have deactivated read receipts to acknowledge the receipt of individual messages.

As of now, the popular feature is also available in group chats, where it unfolds its full potential. If every member of a large group were to state their (dis)approval of some message by replying to it, things would get out of hand quickly. Using the agree/disagree feature, however, the group chat stays tidy, and it’s evident at a glance how the group members feel about the message. To see who (dis)agrees with a message, simply tap and hold it, and press “(i)” (on Android) or “Details” (on iOS).

The agree/disagree feature is available starting with Threema 5.0 for Android and Threema 4.8.5 for iOS.

Update/download Threema

Threema for Android Introduces Group Calls

When Threema was first released almost ten years ago, it was a chat-only app. These days, however, many users have come to rely on it for secure and privacy-compliant phone calls, which don’t require to disclose a phone number. Expanding Threema’s feature set further, the 5.0 update allows Android users to conduct audio/video group calls of up to 16 participants.

Just like 1:1 calls, group calls are end-to-end encrypted and meet the regular Threema call’s high level of security. Also in terms of quality, users don’t have to give up what they’re used to: group calls offer the same crystal-clear voice quality and brilliant video quality regular calls are known for.

To initiate a group call, simply tap on the camera icon in the top right corner of the desired group chat. All group members (who use the Android app) will receive a push notification that informs them about the call, and they can join by opening the notification, via the group chat, or from the chat overview.

Besides other changes and additions, the 5.0 update also provides the option to activate “Perfect Forward Secrecy” for messages. More information can be found in this FAQ entry.

Update/download Threema for Android

Threema for iOS will support group calls at a later date.

Plenty of New Features for Threema’s iOS App

A breath of fresh air in Threema’s iOS app: With a host of new features and numerous improvements, the extensive 4.8 update offers even more privacy options and provides better handling of the chat overview. You can now mark chats as private to protect them from prying eyes, set read receipts per contact, and tidy up your chat overview with the new archive feature.

If you use the web client or the desktop app on a regular basis, please read the notice at the end of this post.

Read on…

The Privacy Pledge: An Alternative Vision to Big Tech’s Internet

As demonstrated by our recent candid-camera experiment, people still have a strong desire for privacy. In general, we’re not comfortable disclosing personal information about ourselves and our friends if third parties request it without having a compelling reason.

On the Internet, however, we are often unaware of the extent to which our personal data is collected and the exact purposes it is used for.

Companies that offer their online services free of charge and are funded by selling targeted ads go to great lengths to obscure the fact that user data is systematically collected, compiled into comprehensive user profiles, and, in some cases, shared with third parties. On the websites of such companies, these practices go unmentioned, and in their privacy policies, the relevant clauses are deliberately scattered across several paragraphs and written in incomprehensible language full of cryptic jargon. What’s more, some companies even have the audacity to advertise their services as particularly privacy-friendly.

There Is Another Way

To take a stand against this widespread surveillance capitalism, which is already accepted as a necessary evil by some, we’ve joined forces with Proton, Brave, the Tor Project, and a couple of other Internet services to launch the Privacy Pledge initiative.

For one thing, the Privacy Pledge aims to show that there are indeed ways to provide online services without undermining the users’ privacy. For another thing, it proposes a set of standards every online service should adhere to in order to give users control over their data and properly protect their privacy. To learn more, please visit the Privacy Pledge website:

privacy-pledge.com →

Threema Libre: Full Independence from Google Services

After the recent introduction of Threema Push, which allows Threema to be used without Google’s push service, we now go a step further by introducing Threema Libre. By design, this Threema version for Android is completely free of proprietary dependencies, and it is available exclusively via the alternative app store F-Droid.

In Threema Libre, there’s no single line of code that would require a proprietary software library from Google or any other third party. Push notifications, for example, will only be delivered using Threema Push, and a fallback to Google’s push service is ruled out from the outset. Since Threema Libre also supports reproducible builds, it’s comparatively easy to verify that the installed app cannot leak any data to Google. And because the whole code including all components is open source, the app can be audited in its entirety.

Users of de-googled Android variants are now able to install Threema without worries via F-Droid and keep the app up to date with the store’s update management.

In order to download Threema Libre via F-Droid, it’s required to add Threema’s F-Droid repository. For details, please refer to this FAQ article.

Candid Camera: Ice Cream in Exchange for Your Data

What year were you born? What’s your phone number? And what’s your best friend’s name? – Would you answer personal questions like these in exchange for a free ice cream on a hot summer day? On Zurich’s largest square, we have put to the test how much personal information passersby are ready to disclose to get a free ice cream. The result is as funny as it is insightful:

The vast majority of the protagonists was clearly confused by the personal questions, and almost no one answered them straight off. At the same time, however, countless Internet users readily disclose the same personal information to tech companies in order to use their online services.

Yet, as the famous saying goes, if you’re not paying for a product, you are the product. This is to say that tech companies use the collected data to create detailed user profiles and generate revenue by selling targeted ads – a lucrative business because user data is much more valuable than it seems to the casual eye. Therefore, data protection and privacy comes at a price that’s worth paying for.

Buy Threema

Threema Push for Android

Threema Push is the new answer to the old question of how to use Threema for Android without Google’s proprietary push service. Even though the vast majority of users might not be too concerned with this question, Threema Push is a major breakthrough for users of de-googled Android variants such as /e/OS, and it allows anyone to steer clear of Google’s push service while maintaining Threema’s full functionality and usability.

By default, Google’s pre-installed (and privileged) push service is used to notify Threema for Android about incoming messages while the app is in the background. Although the notification payload is empty and no contact or message details are transferred over this channel, the so-called “push token” (a unique identifier that points to the destination app on the appropriate device) could hypothetically be used to establish a link between a given Threema user and their Google account. Therefore, it has always been possible to resort to Threema’s Polling feature instead of using Google’s push service.

With Polling enabled, Threema for Android would periodically connect to the Threema server while the app was in the background. This way, users could still receive new messages without having to open Threema. Most of the time, however, the messages would arrive with several minutes of delay, and answering calls was basically not possible unless the app was in the foreground.

Thanks to Threema Push, these inconveniences are now a thing of the past. With Threema Push, which replaces Polling, a connection to the Threema server remains open in the background, allowing new messages to arrive instantly on the phone and enabling users to answer calls no matter whether the app is open or closed. In short, privacy-conscious users no longer have to skip the “instant” part in “instant messaging.”

Find out how to activate Threema Push and learn what to consider when using it in the FAQs. More information about Threema 4.7 for Android can be found in the changelog.

WhatsApp and the Commodity of the 21st Century

Last year, WhatsApp stirred up quite the controversy with its infamous privacy policy update that arguably weakened users’ data protection. Now, a few months later, the messaging service owned by Meta (formerly known as “Facebook”) has launched a large-scale marketing campaign to present itself as a guardian of privacy. Let’s set some things straight.

SMS: A Low Reference Point

In the video ads WhatsApp has been publishing this week, viewers join a cheeky postman as he delivers mail to recipients who are baffled by the fact that their letters and parcels have already been opened. The message is plain and simple: Those who send text messages via SMS disclose their privacy, whereas the privacy of those who use WhatsApp is well protected thanks to end-to-end encryption.

At first glance, this line of thought may seem plausible, but it is based on an oversimplified notion of data protection that only takes into account the message content, while completely disregarding both metadata and the possible motives for undermining users’ privacy. Of course, end-to-end encryption is preferable to unencrypted message transmission. However, end-to-end encryption alone does not ensure comprehensive privacy protection. Not by a long shot.

The Commodity of the 21st Century

Like Facebook and Instagram, WhatsApp requires users to disclose personally identifiable information, such as their phone number. For this reason, Meta is able to identify users across different services and combine their data from various platforms into comprehensive user profiles. On top of that, there are tools that are capable of gathering data outside of Meta’s services, e.g., the Facebook plugin, which, when integrated into third-party websites, can track Internet users’ browsing behavior beyond Meta’s domain.

By systematically collecting user data from different sources, it is possible to draw a picture of an individual user that’s far more detailed and much more accurate than one that’s merely based on message content. The chat metadata (i.e., information about who’s communicating with whom, when, where, etc.) that accumulates when using WhatsApp equates to a comprehensive “social graph,” which is quite revealing in and of itself. “Likes” on Facebook and Instagram not only reflect users’ interests and their preferences, further information – such as age and income class, marital status, or sexual orientation – can also be inferred from collections of such data points. By combining the obtained information, matching it against the social graph, and supplementing it with attributes of close contacts, the whole data set becomes much more than the sum of its parts and arguably speaks volumes about the user it’s associated with.

What’s more, metadata is a lot easier to process and more reliable than the actual content it corresponds to. Edward Snowden once put it like this:

Metadata is extraordinarily intrusive. As an analyst, I would prefer to be looking at metadata than looking at content because it’s quicker and easier, and it doesn’t lie.

A Matter of the Business Model

The reason Meta is relentlessly collecting user data is inextricably tied to the tech corporation’s business model. In typical Silicon Valley fashion, Meta provides its services free of charge and generates revenue by selling targeted advertisements. The more Meta knows about its users, the better the ads can be targeted to the users. The better the ads are targeted to the users, the higher the price advertisers are willing to pay and the greater Meta’s profit.

Due to this business model, Meta/WhatsApp has a vital interest in collecting as much and as telling user data as possible. This practice is, of course, not compatible with privacy protection by any stretch of the imagination. The fact that WhatsApp messages are end-to-end encrypted (as Meta claims) is an advantage over SMS, but in the grand scheme of things, this is only a small comfort.

SMS and WhatsApp have in common that neither was designed with a particular focus on security and data privacy. To find out how WhatsApp stacks up against a messenger like Threema, which was built from the ground up with security and data privacy in mind, please refer to this side-by-side comparison.

Data Privacy Week: Raise Awareness with Your Profile Picture

Today is the first day of the Data Privacy Week, which culminates in the Data Privacy Day on Friday, January 28. The aim of this initiative is to raise the public’s awareness for online privacy and to encourage Internet users to exercise their right to privacy.

Join the movement!

Support the cause, and stand up for privacy: Add the #RegainPrivacy banner to your profile picture in chat apps and on social media to show your contacts and followers that you care about privacy and disapprove of mass surveillance by authorities and exploitation of user data by Big Tech.

Create your #RegainPrivacy profile picture here →

Background

The Data Privacy Day is an international awareness day that was initiated by the Council of Europe (not to be confused with the European Council) back in 2008 and is held annually on January 28.

This date was chosen because on January 28, 1981, the Council of Europe proposed its “Convention 108,” which is the first internationally binding agreement to protect personal data and could be considered to be a precursor to, or inspiration for, the GDPR.

Since 2008, various organizations, both governmental and non-governmental, educational institutions, and companies use this opportunity to make a case for privacy and point out the inherent dangers of systematic data collection by tech corporations and government agencies.

For one thing, privacy is a basic human right that’s valuable and worthy of protection in and of itself. For another, it is an important corner stone of democratic societies. And last but not least, there’s simply no way of knowing what kind of inferences can be drawn about individuals in the future by means of the tremendous amount of collected user data in conjunction with new technologies such as artificial intelligence.

Chat on the Computer Without a Browser

Threema Web, which has been around for some time, allows you to conveniently use Threema from the desktop without compromising security. Now, chatting on the computer gets even more user-friendly.

Thanks to the new desktop app, you no longer need to search for Threema in the browser and switch back and forth between tabs all the time. Instead, your favorite messenger is always at hand in the dock or via the app switcher. Anyone who regularly exchanges text messages on a computer will greatly appreciate this streamlined chatting experience.

The desktop solution is available for macOS, Windows, and Linux starting today. Just like the web client, on which it is based, the desktop app establishes an end-to-end encrypted connection to your mobile device. Of course, Threema for desktop covers the complete range of Threema Web’s features.

In terms of security, the desktop client even surpasses the high standard of the tried-and-tested web solution in certain respects. For one thing, there’s no way for browser plugins to introduce vulnerabilities. For another, it would be even more difficult for attackers to manipulate the app code since it isn’t loaded from a server each session but permanently stored on the user’s end.

Get the desktop app for your operating system now:

Open download page →

Outlook: Threema 2.0 for Desktop

The next major update of the desktop app will not only introduce a completely redesigned user interface, it will also be based on a totally new architecture. Thanks to multi-device functionality, version 2.0 no longer requires an active connection to your mobile device. This is to say that you’ll be able to use the desktop app even if your smartphone happens to be turned off.

The development of the multi-device technology is in full swing, but it turns out to be more time-consuming than anticipated. Several technical challenges have already been met, but there is still work ahead. More often than not, the path to security is neither easy nor fast. And when it comes to security and privacy protection, we are under no circumstances willing to cut corners. Unfortunately, the multi-device solution’s release therefore gets delayed. Thank you for your patience and understanding!

We’ll keep you posted and provide another update about the development of Threema 2.0 for desktop at the end of the year. Stay tuned!

Update 2022-12-07: There’s a tech preview of Threema 2.0 for desktop available, which allows iOS users to test the upcoming multi-device functionality ahead of time.

Threema for Android Introduces Contact-Specific Privacy Settings

With its option to adjust privacy settings on a per-contact basis, the latest Threema update for Android introduces a useful new feature.

There are some scenarios where one-size-fits-all solutions just won’t cut it, and one such scenario concerns read receipts: While you may want to send read receipts to some contacts, you probably don’t want to send them to all contacts.

That’s why Threema now allows you to fine-tune privacy settings. Instead of sending read receipts to either every contact or no contact at all, you can override the default setting for specific contacts. The same goes for the typing indicator.

Supposing you have disabled read receipts in the global privacy settings (⋮ > Settings > Privacy > Receipts) but wish to send read receipts to a contact close to your heart, just open the contact details, and set “Send read receipts” to “Send.” This will override the global setting, and nobody except your special contact will receive read receipts.

To learn more about Threema 4.57 for Android, please refer to the changelog.