What do the three colored dots next to a contact mean?
The dots are an indicator for a contact's verification level. They don't affect the encryption strength, but are a measure for the probability, that the saved public key of a contact belongs indeed to that contact.
- Level 1 (red): The ID and public key have been obtained from the server because you received a message from this contact for the first time or added the ID manually. No matching contact was found in your address book (by phone number or email), and therefore you cannot be sure that the person is who they claim to be in their messages.
- Level 2 (orange): The ID has been matched with a contact in your address book (by phone number or email). Since the server verifies phone numbers and email addresses, you can be reasonably sure that the person is who they claim to be.
- Level 2 (blue): This verification level is only available in Threema Work; it indicates that the Threema ID belongs to an internal company contact.
- Level 3 (green): You have personally verified the ID and public key of the person by scanning their QR code. Assuming their device has not been hijacked, you can be very sure that messages from this contact were really written by the person that they indicate.
- Level 3 (blue): This verification level is only available in Threema Work; it indicates that the Threema ID belongs to an internal contact whose ID and public key you have verified by scanning their QR code.
The verification levels don't change anything in the encryption strength (it is always the same high-grade ECC based encryption), but they are a measure of thetrust that the public keys saved for your contacts really belong to them. Having the wrong public keys leaves you open to man-in-the-middle (MITM) attacks, therefore it isimportant to verify the keys.