- What makes Threema secure?
- How does Threema compare to other messengers?
- What’s special about Threema’s privacy protection?
- Which data gets stored at Threema?
- Is Threema open source?
- Are messages stored in encrypted form on my device?
- Could you decrypt my messages, for example if you were required to by law enforcement?
- How do you protect yourself against man-in-the-middle (MITM) attacks with Threema?
- Where are the servers located?
- Will my address book data be sent to your servers?
- How does Threema audit its code?
- How and where is my key pair generated?
- Is the use of Threema compliant with privacy laws?
- How can I find out which data is stored about my ID on Threema’s server?
- What kind of data is transmitted via push notification services?
What’s special about Threema’s privacy protection?
Comprehensive privacy protection requires solid message encryption, but there is more to it.
Threema can be used without providing any personal information whatsoever. Instead of a phone number, the Threema ID (a randomly generated eight-digit string) serves as unique identifier. Linking a phone number and/or email address to one’s Threema ID is optional.
All data involved in communication other than the actual content is metadata. Serious privacy protection must include both protection of content and protection of metadata. The sole protection of content is insufficient because metadata allows to uniquely identify individuals, analyze their behavior, determine their circles of friends, detect their frequent locations, and monitor their communication behavior. Combined with data from other platforms, the picture that can be drawn of a person is much more detailed than one that could ever be drawn from message contents alone. It’s likely that many messengers are used to systematically collect and analyze their users’ metadata. Threema, on the other hand, generates as little data as technically possible and only stores it as long as absolutely necessary.
Optional contact synchronization
Synchronizing your address book in order to retrieve your contacts’ Threema IDs (provided they have linked them, see above) is optional. If you don’t want to grant access to your address book, you can either scan your contacts’ Threema IDs or add them manually.
In case you enable contact synchronization or link your ID with a phone number or email address, you can rest assured that Threema uses this information only temporarily for the specified purpose. Personal information is always hashed, both in transit and on disk.
To find out how Threema stacks up against other messengers in regard to privacy protection, please refer to the messenger comparison.