Why Threema Instead of WhatsApp?

There are countless reasons to switch to a privacy-compliant instant messenger. Here are the most important ones.

Privacy by Design

For the most part, Threema and WhatsApp offer the same features, and there is hardly any difference in terms of usability. When it comes to security and data privacy, however, the two services differ on almost every level. Threema was designed from the ground up with high security and data reduction in mind, while WhatsApp’s business model is based on the use of personal data for marketing purposes.

Download Threema:

Providing Personal Information

Providing Personal Information

In order to use conventional chat services, it’s necessary to disclose personally identifiable information. WhatsApp, for example, requires users to provide their phone number. Threema, on the other hand, doesn’t force users to disclose any personal information whatsoever. Instead of a phone number, the Threema ID (i.e., a random string of characters) serves as unique identifier. Linking a phone number or email address to one’s Threema ID is possible but optional. Hence, Threema can be used completely anonymously, which is a crucial feature in terms of privacy protection: Where there is no personal data in the first place, no personal data can ever be misused.

Address-Book Access

Address-Book Access

WhatsApp requires access to the user’s address book. Contact details are transmitted to a server where the data is permanently stored. Without access to the address book, the service cannot be used (without serious limitations). Threema, on the other hand, lets users decide whether to grant access to the address book or not. The app is fully functional without address-book access. If a user decides to synchronize the address book for the purpose of finding contacts on Threema, the contact details are hashed, sent to the server, and immediately deleted from the server once the synchronization is complete.

Open Source and External Audits

Open Source and External Audits

To ensure full transparency, the Threema apps are open source. Thanks to reproducible builds, there’s also a means to verify that the published code (of the Android app, for the time being) actually corresponds to the apps available for download. Furthermore, Threema regularly commissions external experts to conduct comprehensive security audits. WhatsApp, on the other hand, is not open source, and no independent security audits have been published. This is to say that there is no way to verify the company’s claims regarding security and privacy protection.

Business Model Dictates Handling of Metadata

Metadata is all data that’s involved in communication other than the actual content, e.g., any available information about sender and recipient, message properties, plus date and time and other circumstances of the transmission. Facebook, the owner and operator of WhatsApp, is financed by selling targeted ads and therefore has an economical interest in metadata that’s as telling as possible. By systematically collecting metadata and combining it with data from other services (e.g., Instagram), detailed user profiles can be created. Thanks to these user profiles, ads can be sold at high prices because they can be targeted to specific demographics.

Threema is based on a transparent business model that’s compatible with the “Privacy by Design” credo. The service is financed by the sale of the app, i.e., the users pay for the service. The system was designed from the ground up with security and metadata reduction in mind. Only data that’s necessary for the service operation is generated and never stored longer than technically required.

Direct Comparison

The most important differences between Threema and WhatsApp in terms of security and data privacy at a glance

Threema
WhatsApp

Threema

WhatsApp

Privacy by Design: No phone number or email address required

The service can be used anonymously.

End-to-end encryption of transmitted messages

Other than the intended recipient, no one (not even the service operator) can read regular chat messages.

Circumvention of end-to-end encryption is not possible

It’s not possible to circumvent the end-to-end encryption by means of unencrypted message copies on the device, there is no fingerprinting and no status feature on the server side, and received URLs are not opened automatically.

Service runs its own server

The service provider operates and runs all servers, and there are no cloud or hosting services (such as Amazon AWS or Google Cloud) involved.

No storage of chat messages on the server

Messages are immediately and irrevocably deleted from the server once they are delivered to the recipient.

No use of user data for advertising purposes

User data is not used for targeted advertising or for other marketing purposes.

No address-book access required

It’s not necessary to grant access to the address book in order to use the service (without workaround/limitation).

Decentralized architecture

Contact lists, groups, and user profiles are managed directly on the user devices, not on a central server.

Contact verification

The identity of contacts can be verified out of band, e.g., by scanning a QR code, and the verification is persistent.

GDPR compliance

The service complies with the European General Data Protection Regulation (GDPR).

Open source

The app’s source code is publicly accessible, and reproducible builds can be used to verify that it actually corresponds to the app available for download.

Latest security audit

When was the latest security audit conducted by external experts?

Funding

App users
Meta/advertising

Jurisdiction

To which country’s jurisdiction is the service is subject to?

Switzerland
USA4

Privacy Is Worth Paying For

There is no such thing as a free lunch. If you don’t pay money for a service, you pay with your data instead.

Download Threema