Encrypted IM app Threema now available for Android

Been playing around with this application for a little while now. It appears to do what the creators claim. However I can not confirm they follow what they state on their main site for their central server and privacy at this time, though can not confirm they don't either. Overall pretty neat mobile to mobile messaging tool with the added security.

-EB

 

Appears to be closed source. If it wasn't for that I would test it out. I use Gibberbot and chat secure on iOS. Both opensource alternatives.

 

Same here. You can even run your own private XMPP server with ejabberd or Openfire, and control the server. Enable ZERO logging and mandate TLS, as well as OTR in the clients, and Bob's your uncle. Also, Chaos Computer Club and DuckDuckGo offer free XMPP servers as well.

Steve Gibson mentioned Threema, so I'll check it out, thanks.

PD

ETA: Policy reads well, gives a warm and fuzzy...they take Bitcoin as well. I'm liking them more and more.

 

How does Threema compare to Gibberbot or alternatives?

fwiw, I'm currently using Gibberbot for encrypted google chat. The only problem I had with it was that if I had it open on both my android devices (Gibberbot) and my PC (Jitsi) and started an encrypted chat with someone else, it would lead to errors. I creaated a new google accounts to use for chatting on the android devices, and this was ok as a work-around, but obviously it would be nicer to use the same google account on all devices and PC without problems.

 

Did you set the "Resources" number different on each client? That may help. I set my phone higher than my desktop.

PD

 

Probably not. I just used the defaults (don't even remember a resources number).... [looking at Gibbertbot settings] in fact, the only number I can find is heartbeat interval, which I now set from 1 to 2, but obviously it doesn't matter anymore since I'm using a different email.

 

On Gibberbot, sign out. Then long press and choose edit. Then advanced and "XMPP Resource Priority". Set one higher or lower than the other client/device. The XMPP server can be set up to allow only one instance at a time, or multiple...which is where priority comes in....but you have no control over that unless you run the server.

PD

 

I'm using this. This seems to make the most sense to me and looking at the options this seems best. They really is based in Swiss, this is confirmed. That is huge to me, as I think this biggest security issue of any app is not encryption but being based in the USA.

Basically anyone from any govt agency can read anything from any based US company including history since day #1. They can do this most times without a warrant. Not just the NSA but FBI, CIA, IRS, EPA, SEC, so any jealous relatives can get in fairly easily.

Based in Swiss along with the fact that you have to pay $2 so you know their motive, makes this seem like a good one to me. Also because it is made so well you can get your friends and family on it so easily, unlike other options. My friends and family couldn't believe I was willing to chat on something because I would never normally use the Whatsapp, facetime, google apps options. I had 20+ people signed up in a week.

 

I've been using Threema for 5 months now and I absolutely love it. The only problem is, due to the code being closed, nobody can really verify if their claims are true.

I really want to trust this service since it looks like it's done right, so I contacted their support. They replied with the following link. I'm not a security expert so I'm wondering if a few people here can have a look. Does this prove their claims of end-to-end security? Can I trust the service based on this validation tool? At least as much as I trust LastPass?

https://threema.ch/validation/

 

Same here with ChatSecure (Gibberbot) on Android and Pidgin on Linux. Could this be the reason?

Source: https://pressfreedomfoundation.org/encryption-works#otr

Maybe Gibberbot or Jitsi eventually try to decrypt a message with the wrong key? I mean, both apps are opened and the same time so according to the quote when chatting with someone I would guess that "Chatsecure-> Your friend" and "Jitsi->your friend" are using different encryption keys. And maybe that leads to errors.

Thanks! I will give it a try .

 

Threema Security Validation

I've been using Threema for about 6 months now and I really like it. It would be perfect except for one thing: Proprietary code. I can't verify if everything is as secure as they claim. It sure looks good, but I'd like to know for sure.

I wrote them and they replied with this link: https://threema.ch/validation/

I have a decent conceptual understanding of what good security should look like, but I'm not really qualified to verify the implementation with certainty. Can a few of you take a look at this and tell me what you think?

Thanks for the help.

 

Even though Threema is a paid app, it uses a self-signed cert :S

 

Bye Bye, WhatsApp: Germans Switch To Threema For Privacy Reasons

http://techcrunch.com/2014/02/21/bye-bye-whatsapp-germans-switch-to-threema-for-privacy-reasons/

 

Yes, and it makes sense. However, it remains to be seen if a company with just 3 people will be able to handle such a big number of users ...

 

I installed (bought) it myself. Well, money down the drain: none of my contacts uses it.

 

Don't give up on it so quickly. Recruit some people. Since I've started using it, it's just been my wife and me. That's 80% of my text traffic anyway, but I know more people will come onboard soon.

 

It's too bad it's a paid app, I was going to get it, and had a friend who was going to get it, unfortunately, no money for it.

 

You're kidding, aren't you? It's just 1.60 EUR or 2.00 CHF ...

 

I'm poor, on government assistance, food or a paid app...the choice is obvious!

 

How about: https://telegram.org/ open source too...
windows alpha client: https://tdesktop.com/

 

Be careful about that one.

Some other alternatives: https://missingm.co/2014/02/fightin...of-mobile-cross-platform-encrypted-messaging/