1. 3

  2. 3

    The security team I work on uses this for out-of-band communication during incident response. It’s been quite handy for that when you’re still validating that certain assets were not compromised.

    I know during the big Target Breach (I think it was Target? Might’ve been Sony…), this was all the incident response team and management were using because they had been so thoroughly hacked.

    1. 2

      I’d be curious how it compares to TextSecure: TextSecure is end-to-end encrypted, has a great UI, and so on and so forth, and is free software.

      On the contrary, I see a few worrying things about Threema:

      • It does not appear to be free software, nor open source. I have a hard time trusting closed software, especially when it is a security related tool.
      • Full anonymity and a Threema ID does not seem to be compatible to me: if it is tied to one’s public key, there’s an obvious connection. With this connection, I see a couple of ways to connect an ID to an individual. There goes anonymity. Perhaps I’m paranoid, but I fail to see how this ID helps anything when it is tied to the public key anyway, either.

      Their answer in the FAQ to why Threema isn’t open source is also a load of bollocks.

      In short, in about 10 minutes, the Threema FAQ managed to persuade me to stay the hell away from the software. Not too bad.

      1. 1

        I like Threema a lot but I can’t ever seem to convince anyone else to use it, and that it doesn’t have a desktop client limits its workflow to that of SMS, effectively. I don’t like being tethered to my phone.

        1. 2

          I convinced multiple people to Threema just because it is a very nice messenger. Don’t sell the crypto first.

        2. 1

          How does it compare to Telegram?