Threema web client architecture, source
Threema secure messenger opened the source code and instructions for a reproducible application build. Published 12 repositories for Android, iOS clients, web version, notifications rileys and other components. This is the most important event in the history of Threema GmbH, which, with the publication of the source code, reaches a new level of development.
Against the background of the massive exodus of WhatsApp users, the paid messenger Threema has become one of the most downloaded applications in the world, along with Telegram, Signal and Element (Matrix decentralized network), see also the article "Which encryption is better: Signal or Telegram?" ...
Threema is the least known in this galaxy. But it has one advantage over its competitors - Swiss jurisdiction .
Threema is a messaging service that implements end-to-end communications encryption (E2EE). It supports audio and video calls, file exchange and other features of modern instant messengers.
There are versions for Android, iOS and the web. A separate desktop application, including for Linux, has not yet been developed.
Interestingly, the sources on Github are updated only with the update of the clients, that is, one commit = one release . Pool requests and bugs in Github repos are not accepted, only by mail.
Jurisdiction is important
Threema is developed by the Swiss company Threema GmbH. The project servers are also in Switzerland. It is the Swiss jurisdiction that is the main advantage of Threema over Signal (USA) and Telegram (USA, UK, development moves to offices in different countries, is now in the UAE, the founders and programmers are mainly from Russia, investors from Russia and other countries except the USA).
The jurisdiction of the management company is not at all a secondary issue when the authorities have claims against individual users, customers of the service. For example, in the United States, there are laws under which a company must secretly implement backdoors in its products and services and implement surveillance of users if a secret court decides to do so.
This also applies to any cryptographic services, even open source and the most secure at the architectural level. It is very important that the company has no right to warn users about such actions. In fact, in this situation, she has only one option for protecting users: to close and stop providing services.
Many people remember the story of the postal service Tutanota, which was forced by a German court to install a backdoor.to decrypt the mail of a specific user. The owners of the Hanoverian company then regretted that they had not chosen another jurisdiction. In an interview, they said they were considering moving to Switzerland, although the legal situation in Germany is not so dire: βThe legal situation and the German constitution are generally very good and protect people's privacy. Community activism also helps us prevent or weaken problematic laws (surveillance). β
In the US, the legal situation is much worse, especially after 9/11. In August 2013, the Lavabit mail service was forced to close . The founder and owner of the service, Ladar Levison, said that he made this decision after much deliberation:
Β« , , . , , . . , , . , [ ]Β», β Lavabit . , : Β« : __ - , Β».
There is nothing to say about the legal situation in countries with a less developed judicial system. In states like the Russian Federation, there are practically no legal guarantees of confidentiality as such. That is, trusting the private data of a Russian company is the greatest risk you can imagine.
In such a situation, the issue of jurisdiction of a particular web service becomes key. There are not many places in the world where human rights are valued higher than the rights of the state.
Threema GmbH is a Swiss startup that received fundingfrom the German-Swiss investment company Afinum Management AG. The founders of the company are three programmers Manuel Kasper, Silvan Engeler and Martin Blatter.
The founding programmers of a startup believe that the release of source code is a key and most important stage in the development of a company.
The developers promise to release a full-fledged desktop client, including for Linux, which can be used without a smartphone: βSecurity and privacy protection are deeply rooted in Threema's DNA, so our code was regularly audited by external auditors (see audit results for November 2020). Thanks to open source, anyone can check the security of Threema themselves and make sure that the published source matches the downloaded application. In the future, thanks to the innovative multi-device solution, multiple devices can be used in parallel. Unlike other approaches, no traces of personal data will be left on the server. Thanks to this technology, Threema can be used on a PC without a smartphone. As a result, Threema will become an even more reliable and more user-friendly application. "
Unlike Telegram, Threema's servers do not store user messages and files, so infrastructure costs are minimal here.
Additionally: