Tools I Use – Threema Pt. 2
Previously, I talked about my decision to use Threema as my primary messaging app. I am writing a “part 2” because I wanted to add more info about Threema and how I use it. If you want to know what brought me to this app, check out Part 1.
Disclaimer: I am not a cryptology expert; I only know what I know about it from reading and listening to technology security experts on the Security Now! podcast which I have followed for years. I believe I know enough about this to translate the jargon into layman’s terms and my goal is to be helpful and hopefully convince others to give Threema a try. I am also not affiliated with Threema.
How It Works
Threema uses an encryption method called asymmetric cryptography or public-key cryptography. The concept behind asymmetric cryptography is the use of high level mathematics to create a “married pair” of encryption keys. One key is the private key and one public, both tied to the identity of the user. I like to think of it as a key for locking (the public key) and a key for unlocking (the private key). Once users have created their keys, they can exchange public keys with other users. The public key is used to encrypt (lock) a message before it is sent to its intended recipient. The message can only be decrypted (unlocked) by the private key that is married to the public key used to encrypt the message. What makes this secure is that on the chance someone intercepted a message, they would not be able to decrypt it because they would not have access to the private key. This does mean that security rests solely on the user keeping his/her private key secure. I like that Threema leaves this to the user rather than handling keys separately on a server out of the user’s control. It is also not possible to reverse engineer the private key from the public key because of the nature of the advanced math involved in creating the key pair. Threema uses a known and tested standard for their key creation; info on that can be found on their website. The exchanging of keys with others is done through QR code scanning and also serves as a form of ID verification. This prevents spoofing IDs by others for the purpose of eavesdropping.
Setup
The caveat of making something more secure is that it becomes less convenient. As an example, a door with one lock on it is more convenient to open than a door guarded by a keypad and a deadbolt. Considering this, Threema makes setting up your app and encryption keys easy for the security they offer. I made a sample video of the steps that you go through to get up and running.
First, you create your encryption keys, using a random number generator to kick off that complicated algorithm I mentioned earlier. Second, choose if you want to back up your ID to their server for account recovery (just remember, your account is only as secure as your password). Third, choose a nickname (aka username, handle) so those you are communicating with know who you are. Fourth, you can link you phone number and/or your email to make it easier for others to connect with you. Lastly, you can choose to sync your contacts with the app in order to connect to friends if you want to. Verify all you did, and you’re ready to go.
Features I Like
Once setup is complete, Threema is just your regular old feature-rich instant messaging app. Conversations allow for many types of attachments (which are also encrypted for transmission).
Symbols for message status are provided for every message you send. Notifications are fully customizable and include a “snooze” or “Do Not Disturb” mode on a per conversation level. Group messaging is fully supported in two separate modes. The first is a mode that allows for a conversation between multiple users at the same time. There is also a broadcast mode which allows you to send out mass messages to multiple people but replies go to each individual contact’s conversation rather than a group message.
Missing Features
With all of its features, there are still a couple things I would love to see added. I know that these features are based more on my personal use than anything else, but still additions I would be ecstatic to see. First thing, I would love to be able to message myself. It seems silly, but I have used this for ideas and reminders for a long time and treat it as a to-do list. In a sense, you can use their included ECHO contact which is used for testing purposes and just repeats your message back to you. What would also make this super useful is the ability to schedule the sending of messages. I think it is a handy thing to be able to respond to someone but schedule it for in the morning if I remembered about their message late at night. Tying it into the first feature I would like to see added, I would use it all the time for reminding myself of things but on the day and time of my choosing.
Conclusion
Wrapping it up, I wanted to share how I use Threema and how I landed on it as my primary messaging platform. It is a feature packed app that is built on a foundation of privacy and security and built with solid methods for achieving that goal. I obviously want others to use it too which will make it all the more useful to me. Check it out at their website or their extensive FAQ page for more info. You can purchase it directly from them or through the App Store or Google Play. You can connect with me here.