请输入您要查询的百科知识:

 

词条 Threema
释义

  1. History

  2. Features

  3. Related products

  4. Privacy

  5. Architecture

  6. Reception

  7. See also

  8. References

  9. External links

{{Citation style|date=November 2015}}{{Infobox software
| name = Threema
| logo = Threema logo.svg
| logo size = 192px
| developer = Threema GmbH
| released = {{Start date|2012|12}}[1]
| latest release version = {{LSR}}
| programming language = Objective-C (iOS), Java (Android), C, .NET (Windows Phone)
| language = English, German, French, Spanish, Italian, Russian, Brazilian Portuguese, Polish, Rumantsch Grischun
| genre = Encrypted instant messaging
| license = Proprietary[2]
| website = {{URL|https://threema.ch}}
| operating_system = iOS, Android, Windows Phone
}}Threema is a proprietary, end-to-end encrypted instant messaging application for iOS, Android and Windows Phone.[3] In addition to text messaging, users can make voice calls send multimedia, locations, voice messages and files.[4]

The Threema app can be used anonymously as it does not require any personally identifiable information, such as a phone number or e-mail address.[5]

Threema is developed by the Swiss company Threema GmbH.[6][7] The servers are located in Switzerland and the development is based in the Zürich metropolitan area. As of April 2017, Threema had 4.5 million users.[8]

History

Threema was founded in December 2012 by Manuel Kasper.[9] The company was initially called Kasper Systems GmbH.[10] Martin Blatter and Silvan Engeler were later recruited to develop an Android application that was released in early 2013.[11]

In Summer 2013, the Snowden leaks helped create an interest in Threema, boosting the user numbers to the hundreds of thousands.[12] When Facebook took over Whatsapp in February 2014, Threema got 200,000 new users, doubling its userbase in 24 hours.[13] Around 80% percent of those new users came from Germany. By March 2014 Threema had 1.2 million users.[11]

In Spring 2014, operations have been transferred to the newly created Threema GmbH.[10][14]

In December 2014, Apple listed Threema as the most-sold app of 2014 at the German App Store.[15]

Features

Threema uses a user ID, created after the initial app launch by a random generator, instead of requiring a linked email address or phone number to send messages. It is possible to find other users by phone number or e-mail address if the user allows the app to synchronize their address book.[16] Linking a phone number or e-mail address to a Threema ID is optional. Hence, the service can be used anonymously. Users can verify the identity of their Threema contacts by scanning their QR code, when they meet physically. The QR code contains the public key of the user, which is cryptographically tied to the ID and will not change during the lifetime of the identity.[17] Using this feature, the users can make sure they have the correct public key from their chat partners, which provides additional security against a Man-in-the-middle attack. Threema knows three levels of verification (trust levels of the contact's identity). The verification level of each contact is displayed in the Threema application as dots next to the corresponding contact.

Users can make voice calls and send text messages, multimedia, locations, voice messages and files of any type (up to 50 MB per file).[4][18] It is also possible to create polls in personal or group chats.[19] With Threema Web, a client for web browsers, Threema can be used from other devices like desktop computers. Threema optionally supports Android Wear smartwatch and Android Auto.[20]

Related products

On March 20, 2015, Threema released a gateway for companies. Similar to an SMS gateway, businesses can use it to send messages to their users who have Threema installed.[21] The code for the Threema Gateway SDK is open for developers and available on GitHub.[22]

On May 25, 2016, Threema Work, a corporate version of Threema, was released. Threema Work offers extended administration and deployment capabilities.[23]

Privacy

Since Threema's servers are located in Switzerland, they are subject to the Swiss federal law on data protection. The data center is ISO/IEC 27001-certified.[24] Linking a phone number and/or e-mail address to a Threema ID is optional; when doing so, only checksum values (SHA-256 HMAC with a static key) of the e-mail address and/or phone number are sent to the server.[25] Due to the small number of possible digit combinations of a telephone number, the phone number associated with a checksum could be determined by brute force. The transmitted data is TLS-secured. The address book data is kept only in the volatile memory of the server and is deleted immediately after synchronizing contacts.[26] If a user chooses to link a phone number or e-mail address with their Threema ID, they can remove the phone number or e-mail address at any time.[27] Should a user ever lose their device (and their private key), they can revoke their Threema ID if a revocation password for that ID has been set.[28]

Groups are solely managed on users’ devices and group messages are sent to each recipient as an individual message, encrypted with the respective public key. Thus, group compositions are not exposed to the server.[29]

Data (including media files) stored on the users’ devices is encrypted with AES 256. On Android, it can be additionally protected by a passphrase.[30]

Since 2016, Threema GmbH publishes a transparency report where public authority inquiries are disclosed.[31]

Architecture

The entire communication via Threema is end-to-end encrypted. During the initial setup, the application generates a key pair and sends the public key to the server while keeping the private key on the user's device.[32] The application then encrypts all messages and files that are sent to other Threema users with their respective public keys.[33][34] Once a message is delivered successfully, it is immediately deleted from the servers.[35]

The encryption process used by Threema is based on the open-source library NaCl library. Threema uses asymmetric ECC-based encryption, with 256-bit strength. Threema offers a "Validation Logging" feature that makes it possible to confirm that messages are end-to-end encrypted using the NaCl Networking and Cryptography library.[36] In August 2015, Threema was subjected to an external security audit.[37] Researchers from cnlab confirmed that Threema allows secure end-to-end encryption, and claimed that they were unable to identify any weaknesses in the implementation. Cnlab researchers also confirmed that Threema provides anonymity to its users and handles contacts and other user data as advertised.[38][39]

Reception

In February 2014, German consumer organisation Stiftung Warentest evaluated several data-protection aspects of Threema, WhatsApp, Telegram, BlackBerry Messenger and Line. It considered the security of the data transmission between clients, the services' terms of use, the transparency of the service providers, the availability of the source code and the apps' overall availability. Threema was the only app rated as 'non-critical' ({{Lang|de|unkritisch}}) in relation to data and privacy protection, but lost marks due to its closed-source nature.[40]

Along with Cryptocat and Surespot, Threema was ranked first in a study evaluating the security and usability of instant messaging encryption software, conducted by the German PSW Group in June 2014.[41]{{Unreliable source?|date=March 2016}}

In October 2014, Threema won the "connect App Awards 2014" for being the best app of the year.[42]{{Unreliable source?|date=March 2016}}

{{As of|2015|11}}, Threema has a score of 6 out of 7 points on the - now withdrawn - Electronic Frontier Foundation's "Secure Messaging Scorecard". It has received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to (i.e. having end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys are stolen (i.e. implementing forward secrecy), having its security design well-documented and having completed an independent security audit. It is missing a point because its source code is not open to independent review (i.e. it is not open-source).[43]

On 9 March 2017 Threema, among other instant messengers, was included into the Register of organizers of information dissemination in the Internet operated by the Federal Service for Supervision of Communications, Information Technology and Mass Media of the Russian Federation.[44] According to the Russian Federal Law of 6 July 2016 No. 374-FZ "On Amending the Federal Law on Counteracting Terrorism and Other Legislative Acts of the Russian Federation in terms of Additional Measures on Counteracting Terrorism and Maintaining Public Safety" from 1 July 2018 organizers of information dissemination will be obliged to retain in the territory of the Russian Federation the Internet users' text messages, voice information, images, sounds, video and other electronic messages for up to six months following the end of their reception, transmission, delivery and (or) processing (i.e. shall retain the content of communication). Organizers of information dissemination shall disclose this information to authorized state agencies that perform investigative activities or ensure national security.[45] In a response, a Threema spokesperson publicly stated: "We operate under Swiss law and are neither allowed nor willing to provide any information about our users to foreign authorities."

[46]

See also

  • Comparison of instant messaging clients

References

1. ^{{cite web |url=http://www.20min.ch/digital/news/story/15907974 |title=Die Schweizer Antwort auf WhatsApp |trans-title=The Swiss answer to WhatsApp |first=Daniel |last=Schurter |date=13 December 2012 |website=20min.ch |language=de |accessdate=5 July 2014}}
2. ^{{cite web |url=https://shop.threema.ch/eula |title=End-User Software License Agreement |date= |website=Threema GmbH |accessdate=5 July 2014}}
3. ^{{cite web |last1=Happich |first1=Julien |title=Privacy gains traction with secure messaging apps |date=23 September 2014 |url=http://www.electronics-eetimes.com/en/privacy-gains-traction-with-secure-messaging-apps.html?cmp_id=7&news_id=222922448&vID=13&page=1 |website=Electronic Engineering Times Europe |accessdate=21 December 2015}}
4. ^{{cite web |url=https://threema.ch/en/faq/features |title=What features does Threema offer? |website=threema.ch}}
5. ^{{cite web |url=https://threema.ch/en/faq/threema_id |title=What is a Threema ID? |website=threema.ch}}
6. ^{{cite web |url=https://play.google.com/store/apps/details?id=ch.threema.app |title=Threema |website=Google Play Store |accessdate=5 July 2014}}
7. ^{{cite web |url=http://sz.powernet.ch/webservices/inet/HRG/HRG.asmx/getHRGHTML?chnr=1304020462&amt=130&toBeModified=0&validOnly=0&lang=4&sort=0 |title=Swiss company registry entry for Threema GmbH |author=Swiss Confederation |date= |website=zefix.ch |accessdate=5 July 2014}}
8. ^{{cite web |url=https://www.job-und-bildung.de/threema-hoccer-vergleich |title=Threema vs. Hoccer: Krypto-Messenger im Vergleich |language=de}}
9. ^{{cite news |url=http://www.nzz.ch/nzzas/nzz-am-sonntag/threema-schweizer-startup-privatshaere-kryptografie-ld.815 |title=Kryptografie-App Threema: Schweizer sorgen für Privatsphäre |trans-title=Cryptography app Threema: Swiss ensure privacy |first=Marco |last=Metzler |date=28 June 2015 |newspaper=Neue Zürcher Zeitung |accessdate=8 October 2015 |language=de}}
10. ^{{cite web |url=http://www.mailify.de/2014/07/im-interview-threema/ |title=Im Interview: Threema |date=23 July 2014 |accessdate=11 October 2015 |website=Mailify |archiveurl=https://web.archive.org/web/20140802204127/http://www.mailify.de/2014/07/im-interview-threema |archivedate=2 August 2014 |language=de}}
11. ^{{cite news |title=Der Schlossherr |url=https://www.freitag.de/autoren/der-freitag/der-schlossherr |newspaper=Der Freitag |access-date=11 October 2015 |issn=0945-2095 |language=de |first=Hakan |last=Tanriverdi}}
12. ^{{Cite web |last1=Price |first1=Rob |title=Germany's most popular paid app is a secure messenger loved by millions — now it's taking on the US |date=18 June 2015 |url=http://uk.businessinsider.com/threema-encryption-messaging-app-america-launch-isis-2015-6 |website=Business Insider UK |accessdate=11 October 2015}}
13. ^{{cite web |title=Bye Bye, WhatsApp: Germans Switch To Threema For Privacy Reasons |url=https://techcrunch.com/2014/02/21/bye-bye-whatsapp-germans-switch-to-threema-for-privacy-reasons/ |first=Romain |last=Dillet |date=21 February 2014 |website=TechCrunch}}
14. ^{{cite web |title=Threema GmbH, Pfäffikon SZ |url=https://www.shabex.ch/co/threema_gmbh_CH-130.4.020.462-0.htm |website=Shabex.ch |accessdate=11 October 2015}}
15. ^{{Cite web |url=http://www.focus.de/digital/handy/iphone/telekommunikation-ios-highlights-die-besten-apps-des-jahres_id_4330110.html |title=iOS-Highlights: Die besten Apps des Jahres |trans-title=The best apps of the year |date=9 December 2014 |website=Focus |language=de |access-date=1 March 2016}}
16. ^{{cite web |url=https://threema.ch/en/faq/addressbook_data |title=Will my address book data be sent to your servers? |website=threema.ch |accessdate=2 December 2014}}{{third-party-inline|date=December 2014}}
17. ^{{cite web |url=https://threema.ch/en/faq/threema_id |title=What is a Threema ID? - Threema |website=threema.ch}}
18. ^{{cite web |url=https://threema.ch/en/faq/file_message |title=How can I send a file? |website=threema.ch}}
19. ^{{Cite web |title=Threema integriert Umfrage-Funktion |trans-title=Threema integrates survey function |first=Stefan |last=Bordel |date=12 January 2015 |url=http://www.com-magazin.de/news/smartphone/threema-integriert-umfrage-funktion-871882.html |website=com! - Das Computer-Magazin |accessdate=12 October 2015 |language=de}}
20. ^{{cite web |url=https://threema.ch/en/blog/posts/big-update-for-android-and-ios-20 |title=Big Update for Android |website=threema.ch}}
21. ^{{Cite news |title=US-Feldzug von Threema gerät ins Stocken |trans-title=US campaign of Threema is stalled |url=http://www.handelszeitung.ch/unternehmen/us-feldzug-von-threema-geraet-ins-stocken-869170 |first=Marc |last=Iseli |date=28 September 2015 |newspaper=Handelszeitung |access-date=12 October 2015 |issn=1422-8971 |language=de}}
22. ^{{cite web |url=https://github.com/threema-ch |title=Threema GmbH |website=GitHub |accessdate=20 September 2017}}
23. ^{{cite web |url=https://work.threema.ch/en |title=The messenger for organizations |website=work.threema.ch}}
24. ^{{cite web |url=https://work.threema.ch/docs/threema_privacy-security_en.pdf |title=Reference Sheet Privacy and Security |website=threema.ch |page=2}}
25. ^{{cite web |url=https://threema.ch/press-files/cryptography_whitepaper.pdf |title=Threema Cryptography Whitepaper |website=threema.ch |page=11}}
26. ^{{cite web |url=https://threema.ch/en/faq/addressbook_data |title=Will my address book data be sent to your servers? |website=threema.ch}}
27. ^{{cite web |url=https://threema.ch/en/faq/unlink |title=How can I unlink my Threema ID from an email address or phone number? |website=threema.ch}}
28. ^{{cite web |url=https://myid.threema.ch/revoke |title=Revoke your ID |website=threema.ch}}
29. ^{{cite web |url=https://threema.ch/press-files/cryptography_whitepaper.pdf |title=Threema Cryptography Whitepaper |website=threema.ch |page=5}}
30. ^{{cite web |url=https://threema.ch/en/faq/crypto_local |title=Are messages encrypted when they are stored on my device? |website=threema.ch}}
31. ^{{cite web |url=https://threema.ch/en/transparencyreport |title=Transparency Report |website=threema.ch}}
32. ^{{cite web |url=https://threema.ch/en/faq.html#crypto_authorities |title=Could you decrypt my messages? |website=threema.ch |accessdate=5 July 2014}}{{third-party-inline|date=December 2014}}
33. ^{{Cite web |title=Threema Cryptography Whitepaper |url=https://threema.ch/press-files/cryptography_whitepaper.pdf |website=threema.ch |date=14 September 2017}}
34. ^{{Cite web |title=Secure mobile messaging with Threema |url=http://www.net-security.org/review.php?id=333 |first=Mirko |last=Zorz |date=17 September 2014 |website=Help Net Security}}
35. ^{{cite web |url=https://threema.ch/en/faq/message_storage |title=How long do messages stay in queue for delivery? |website=threema.ch |accessdate=20 September 2017}}
36. ^{{cite web |url=https://threema.ch/validation/ |title=Threema Validation |website=threema.ch |accessdate=20 September 2017}}
37. ^{{cite web |url=https://threema.ch/en/faq/code_audit/ |title=External Audit |website=threema.ch |accessdate=20 September 2017}}
38. ^{{cite web |url=https://threema.ch/press-files/2_documentation/external_audit_security_statement.pdf |title=Security Review Threema: Security Statement |date=2 November 2015 |website=threema.ch |accessdate=20 September 2017}}
39. ^{{cite web |last1=Schirrmacher |first1=Dennis |title=Threema-Audit abgeschlossen: "Ende-zu-Ende-Verschlüsselung ohne Schwächen" |trans-title=Threema Audit Completed: "End-to-End Encryption Without Weakness" |url=http://www.heise.de/security/meldung/Threema-Audit-abgeschlossen-Ende-zu-Ende-Verschluesselung-ohne-Schwaechen-2868866.html |date=3 November 2015 |website=Heise.de |accessdate=21 December 2015 |language=de}}
40. ^{{Cite web |url=https://www.test.de/WhatsApp-und-Alternativen-Datenschutz-im-Test-4675013-0/ |title=WhatsApp und Alternativen: Datenschutz im Test |date=26 February 2014 |website=Stiftung Warentest |language=de |trans-title=WhatsApp and alternatives: data protection tested |access-date=1 March 2016}}
41. ^{{cite web |first=Christian |last=Heutger |url=http://www.psw-group.de/blog/die-ergebnisse-unseres-grossen-messenger-tests/1297#more-1297 |title=Die Ergebnisse unseres großen Messenger-Tests |trans-title=The results of our great messenger test |date=13 June 2014 |website=PSW Group |accessdate=26 June 2014 |language=de}}
42. ^{{cite web |url=http://www.connect.de/news/connect-app-awards-2014-die-besten-apps-preisverleihung-gewinner-sieger-award-2659952.html |title=Connect App Awards 2014: Das sind die besten Apps des Jahres |first=Steve |last=Buchta |website=Connect.de |accessdate=20 September 2017}}
43. ^{{cite web |url=https://www.eff.org/secure-messaging-scorecard |website=Electronic Frontier Foundation |title=Secure Messaging Scorecard. Which apps and tools actually keep your messages safe? |date=3 November 2015 |accessdate=30 November 2015}}
44. ^{{cite web |url=https://reestr.rublacklist.net/distributor/108945 |title=Threema GmbH |work={{ill|rublacklist.net|ru|РосКомСвобода}} |accessdate=20 September 2017 |language=ru}}
45. ^{{cite web |url=https://www.dentons.com/en/insights/alerts/2016/july/19/russias-new-anti-terrorist-law |title=Russia's new anti-terrorist law |website=Dentons |date=19 July 2016 |accessdate=20 September 2017}}
46. ^{{cite web |url=http://www.ewdn.com/2017/03/16/russia-adds-intrernational-messenger-threema-to-official-registry-with-a-view-to-control-users-communications/|title=Russia adds international messenger Threema to official registry|website=East-West Digital News|date=16 Mar 2017|accessdate=27 January 2018}}

External links

  • {{Official website|https://threema.ch}}
  • [https://whythreema.com/ Introduction to Threema]
{{Instant messaging}}

7 : Instant messaging clients|2012 software|Cryptographic software|Internet privacy software|IOS software|Windows Phone software|Swiss brands
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/11 15:06:04