Wieder ein Messenger mehr auf dem Markt...

Stelle deine Frage öffentlich an die Threema-Forum-Community - über 4.600 Mitglieder helfen dir weiter. > Frage stellen <
  • Stimmt, Gruppennachrichten könnte der Betreiber von SOMA wohl mitlesen, so verstehe ich das auch. :(
    Abgesehen davon verstehe ich nicht, wozu das Ganze mit dem sekündlich generierten "random EC key pair" gut sein soll? Warum wird nicht einfach mit den jeweiligen öffentlichen Schlüsseln der Gruppenmitglieder verschlüsselt, sondern stattdessen über den Umweg mit diesem random EC pair?


    - AndyG

    Einmal editiert, zuletzt von andyg (26. November 2015 um 20:17)

  • Zitat


    Nie gehört...
    sind denn irgendwelche technischen Details bekannt, insbesondere, inwieweit man der Verschlüsselung trauen kann?


    - AndyG


    The same can be asked about Threema. There is no way to know for sure their implementation of NaCL is proper without their code being open which is something they absolutely need to do.

  • True.
    However, Threema at least allows to check the cryptography by inspecting a validation log. That's certainly not a watertight proof, but much more than competitors offer (except for signal/textsecure, which is open source). And furthermore, Threema recently passed an audit. I doubt if Threema will disclose the sources as I suppose that such action would destroy the business model...
    In the end, it's a matter of trust...

    Einmal editiert, zuletzt von andyg (9. Dezember 2015 um 15:48)

  • Zitat


    In the end, it's a matter of trust...


    Correct, and that is the problem. They passed an audit sanctioned and funded by them, and the write up on the audit was a total joke.

    You're right, they probably wouldn't be able to charge for an app if they opened the code, but they also cant be taken seriously as a secure client until the infosec community can review the code.

    I am passionate about this because I truly like Threema and I like what they are doing but I will never trust it as a secure client without being able to review the code. If I have to use another client for my encrypted chat, then i really have no use for Threema.


  • You're right, they probably wouldn't be able to charge for an app if they opened the code, but they also cant be taken seriously as a secure client until the infosec community can review the code.

    I fully agree, this is the dilemma Threema is facing:
    - open source will spoil the business, and some sort of sustainable business model is imho needed to run and maintain the server infrastructure and for software development.
    - however, closed source will not establish trust.

    Honestly, I'm wondering how this fundamental issue could be possibly resolved...

    Einmal editiert, zuletzt von andyg (9. Dezember 2015 um 19:21)

  • Finger weg von diesem Unfug!

    SOMA hatte ich vor wenigen Monaten schon auf meinem Handy. Das Teil sieht fast genauso aus wie WhatsApp. Es hat zwar eine Telefonierfunktion mit an Bord, das ist aber auch schon das einzig erwähnenswerte. Dateien außer Bilder und Videos lassen sich nicht versenden. Und auch sonst gibt es keine Raffinessen.

    Mit Sicherheit und Verschlüsselung ist es da auch nicht weit her, auch wenn die Entwickler das von sich behaupten. SOMA schafft es nicht mal in die Liste des EFF. Noch Fragen?

    Es gibt wirklich 1001 bessere Alternativen!


  • I fully agree, this is the dilemma Threema is facing:
    - open source will spoil the business, and some sort of sustainable business model is imho needed to run and maintain the server infrastructure and for software development.
    - however, closed source will not establish trust.

    Honestly, I'm wondering how this fundamental issue could be possibly resolved...

    Another Swiss company ProtonMail is doing exactly this. They got started I believe from a crowd sourced campaign but they've been getting big money support to keep it going. The same goes for Signal, they have been funded through grants and donations. There is a way to do it if they want to and I honestly cant see how Threema survives long term if they dont.

    Dont get me wrong, Threema is a great application, but it costs money, its closed source, there are free and open source alternatives and its much easier to get my friends on something that does not cost money, plain and simple.

    On a total side note how fantastic would it be if Threema and ProtonMail merged. Its not out of the realm of possibility, theyre both Swiss companies.


  • The same goes for Signal, they have been funded through grants and donations.

    Government grants and donation makes you depend on third parties. People and organizations
    who might have their own agenda and expect something in return.


    The only honest business model is if you have obligations to your users - and nobody else.

    Zitat


    Dont get me wrong, Threema is a great application, but it costs money, its closed source, there are free and open source alternatives

    Threema still is the most successful secure messenger in Europe. Personally, I think it's
    exactly because it isn't free. There's no such thing as free lunch. People know that.

  • Zitat


    Threema still is the most successful secure messenger in Europe. Personally, I think it's exactly because it isn't free. There's no such thing as free lunch. People know that.

    I know that Threema is big in Europe and maybe thats because its not free as you say, and thats fine. It is a good messenger with a solid feature set. Users should caution themselves in using it primarily because they think its secure though. its a naive thing to do.

    Zitat


    The only honest business model is if you have obligations to your users - and nobody else.

    Agreed... which is why they should open the code for public review. Threema currently has an obligation to themselves and not its users. I understand the dilemma, I realize if they open source their product, its unlikely they can charge for it. That being said, as you say, people want to pay for it, so perhaps its not out of the realm of possibility they would receive a hefty sum from donations as a result.