Threema and multiple IDs?

Stelle deine Frage öffentlich an die Threema-Forum-Community - über 4.800 Mitglieder helfen dir weiter. > Frage stellen <

    Hello,

    I have an security/privacy issue that I would love to have solved / answered in my mind.

    Imagine following scenario:

    User A communicates with user B.

    Facts:

    - they swapped their ID's

    - both want to keep the communication secret

    - both use nicknames and avoid any personal details - imagine ist 100%

    Now the problem:

    - User A - deletes his history and keeps no backup

    - User B - does not do this, he keeps his messages

    Problem:

    Someone gets hold of both devices of both users - surprisingly and without prior knowledge.

    User A: Believes that with his deleted messages believes:

    - that there is no way that the communication can be leaked from his phone (true)

    - there is no way in event of a leak he could be tied to the communication (this is not true and a problem)

    Because:

    Since B does not delete his messages they are visible and since the THREEMA ID is tied to a communication its visible too.

    Now its enough to look at User A ID - and if its the same as the ID of the communication on User B:

    A is tied to a communication and the communication is leaked and there is nothing A could do to avoid this.

    (deleting User ID not possible, it was a surprising act of seizure).

    Solution:

    Would be if a user could generate new/additional IDs so that in best case he has for each contact a different ID shared.

    But this is not possible with Threema, correct? And the above scenario is real, correct?

    So a Threema user is only as secure as his partners are?

    Thank you for your feedback

    ;)

    I'm confused by your description.

    If you mean repudiability, then the cryptography whitepaper states that:

    Zitat

    In general, cryptographically signed messages also provide non-repudiation; i.e. the sender cannot deny hav-ing sent the message after it has been received. The NaCl library’s box model uses so-called public-key au-thenticators instead, which guarantee repudiability (see http://nacl.cr.yp.to/box.html, “Security model”). Any recipient can forge a message that will look just like it was actually generated by the purported sender, so the recipient cannot convince a third party that the message was really generated by the sender and not forged by the recipient. However, the recipient is still protected against forgeries by third parties. The reason is that in order to perform such a forgery, the private key of the recipient is needed. Since the recipient himself will know whether or not he has used his own private key for such a forgery, he can be sure that no third party could have forged the message.

    Software Engineer bei Threema, hier als Individuum.

    Zitat von thquestion

    a Threema user is only as secure as his partners are

    That applies to every other messenger I know of.

    Zitat von thquestion

    for each contact a different ID [...]

    But this is not possible with Threema

    Not quite correct, nor wrong. You could use the app in several sandboxes or on different devices with different IDs for different chat partners.

    I don't know of any chat/message client that uses a different (uu)id for each contact you're writing with.

    With Threema you can create an anonymous ID which may not be connected to your mail address or phone number - unlike WhatsApp, Signal & co. which are tied to your phone number or something else.

    I think it's a common problem! You never will have control over foreign devices. E.g. such a device of Your chatpartner could be connected to a screen at a public place, so everyone there can read the message. That are things You can't prevent. You never will have control of messages, when they are stored at an other device. You only can be sure that the communication between the devices is privacy and secure, like it is with Threema!

    Zitat von jnL

    ...

    Yes you understood what I meant! :)

    Yes:

    - sandbox / device / phone per communication would solve the issue.

    @Others:
    The problem is quite different. Lets see it as a 2 danger level scenario:

    Level 1: "I dont want anyone to see my messages."

    I agree this is not possible to control, since as said my partner could just make screenshots or connect a big screen TV :-).

    Level 2: "If Level 1 is breached I want to be sure noone ties this to me."

    And this is the main problem. Since everyone has one ThreemaID than its relatively easy tie tie a communication to a device/user once you have this ThreemaID.


    Additional more serious thoughts:

    Imagine a 3 User scenario where 3rd (C) is a decoy / spy. All he has to do is collect ThremaID's possible with other evidence of connecting them to real people.

    With his list of users - "real person" connected to "ThreemaID" - its possible for all messages to tie them to real users even if he wasn't the one carrying out the communication.


    Biggest issue:

    Even if User B was to delete his ThreemaID and wipe his phone - since there is evidence (Thanks to user C) using a specific ThreemaID this deletion is no help for him.


    Possible solution:

    Was mentioned - multiple IDs: Wouldnt be a way of adding partners similar to bitcoin public keys be an option? I could generate a public key for each and every "connection" and so noone would have same "key / ID" for me as any other. Noone could compare and look who is who. This would be total anonymity.

    Were discussions about this? Do you know?


    Additional short questions:

    1. Timed messages - where they get deleted on the receiving end after a specified time by the sender. Is this planned?

    (Signal has this feature, I know its no weapon against decoys / spies but its a great help for "stupid" communication partners who forget to delete messages)


    2. Threema is closed source - any plans on changing this?

    Thank you


    Zitat von thquestion

    Biggest issue:

    Even if User B was to delete his ThreemaID and wipe his phone - since there is evidence (Thanks to user C) using a specific ThreemaID this deletion is no help for him.

    I'm not sure, understanding You correct, but the Knowledge of the ID is not really a security breach. If You enter a ID, You only get the "public" key, wich is not able to decrypt messages You sent. So the collection of ID wouldn't help. If B's device is compromised C can see which messages You send B but not the messages You send to other ones. He can also not see, to whom You send messages elsewhere, only the messages You sent B or others sent B. That is also the same, You use for each contact an other ID.

    Are I'm wrong?

    Quite.

    Imagine B has his messages not deleted and phone taken away. The messages are there and than there is a message saying:

    "I took the money and gave him the package of teddybears."

    This message has been send by a user nicknamed "NONAME" but has an ID of "XCZASD". Looks anonymous right?

    Not quite and that is my problem. They just have to compare the ID to a known list of IDs and if there is a hit - they have a hit.

    Imagine this on a max level:

    Lets say Ill get to be a Threema User and I would keep a list of all ThreemaIDs with real names. For whatever reason - I may be stupid, but I did this.

    The moment someone gets hold of my "IDS = names" list, and lets say the list is quite large. Also different communications, outside of my phone could be linked to persons. That it my issue.

    With the way Threema is build, a stupid user (C):

    - who keeps bad nicknames

    - who has noted down IDs and real names

    Is able to ruin the day for a different conversation entirely.


    Different investigaion:

    "Who is nickname NONAME with ID XCZXCZ ?? He should have the important information."

    "I dont know, lets compare the know list maybe we have a hit."

    "XCZXCZ - hit, thats Paul Smith! He is using his ID for 2 years now apparently because we busted his friend two years ago. Lets pay him a visit."

    This sounds sci-fi but its plausible, isnt it?

    Your scenario seems quite paranoid to me.

    A messenger stores, what Igrahl quoted, yours to the chat partner sent message on your partners device without you being able to avoid (or erase) this except you don't write him/her/it a message.

    Some users may change their IDs never (forgotten backup excluded) and some change them quite often. There need to be a unique "ID" to identify someone, even if this person will be mostly anonymous. The anonymous status quo will be less anonymous the more the person is using the ID, chatting with others,...

    Threema can't pretend to reveal someone who shares too much information of himself/herself/itself. But no other chat messenger does this - other chat messenger do publish/reveal a lot more information about the person than Threema does. E. g. WhatsApp and Signal. Both cannot be used without registering with an unique phone number. You wanna change your id? Change your number!

    In Threema you can just revoke your id (instead of just deleting it from your device) and generate a new ID. That's it. Simple.

    Can you mention just one secure chat app that do fit all of your mentions?


    I don't know if I understood you correctly with what you meant with the bitcoin thing. But if I had a bitcoin wallet, my address will be the same for each deposit and withdrawal I will do. And in the bitcoin network, I cannot really change my wallet to a new one with taking over my bitcoins, because every transaction will be logged and can be seen.

    To your other questions:

    Times messages.

    It is currently highly discussed in this forum because a Threema employee wrote an feedback to a Google Play Store review that this feature will not be implemented into Threema. Threema doesn't modify nor delete data on the device of your chat partner.

    Closed source.

    The app itself will not become open source as this may lead to alternative apps which will use the Threema servers without their permission. Also then there is no need anymore for Threema Work and the one time fee for the personal Threema app will not be enough to pay for the employees, the development and the service itself. Threema Web is open source and there is an API for Threema Broadcast.

    Zitat von thquestion

    Different investigaion:

    "Who is nickname NONAME with ID XCZXCZ ?? He should have the important information."

    "I dont know, lets compare the know list maybe we have a hit."

    "XCZXCZ - hit, thats Paul Smith! He is using his ID for 2 years now apparently because we busted his friend two years ago. Lets pay him a visit."

    This sounds sci-fi but its plausible, isnt it?

    You do not need a 'big' ID-list! Your chatpartner mostly knows Your identity! If Your chatpartner links Your Threema-ID with an entry in his addressbook, it's quite enough to compromise only that one device to get this information. So Your only chance to avoid this, is nobody knows You're real identity! This is a privacylevel for spys or ciminals, not the privacylevel of the regular messenger user.