• chevron_right

      Messenger billed as better than Signal is riddled with vulnerabilities

      news.movim.eu / ArsTechnica · Tuesday, 10 January, 2023 - 13:43 · 1 minute

    Messenger billed as better than Signal is riddled with vulnerabilities

    Enlarge (credit: Getty Images)

    Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy “no other chat service” can offer. Despite the unusually strong claims and two independent security audits Threema has received, the researchers said the flaws completely undermine assurances of confidentiality and authentication that are the cornerstone of any program sold as providing end-to-end encryption, typically abbreviated as E2EE.

    Threema has more than 10 million users, which include the Swiss government, the Swiss army, German Chancellor Olaf Scholz, and other politicians in that country. Threema developers advertise it as a more secure alternative to Meta’s WhatsApp messenger. It’s among the top Android apps for a fee-based category in Switzerland, Germany, Austria, Canada, and Australia. The app uses a custom-designed encryption protocol in contravention of established cryptographic norms.

    The seven deadly flaws

    Researchers from the Zurich-based ETH research university reported on Monday that they found seven vulnerabilities in Threema that seriously call into question the true level of security the app has offered over the years. Two of the vulnerabilities require no special access to a Threema server or app to cryptographically impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server. The remaining two can be exploited when an attacker gains access to an unlocked phone, such as at a border crossing.

    Read 11 remaining paragraphs | Comments

    • chevron_right

      How to choose you Jabber service?

      debacle · Sunday, 24 January, 2021 - 01:38 edit · 1 minute

    Aren't we all envious of users of #Whatsapp, #Signal, #Telegram or #Threema? The choice of service is easy for them. There is none! Happy users!

    Instead we use #Jabber or #XMPP, because we love self-hosting, don't we? Well, it is important to have the option to self-host, but in most cases it is not the best option to actually do it. So we need to select a server, based on our priorities.

    I suggest to look out for:

    1. More than one admin? A single admin might be in holidays, when you need them most. Or they outburns and closes the service on short notice. Beware of the lorry factor. Choose a service run by a club, cooperative or company!
    2. Sound financial base? If you pay for the service, you have a higher chance, that the service is here to stay. A service based on donations might work as good as a commercial one.
    3. Good uptime history?Here is some limited informtion about it. Also, the longer a service exists, the longer it will survive, because of the Lindy effect.
    4. Good #LTS grade? Use only A grade servers from the IM Observatory.
    5. Acceptable data privacy statement? IANAL, but you know, #GDPR and so on...
    6. High XMPP compliance? This XMPP Compliance Tester lists many servers.
    7. Cool domain name? and other details like how much server space you have for sharing cat content, how long messages are archived, whether an .onion domain is available, or transports (gateways) to #IRC or other networks are provided.

    Useful lists of servers can also be found on Freie Messenger and JabberEs.

    • chevron_right

      Angeklickt: WhatsApp, Threema oder IMessage vernetzen?

      debacle · Thursday, 30 May, 2019 - 08:20

    Angeklickt: WhatsApp, Threema oder IMessage vernetzen?

    Kurz und gut wird erklärt, warum Federation auch bei Messengern sinnvoll und notwendig ist. Endlich wird auch die Politik aktiv, z.B. Katarina Barley (SPD) und Ursula Heinen-Esser (CDU).

    #wdr #angeklickt #ör #whatsapp #threema #imessage #federation #netzpolitik #rfc6120 #xmpp