Swiss army bans all chat apps but locally-developed Threema | #linux | #linuxsecurity | #education | #technology | #infosec


The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead.

As Threema is a paid subscription communications service, the Swiss army promised to cover the annual subscription cost for all soldiers, which is roughly $4.40 per user.

The Swiss army has also posted recommendations on Facebook, characterizing Threema as a secure ad-free communication tool that features end-to-end encryption and leaves no digital trace.

Although the troops are expected to follow the official instruction, there are no current penalties if army members use foreign IM apps.

Swiss army Facebook post

Why switch to Threema?

While many messaging apps promise end-to-end encryption and private and secure communications, many keep some metadata on users that can be subpoenaed by law enforcement.

An FBI document obtained by Property of the People through a FOIA request lists the various data that can be obtained through legal means from iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp, and Wickr.

The data varies between apps, with some only sharing registration dates, while others can provide I.P. addresses, email addresses, phone numbers, partial message content, and more.

Also, while some of the messaging apps are open source, parts of their server code remain opaque, so there is no clear picture of what is actually logged by all of the platforms.

One of the main differences is that Threema does not require users to provide a phone number or email address upon registration, so a user’s identity cannot be determined through publicly available data.

Swiss officials underlined the most important difference is that Threema isn’t subject to the U.S. Cloud Act, which was passed in 2018 “hidden” inside a budget spending bill.

The controversial law lifts the need for securing a search warrant when a U.S. state agency needs to access and scrutinize someone’s online data.

However, this does not mean that trust between the two countries has been shaken, nor that their relations are entering turbulence all of a sudden.

As Martin Steiger, a Swiss lawyer specializing in digital law told Bleeping Computer during a private discussion, this move is most likely the result of Swiss entities lobbying more aggressively.

“One reason (for the promotion of Threema) could be that Swiss companies have become better at lobbying for their products, partially supported by the data sovereignty movement,” Steiger told BleepingComputer.

“Switzerland has been a close US ally for decades, and its authorities, especially the intelligence services, are known to have close relations with their American counterparts.”

Being a user of Threema himself, Steiger added that the Swiss army’s move is in the right direction but is not going all the way.

“Using Threema is commendable. However, they do not use Threema Work as in other parts of the Swiss federal administration. They merely ask military personnel to use Threema as private users and get reimbursed for the app price. Threema Work has administration and management features for companies etc,” further explained Steiger.

“A general concern with regard to instant messaging is access and archiving, i.e., how can communication covered by the Freedom of Information Act and the Archiving Act remain accessible? At the moment, Threema refers to the app’s export function, i.e., access and archiving depends on single users.”

Decentralized solutions

If you’re looking for instant messaging apps that are completely (client and server) open-source, anonymous, feature strong end-to-end encryption, and are decentralized, you may want to check out Session, Matrix, or Briar.

However, some of these services require more technical expertise to set up correctly and are not as widely used as the other apps.

People tend to use their communication apps based on their features, usability, and even compatibility. 

However, the security and privacy aspect, which often goes overlooked, is the most significant factor to consider when using messaging apps.





Source link