I wrote about alternative secure messaging applications not too long ago. If memory serves me right, I said that I was using Session. However, as of today, I have decided to give Threema a try.
Whilst I use iMessage for communicating with my immediate family, but family members who aren't on Apple's ecosystem forced us to find a cross-platform solution. For the longest time, we used Signal. Don't get me wrong, for close contacts, Signal is one of the recommended messaging platform.
I said close contacts because Signal uses your mobile phone number as your ID. Sharing your mobile phone number, AFAIC, is like sharing your bank account number. It is difficult to change, and is one of the highly sensitive personally identifiable information (PII).
For some, it is exactly your bank account since your mobile banking account uses your mobile phone number! The choices narrowed down to Session and Threema, as both don't need mobile phone numbers. Session's mobile application is free, which is an advantage for new users.
Session's design and architecture is fully decentralized (it uses a TOR-like routing) and uses the same infrastructure as its cryptocurrency. However, I am worried about the long-term environmental impact of cryptocurrencies, and I have yet to find a study on the cryptocurrency used by Session, so this makes me consider whether or not to continue using it. I do have a Session account, just in case.
Threema is a P278.00 (USD 4.99)mobile application, which is the same as getting a venti-sized espresso frappuccino and a slice of banana bread at Starbucks. If you are on a Family Sharing plan on iOS, you get to share the application with five other family members making it cost only P46.50 per user.
Not bad, right? It is also a one-time payment, so no subscription to worry about. Despite being non-free apps, Threema's mobile applications are open source. In fact, there is a Threema Android version that is completely Google free, you can get it from F-Droid - how cool is that? Threema's design and architecture is similar to that of Signal - the underlying network is non-open source and centralized (remember Session is decentralized).
Unlike Signal, however, Threema's network is owned and hosted by the company, i.e., not on other cloud-providers, and is located in Switzerland (Signal is in the US). Lastly, Threema is fully GDPR-compliant (not sure if the other messaging applications can say the same) and has undergone a recent third-party security audit in 2020 (Session was audited last year, Signal in 2014, I think). Threema is a a commercial company, which has enterprise clients.
The price of the mobile application helps pay for the use of the infrastructure, unlike other free applications like WhatsApp and Viber, which earn from advertisements (guess how they target users). In contrast, Signal and Session are backed by a non-profit organization and/or a charity. As to which one is more sustainable, I guess only time will tell.
Right now, I am weaning off some of my communications from Signal (my use of Session never really went beyond testing), and eventually getting users to forget the mobile phone number that I have associated with Signal. So, what do you think - did I make a good decision?