Hacker News new | ask | show | jobs
by pvg 1256 days ago
Crypto AG was effectively owned and operated by intelligence services. There's no evidence at all this is the case for Threema, if anything, you'd expect intelligence services to hide their tracks far better.

'A functional, secure E2EE instant messenger with broad public appeal/usability' is just a very convoluted, readily bungle-able project.
1 comments
sys42590 1256 days ago
Threema had 9 years to migrate to something more standard like the Signal protocol, given the findings in the article, that would have been a great idea.

In their defense, they're a comparably tiny company, so a full protocol rewrite might be too much of cost to keep their investors happy.

link
pvg 1256 days ago
migrate to something more standard like the Signal protocol

That helps less than it might seem at first glance because it's just a very convoluted, readily bungle-able project, as per:

https://mjg59.dreamwidth.org/62598.html

with HN discussion here: https://news.ycombinator.com/item?id=33929620

and one of its references, which I don't think has had HN coverage

https://www.usenix.org/conference/usenixsecurity22/presentat...

None of these difficulties imply or require infiltration by intelligence services.

link