Comparison
RVNT vs Threema
RVNT: A peer-to-peer, post-quantum, end-to-end-encrypted messenger with no phone number and no servers. · Threema: A paid, Swiss, open-source messenger that needs no phone number and encrypts everything by default, but runs on central servers and isn't yet post-quantum.
Bottom line: Choose Threema if you want a proven, reliable, audited messenger from an accountable Swiss company that works smoothly across phones, desktop, and web and delivers messages even when the other person is offline. Choose RVNT if your priority is maximizing the threat model, no central servers, metadata protection via Tor and a mixnet, post-quantum encryption, and duress defenses, and you accept that it is new, unaudited, and less battle-tested.
Threema and RVNT share a core philosophy: strong default end-to-end encryption and no phone number or email required to sign up. The big architectural difference is trust model. Threema is a polished, server-backed product run by an accountable Swiss company, with years of audits, a formal protocol proof, reliable offline delivery, and broad platform support. Threema clearly wins today on maturity, audit history, reliability, and reach. RVNT goes further on the threat model where Threema stops: RVNT is fully peer-to-peer with no central server holding or relaying content, routes over Tor by default and adds a cover-traffic mixnet for metadata protection, ships hybrid post-quantum encryption (ML-KEM-768) that Threema is still only researching with IBM, and includes on-device duress defenses (decoy PIN and panic wipe) that Threema lacks. But RVNT is young, unaudited, and pre-release.
The facts, side by side
| RVNT | Threema | |
|---|---|---|
| End-to-end encrypted by default | Yes | Yes |
| Encryption protocol | Hybrid post-quantum X3DH (X25519 + ML-KEM-768) + Double Ratchet, AES-256-GCM | NaCl (Curve25519/XSalsa20-Poly1305) + Ibex (Double-Ratchet-style forward secrecy) Message encryption is built on the open-source NaCl library (Curve25519 ECC, 256-bit). Forward secrecy was added at the end-to-end layer via the 'Ibex' protocol, released Nov 2022; a formal security proof of Ibex was published by researchers in 2023. |
| Post-quantum key exchange | Yes | No Not shipped. Threema announced a research collaboration with IBM Research (Feb 2026) to eventually integrate ML-KEM/quantum-safe methods, but the product does not yet use post-quantum cryptography. RVNT, by contrast, already ships hybrid ML-KEM-768. |
| Requires a phone number | No | No Not required. A phone number can be optionally linked to aid contact discovery but is never mandatory; you can use Threema fully anonymously. |
| Requires an email address | No | No |
| How you’re identified | Local Ed25519 keypair, username claimed by proof-of-work | Random 8-character Threema ID generated on-device; phone/email linking optional |
| Architecture | peer-to-peer | centralized Threema is a client-server messenger using Threema GmbH's own servers in an ISO 27001 data center in Zurich; it is not peer-to-peer. Messages are relayed (and briefly queued) through these central servers, then deleted after delivery. This differs fundamentally from RVNT's serverless P2P model. |
| Metadata protection | Sealed sender + Tor by default + mixnet (cover traffic, fixed-size padding) | Minimizes metadata; no contact list required on server; but central Swiss servers route all messages Threema markets strong metadata minimization (no phone/email required, contacts not stored on server, messages deleted after delivery). It does NOT route over Tor and does not run a mixnet, so the central server still sees connection-level metadata. RVNT adds sealed sender + Tor-by-default + a cover-traffic mixnet. |
| Routes over Tor by default | Yes | No Threema does not route traffic over Tor by default; it connects directly to its Swiss servers. |
| Open-source client | Yes | Yes Client apps (Android, iOS, desktop) are open source under AGPL-3.0 since late 2020, with reproducible builds on Android. The server remains proprietary. |
| Independently audited | No RVNT is pre-release and has not yet completed a formal third-party security audit — the code is open source so it can be reviewed, but treat it as not-yet-audited. | Yes Multiple external audits: cnlab (2015), Cure53 (mobile apps Oct 2020; desktop app Jan 2024). Separately, ETH Zurich's Applied Cryptography Group (Jan 2023) disclosed seven theoretical attacks against the older protocol; ETH stated all were mitigated by Threema's patches/Ibex. Threema argued the issues had no real-world impact. |
| Jurisdiction / who can be subpoenaed | Peer-to-peer (no central operator to subpoena) There is no company-run server that relays or stores message content, so there is no inbox in a data center to subpoena. A small bootstrap server only holds public prekeys + peer-discovery data. | Switzerland (Threema GmbH, Pfäffikon SZ) |
| On-device duress / panic defenses | Yes | No Threema offers app-level passcode lock and 'Private Chats,' but no built-in duress-decoy PIN or panic-wipe equivalent to RVNT's. Marked 'no' for a true duress mode. |
| Max attachment size | No limit on a direct link (P2P streaming) No size limit on a direct peer-to-peer connection (segmented streaming with resume-on-disconnect). Transfers that fall back to a relay are currently capped at 256 MB until resumable relay ships. | 100 MB Files of any type up to 100 MB in the native apps (older devices may fail on large files due to memory). The legacy Threema Web client was limited to ~15 MiB due to WebRTC DataChannel buffering. |
| Collects telemetry / analytics | No | No Threema states it collects no telemetry/analytics and stores as little data as possible; it is a paid app (one-time purchase, payable anonymously via cash or formerly Bitcoin) rather than ad/data-funded. |
The verdict
Choose Threema if you want a proven, reliable, audited messenger from an accountable Swiss company that works smoothly across phones, desktop, and web and delivers messages even when the other person is offline. Choose RVNT if your priority is maximizing the threat model, no central servers, metadata protection via Tor and a mixnet, post-quantum encryption, and duress defenses, and you accept that it is new, unaudited, and less battle-tested. For most everyday privacy-conscious users wanting safety today, Threema is the safer bet; for users specifically defending against network-level surveillance, server seizure, or future quantum decryption, RVNT's design aims higher.
Frequently asked questions
Is Threema more private than RVNT?
It depends on the threat you care about. Both require no phone number or email and encrypt everything end-to-end by default, and Threema has the stronger audit and reliability track record. But Threema runs your messages through its own central servers in Switzerland and does not use Tor, a mixnet, or post-quantum encryption. RVNT is fully peer-to-peer with no central content server, routes over Tor by default, adds a metadata-hiding mixnet, and already ships post-quantum encryption. So Threema is more proven, while RVNT is designed to hide more metadata and resist server seizure and future quantum attacks.
Does Threema need my phone number?
No. Threema generates a random 8-character ID on your device, so you can use it fully anonymously. Linking a phone number or email is optional and only helps other people find you by their contacts. RVNT also requires no phone number or email.
Is Threema safe after the 2023 ETH Zurich findings?
Yes. In January 2023, ETH Zurich's cryptography group disclosed seven theoretical attacks against Threema's older protocol. Threema had already released its new Ibex protocol (Nov 2022), and the ETH researchers stated they believe all the vulnerabilities have been mitigated by Threema's patches. Threema also argued none of the issues had real-world impact. The protocol has since been formally proven secure.
Comparisons here are kept honest and dated — we name where the other app wins. RVNT is the post-quantum, peer-to-peer option with no phone number and no servers.