Comparison
Signal vs Threema
Signal: The gold-standard E2EE messenger: open-source, independently studied, post-quantum, and run by a nonprofit that has proven in court it holds almost no data — but it still ties your account to a phone number and runs on central servers. · Threema: A paid, Swiss, open-source messenger that needs no phone number and encrypts everything by default, but runs on central servers and isn't yet post-quantum.
Bottom line: For most people who want strong, free, well-studied encryption with the largest secure-messenger network and the best-documented record of resisting government data demands, Signal is the default recommendation — and it is now also post-quantum, which Threema is not yet. Choose Threema if avoiding a phone number is your priority: its random-ID model and Swiss jurisdiction give you account anonymity that Signal's phone-number requirement cannot, and paying once for the app aligns the operator's incentives with privacy rather than scale.
Signal and Threema both encrypt every message end-to-end by default, are open-source, are independently audited, and are run by entities outside the US tech-giant orbit — Signal by a California nonprofit foundation, Threema by a Swiss company. On those fundamentals they are two of the most credible secure messengers available, and the real differences are in the trade-offs each one makes around identity, funding, metadata, and cryptographic roadmap.
The sharpest contrast is identity. Signal ties your account to a phone number, which makes onboarding frictionless and contact discovery automatic but links your account to a real-world identifier; Threema needs no phone number or email and instead issues a random 8-character ID, trading convenience for anonymity. Funding differs too: Signal is free and donation-funded as a 501(c)(3) nonprofit, while Threema is a one-time paid app whose business model is selling the software rather than monetizing data. Both are centralized — you trust each operator's servers to relay (not read) traffic — but Signal has the longer public track record of proving in court that it holds almost no data, while Threema's Swiss base and no-identifier design minimize what is collected in the first place. On the crypto roadmap they now diverge: Signal has shipped post-quantum protection (PQXDH for session setup plus the SPQR / Triple Ratchet), whereas Threema's Ibex protocol provides modern forward secrecy but is not yet post-quantum.
The facts, side by side
| Signal | Threema | |
|---|---|---|
| End-to-end encrypted by default | Yes | Yes |
| Encryption protocol | Signal Protocol: X3DH + Double Ratchet with AES-256-GCM, now extended by PQXDH (handshake) and the Triple Ratchet / SPQR (post-quantum ratchet) Signal's classic stack is X3DH key agreement + the Double Ratchet, with AES-256 in CBC/HMAC historically and AES-256-GCM AEAD. In 2023 Signal added PQXDH (X25519 + CRYSTALS-Kyber/ML-KEM-768) to the initial handshake, and on Oct 2, 2025 shipped the Sparse Post-Quantum Ratchet (SPQR), combining the Double Ratchet with an ML-KEM-768 ratchet into a hybrid 'Triple Ratchet.' | NaCl (Curve25519/XSalsa20-Poly1305) + Ibex (Double-Ratchet-style forward secrecy) Message encryption is built on the open-source NaCl library (Curve25519 ECC, 256-bit). Forward secrecy was added at the end-to-end layer via the 'Ibex' protocol, released Nov 2022; a formal security proof of Ibex was published by researchers in 2023. |
| Post-quantum key exchange | Yes Post-quantum protection is hybrid (classical + ML-KEM-768) and is being rolled out automatically; older clients downgrade gracefully when a peer lacks SPQR support, so coverage is universal at the handshake (PQXDH) and progressively universal for the ongoing ratchet (SPQR). | No Not shipped. Threema announced a research collaboration with IBM Research (Feb 2026) to eventually integrate ML-KEM/quantum-safe methods, but the product does not yet use post-quantum cryptography. RVNT, by contrast, already ships hybrid ML-KEM-768. |
| Requires a phone number | Yes A working phone number that can receive an SMS/call is still mandatory to create an account. Usernames (added 2024) only let others reach you without seeing your number; they do not replace the number for registration. | No Not required. A phone number can be optionally linked to aid contact discovery but is never mandatory; you can use Threema fully anonymously. |
| Requires an email address | No | No |
| How you’re identified | Phone number is required to register; an optional username lets you be contacted without sharing the number | Random 8-character Threema ID generated on-device; phone/email linking optional |
| Architecture | centralized | centralized Threema is a client-server messenger using Threema GmbH's own servers in an ISO 27001 data center in Zurich; it is not peer-to-peer. Messages are relayed (and briefly queued) through these central servers, then deleted after delivery. This differs fundamentally from RVNT's serverless P2P model. |
| Metadata protection | Sealed sender hides the sender from Signal's servers; private contact discovery and encrypted profiles/groups minimize what the server can see, but a central server still routes all traffic Sealed sender gives one-way sender anonymity from the server, and private contact discovery plus SGX-backed features reduce server knowledge. Government subpoenas (2016, 2021) confirmed Signal could only produce account-creation and last-connection timestamps. However, a central server still sees connection metadata such as IP and timing, which is why it is 'centralized' rather than a metadata-minimal P2P design. | Minimizes metadata; no contact list required on server; but central Swiss servers route all messages Threema markets strong metadata minimization (no phone/email required, contacts not stored on server, messages deleted after delivery). It does NOT route over Tor and does not run a mixnet, so the central server still sees connection-level metadata. RVNT adds sealed sender + Tor-by-default + a cover-traffic mixnet. |
| Routes over Tor by default | No Signal does NOT route over Tor by default. It offers censorship circumvention (domain fronting / proxy support) when blocked, and users can manually run it through Tor/Orbot, but normal traffic goes to Signal's servers directly. | No Threema does not route traffic over Tor by default; it connects directly to its Swiss servers. |
| Open-source client | Yes | Yes Client apps (Android, iOS, desktop) are open source under AGPL-3.0 since late 2020, with reproducible builds on Android. The server remains proprietary. |
| Independently audited | Partial Marked partial: the Signal Protocol has strong academic formal-analysis pedigree (e.g., Cohn-Gordon et al., IEEE EuroS&P 2017) and PQXDH received formal verification, but these are protocol/cryptography analyses rather than recurring full-stack commercial penetration audits of every client. Signal is exceptionally well-scrutinized for a messenger; 'partial' reflects that it is not a single, recent, end-to-end commercial audit of all apps. | Yes Multiple external audits: cnlab (2015), Cure53 (mobile apps Oct 2020; desktop app Jan 2024). Separately, ETH Zurich's Applied Cryptography Group (Jan 2023) disclosed seven theoretical attacks against the older protocol; ETH stated all were mitigated by Threema's patches/Ibex. Threema argued the issues had no real-world impact. |
| Jurisdiction / who can be subpoenaed | United States (Signal Foundation / Signal Messenger LLC, 501(c)(3) nonprofit, California) | Switzerland (Threema GmbH, Pfäffikon SZ) |
| On-device duress / panic defenses | No Signal supports disappearing messages, a Signal PIN, registration lock, and screen lock, but has no built-in duress/decoy PIN or panic-wipe; a community feature request for a duress wipe was declined by Signal. | No Threema offers app-level passcode lock and 'Private Chats,' but no built-in duress-decoy PIN or panic-wipe equivalent to RVNT's. Marked 'no' for a true duress mode. |
| Max attachment size | ~100 MB per attachment (varies by platform: ~100 MB Android/Desktop, smaller on iOS) Commonly cited as ~100 MB per attachment, with per-platform variation (Android/Desktop near 100 MB, iOS images notably smaller). Limits change over time; treat as approximate. | 100 MB Files of any type up to 100 MB in the native apps (older devices may fail on large files due to memory). The legacy Threema Web client was limited to ~15 MiB due to WebRTC DataChannel buffering. |
| Collects telemetry / analytics | No Signal is funded by donations/grants, runs no ads, and does not monetize data. Subpoena responses demonstrate it does not retain message content, contacts, or profile data; it is widely regarded as not running analytics/telemetry on users. | No Threema states it collects no telemetry/analytics and stores as little data as possible; it is a paid app (one-time purchase, payable anonymously via cash or formerly Bitcoin) rather than ad/data-funded. |
The verdict
For most people who want strong, free, well-studied encryption with the largest secure-messenger network and the best-documented record of resisting government data demands, Signal is the default recommendation — and it is now also post-quantum, which Threema is not yet. Choose Threema if avoiding a phone number is your priority: its random-ID model and Swiss jurisdiction give you account anonymity that Signal's phone-number requirement cannot, and paying once for the app aligns the operator's incentives with privacy rather than scale. In short: Signal for reach, post-quantum crypto, and a proven legal track record; Threema for identifier-free anonymity and a paid, no-data-business model.
Both still run on central servers and store some account metadata, so neither is the most privacy-maximal option if your threat model assumes the operator itself could be compelled or compromised. If you want to eliminate that trust assumption entirely — no central server holding message content, no phone number, no company in the loop — a fully peer-to-peer design like RVNT sits in a more privacy-maximal next tier, at the cost of the maturity, scale, and battle-tested track record that Signal and Threema have already earned.
Frequently asked questions
Is Signal or Threema better if I don't want to give out my phone number?
**Threema.** It requires no phone number or email — your identity is a random 8-character Threema ID, so you can use it fully anonymously. Signal currently requires a phone number to register an account (though it lets you hide that number from other users via usernames). If phone-number-free anonymity is your main goal, Threema is the better fit; if you're comfortable using a phone number, Signal's larger network and free, post-quantum encryption are strong advantages.
Are Signal and Threema's encryption equally strong, and are either post-quantum?
Both encrypt all messages end-to-end by default with modern, audited cryptography and forward secrecy — Signal via the Signal Protocol (X3DH + Double Ratchet) and Threema via NaCl plus its Double-Ratchet-style **Ibex** protocol, which has been formally analyzed. The key difference today is **post-quantum** protection: Signal has rolled out PQXDH for session setup and the SPQR / Triple Ratchet for ongoing messages, guarding against 'harvest-now, decrypt-later' attacks by future quantum computers. Threema's Ibex is strong but is **not yet post-quantum**, so Signal is currently ahead on that specific, forward-looking dimension.
Comparisons here are kept honest and dated — we name where the other app wins. RVNT is the post-quantum, peer-to-peer option with no phone number and no servers.