(Sorry this is off-topic for Threema)
“Openness vs security” is in no way a discussion I want to have, fully agree there is no security without openness. I was trying to be “clever” by quoting a “pick two” rule.
However the “security versus usability” is still at challenge.
Entering secure group chats lets you chose between “wait for all players to re-send their message with your key” or “don’t look up” - because there is no previous message.
Add that to that the fact that most popular mobile messengers are “social networks of SIM contacts” (so you don’t have to ‘create an account’ and ‘add a friend’, they’re just there) - this is where XMPP and Matrix are presenting some resistance, and the all-too-comfy user picks the less resistance path…
Security usability has come a long way recently though, I agree.
Back on topic Threema, just picking some usability issues from wikipedia (sorry if the source is wrong):
- It doesn’t use “social network of SIM contacts” (good!), requires only to be a paying user (good!), but how do you pay may still identify you.
- btw, using checksums or any algorithm on phone numbers is highly insecure, since the input space is so small (10^13 max?)
- It cannot run on multiple devices unless your phone is one of them and is connected. (security annoyance?)
- It uses random generated user IDs if you don’t provide your name/number (hello ICQ)
- Chats are limited to 256 people (must be a threshold for security power hog to send a message encrypted 255 times)
- calls are only one to one, no group calls (maybe security hard at work again)
I am not arguing that one should not choose security.
I just say that the choice is not as easy as it looks.
L.E. the wikipedia article doesn’t mention backups, or what do you have to do to switch devices with Threema. Since the limitations above are similar to Signal (or Whatsapp, which doesn’t count here, on any count), I would guess there are hoops to jump in this case too.