this post was submitted on 26 Jun 2023
14 points (100.0% liked)

Technology

37643 readers
153 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
14
Unclassified FBI Document: Ability to legally access Secure Messaging App Content and Metadata (January 2021) (beehaw.org)
submitted 1 year ago* (last edited 1 year ago) by bbbhltz@beehaw.org to c/technology@beehaw.org
24 comments fedilink hide all child comments
 

An official FBI document dated January 2021, obtained by the American association "Property of People" through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata ("Pen Register") or connection data retention law ("18 USC§2703"). Here, in essence, is the information the FBI says it can retrieve:

  • Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

  • Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

  • Signal: date and time of account creation and date of last connection.

  • Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

  • Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

  • Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

  • WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

  • WhatsApp: the targeted person's basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time ("Pen Register"); message content can be retrieved via iCloud backups.

  • Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

top 24 comments
sorted by: hot top controversial new old
[–] argv_minus_one@beehaw.org 3 points 1 year ago* (last edited 1 year ago)

Takeaways:

  • End-to-end encryption works.
  • The only trustworthy computer is your computer. Don't use cloud storage.
  • The only trustworthy software is open-source software. Proprietary software serves the interests of the proprietor, not the user.

All of this was already well-known, of course, but it's always nice to get confirmation.

[–] PerogiBoi@lemmy.ca 2 points 1 year ago (1 children)

So basically use signal because they can get the least amount of data.

[–] MentalEdge@sopuli.xyz 1 points 1 year ago (2 children)

Matrix isn't on the list at all.

[–] ninchuka@lemmy.one 1 points 1 year ago

matrix doesnt encrypt any metadata at all pretty much, only message content and files uploaded to encrypted rooms are encrypted

[–] poudlardo@terefere.eu 0 points 1 year ago (1 children)

Discord as well though

[–] fmstrat@lemmy.nowsci.com 3 points 1 year ago

Discord is not a secure chat app so it's not listed. Basically, they can get everything from Discord.

[–] TemporaryBoyfriend@lemmy.ca 1 points 1 year ago (1 children)

And FYI, the info about Signal was confirmed as they received a subpoena a couple years back, and their response was part of the public court records.

[–] ehrenschwan@feddit.de 2 points 1 year ago

Yeah, Signals response pointing to how their service works and than all the data consisting of only these two things war hilarious.

[–] GuyDudeman@beehaw.org 0 points 1 year ago (1 children)

Here's my foolproof method of not having any issue with the FBI: Don't do illegal stuff.

[–] MagicShel@programming.dev 0 points 1 year ago (1 children)

While Don't break the law, asshole is solid advice for staying off the FBI's radar, it's not really a guarantee.

[–] DekkerNSFW@lemmy.fmhy.ml 2 points 1 year ago

And sometimes, justice requires breaking the law. Remember that the Holocaust was legal and Stonewall was not.

[–] Napain@lemmy.ml 0 points 1 year ago (2 children)

i love how telegram isn't even encrypted or anything but they just ghost the authorities

[–] __forward__@lemm.ee 1 points 1 year ago (1 children)

To clarify because this is always a point of confusion whenever the topic comes up. Telegram is, of course, transport encrypted. Someone listening on the wire cannot read your data. It is not end-to-end encrypted, meaning Telegram can always read your messages and can, in principle, give anyone access.

[–] ookees@beehaw.org 0 points 1 year ago* (last edited 1 year ago) (1 children)

That's not entirely true. Telegram's one on one secret chat is end to end encrypted. As well as one on one voice and video calls. Group chats are not end to end encrypted.

Additionally Telegram does have an auto delete features built in for all of its chat types. So while I can't entirely rule out that Telegram could have a backup of a chat somewhere, you have a bit more piece of mind if you turn on the auto delete feature.

[–] __forward__@lemm.ee 1 points 1 year ago

Thanks for the clarification I should have mentioned this. Especially for calls it is actually relevant but I feel like very few people actually use secret chats.

[–] TemporaryBoyfriend@lemmy.ca 1 points 1 year ago

This is why I prefer cloud services outside US jurisdiction, and refuse to use anything based in the USA - like iCloud. National Security Letters are a thing, and even massive companies like Apple can't fight them.

[–] Schedar@beehaw.org 0 points 1 year ago (1 children)

Wonder what a difference it now makes with the iCloud “advanced Data protection” that provides end to end encryption for iCloud backups etc. in theory that should block the iCloud backup route.

[–] aroom@kbin.social 0 points 1 year ago (1 children)

I guess if you enable it on your device you are safe, but if your content is on another device that doesn't enable it (it's an opt in option), your content will be available.

[–] codus@leby.dev 1 points 1 year ago

Advanced data protection is across your entire account, not per device. According to Apple’s documentation they rotate the keys locally on your devices and then delete them from their services so they no longer have a key to give.

[–] arcticpiecitylights@beehaw.org 0 points 1 year ago (1 children)

I'm curious what/if any info can be retrieved from Matrix servers?

[–] sojourn@geddit.social 0 points 1 year ago (1 children)

I believe Matrix has the same encryption as Signal. Though there are some things that leak metadata, like reactions for some reason. Would like an investigation into it as well, as I pretty frequently use it. Obviously this is assuming it's an encrypted chat. Though would also like to see the comparison of an invite only encrypted room, vs a public joinable encrypted room.

[–] wasabi@feddit.de 1 points 1 year ago

Nope. They are similar, but not the same: Comparison

[–] fsniper@kbin.social 0 points 1 year ago (1 children)

Telegram seem to provide the least info, not signal.

[–] LollerCorleone@kbin.social 0 points 1 year ago

But Telegram also have access to more info about its users, considering that messages are not end to end encrypted by default, than Signal does of its. This means that Telegram can share any data it wants, its users are just hoping that it won't. In the case of Signal, they don't have access to any meaningful data in the first place. Also leaving these here:
https://www.wired.com/story/the-kremlin-has-entered-the-chat/
https://tech.hindustantimes.com/tech/news/russian-court-directs-telegram-to-share-encryption-keys-to-access-users-messaging-data-story-1ZhjHvyTQJ89RhhNnp4bGL.html