this post was submitted on 26 Jun 2023
636 points (100.0% liked)

Technology

37716 readers
795 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
Los@beehaw.org
coldredlight@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
636
Unclassified FBI Document: Ability to legally access Secure Messaging App Content and Metadata (January 2021) (beehaw.org)
submitted 1 year ago* (last edited 1 year ago) by bbbhltz@beehaw.org to c/technology@beehaw.org
176 comments fedilink hide all child comments
 

An official FBI document dated January 2021, obtained by the American association "Property of People" through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata ("Pen Register") or connection data retention law ("18 USC§2703"). Here, in essence, is the information the FBI says it can retrieve:

  • Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

  • Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

  • Signal: date and time of account creation and date of last connection.

  • Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

  • Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

  • Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

  • WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

  • WhatsApp: the targeted person's basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time ("Pen Register"); message content can be retrieved via iCloud backups.

  • Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] Schedar@beehaw.org 7 points 1 year ago (4 children)

Wonder what a difference it now makes with the iCloud “advanced Data protection” that provides end to end encryption for iCloud backups etc. in theory that should block the iCloud backup route.

[–] Bucket_of_Truth@kbin.social 7 points 1 year ago (1 children)

Doesn't matter if apple will just hand over the encryption keys.

[–] kitonthenet@kbin.social 5 points 1 year ago (1 children)

How does apple hand over a key it doesn’t have?

[–] RandoCalrandian@kbin.social 3 points 1 year ago

You answered your own question

[–] kitonthenet@kbin.social 3 points 1 year ago

Yeah this infographic is now out of date with the iCloud changes

load more comments (2 replies)
[–] hellequin67@lemmy.fmhy.ml 7 points 1 year ago (4 children)

Whilst enlightening, it's kinda also useless. Let's be honest the majority of endusers use a particular app, in the main, because its most likely what everyone else in their friend group uses.

In my case WhatsApp, I'd struggle to get all my friends and family to change at this point.

[–] Airgoof@vlemmy.net 7 points 1 year ago

Took me a moment, but I converted most close contacts to Telegram. Not Meta-infested and solid apps including desktop.

It gets easier the more you already have.

[–] Max_UL@lemmy.pro 5 points 1 year ago

You don’t “have to” use apps that compromise your security. If you really want to switch to better practices you can and can still thrive. I got and persuaded my whole company and friend groups off of bad apps. It’s possible.

[–] ForestOrca@kbin.social 3 points 1 year ago

In my case, I was running phone apps on an iPod Touch, and it couldn't run WhatsApp. So I convinced a core group of friends to get on Signal back Snowden rec'd it. And the way networks operate, it spread out from there.

[–] MrMonkey@lemm.ee 3 points 1 year ago

I just do it the easy way: I'm using Signal. If you want to text me or receives texts from me then use it.

Now it's not just my friends but my neighbors now. SMS is straight garbage, I won't use it.

[–] fogetaboutit@programming.dev 6 points 1 year ago

well this isn't as eye opening as I thought it would be. But thank you for the summary, really!

[–] ISometimesAdmin@the.coolest.zone 6 points 1 year ago

Great to see ever-mounting proof that end-to-end encryption works! This is why I'm on Matrix.

[–] Ronno@kbin.social 6 points 1 year ago

Ah the infamous wizardry of the backdoor in encryption discussion.

[–] NuclearNoggin@lemmy.fmhy.ml 6 points 1 year ago

damn this is pretty interesting. thanks for sharing.

[–] catastrophicblues@lemmy.ca 6 points 1 year ago (2 children)

It seems like Signal, Telegram, and Threema are the best for now. Signal provides the least information, but for the majority of people, the stuff from Telegram are things the government already know, and I'm not sure how useful the Threema information is.

[–] exu@feditown.com 4 points 1 year ago

I read it as Threema being about as secure as Signal if you don't give them your phone number & email and use the Libre version without Google push notifications.

[–] sadreality@kbin.social 4 points 1 year ago* (last edited 1 year ago)

Just BC tele doesn't share data with FBI... Does does mean they don't share with fsb.

load more comments
view more: ‹ prev next ›