An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:

  • Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

  • Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

  • Signal: date and time of account creation and date of last connection.

  • Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

  • Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

  • Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

  • WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

  • WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.

  • Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

  • argv_minus_one@beehaw.orgBannedEnglish
    57·
    3 years ago

    Takeaways:

    • End-to-end encryption works.
    • The only trustworthy computer is your computer. Don’t use cloud storage.
    • The only trustworthy software is open-source software. Proprietary software serves the interests of the proprietor, not the user.
    • StarkillerX42@lemmy.mlEnglish
      3·
      3 years ago

      The really nice part about this is that this is exactly what Signal says they can share, and have been forced to share in the past. It’s a tested history of complete policy transparency.

    • twhite@lemmy.mlEnglish
      1·
      3 years ago

      Yeah but I’m still mad about their decision to drop SMS/MMS.

      Wonderful app, great handling of signal to signal messaging, but it really took away my ability to sell end to encryption to friends and family.

      • Luke@lemmy.mlEnglish
        8·
        3 years ago

        it really took away my ability to sell end to encryption to friends and family

        As I understand it, SMS and MMS aren’t encrypted (and that’s why support was dropped. Unfortunately, you were never selling your friends e2e as long as they kept using SMS, even if they used it through Signal. In fact, it’s arguable that the false perception of security in “now I’m texting through Signal, and that means it’s secure!” was even more damaging than never having switched in the first place. (Unless they went all the way and stopped using SMS, of course.)

        So, nothing is lost from that perspective. Now you can more accurately recommend ppl to use Signal messages instead of SMS and know that you are more accurately selling e2e with every convert because they can’t keep using insecure messaging through Signal.

      • Panteleimon@beehaw.orgEnglish
        2·
        3 years ago

        That’s fair, though personally I’m kindof glad they did. “Signal is a secure messaging app” is a lot easier to explain to non-tech-savvy people than “Signal is a secure messaging app, as long as you are messaging someone who is using Signal too. It can also send regular texts but they can’t be encrypted.” Leaving that nuance out would have left people texting with a false assumption of security, but I lost several people explaining it because it “sounds complicated”.

        • flynnguy@programming.devEnglish
          2·
          3 years ago

          Yeah, but now a lot of people I convinced to use it, no longer use it because they just want to use one app.

  • StrayCatFrump@beehaw.orgEnglish
    19·
    3 years ago

    Also remember this is useless without complementary security measures:

    1. Encrypt the storage on any device where these are installed (including your desktop/laptop drives if you install e.g. the desktop version of Signal).
    2. Lock your devices with pin or password, and store that pin/password only in your head (there’s no such thing as telepathy at this point in time so they can’t physically force it out of you, unlike biometric data like your fingerprints).

    If you are relying on “Legally they’re not allowed to…” instead of, “They simply can’t, despite all they might try,” then you’re not doing it right.

  • Napain@lemmy.mlEnglish
    13·
    3 years ago

    i love how telegram isn’t even encrypted or anything but they just ghost the authorities

    • TemporaryBoyfriend@lemmy.caEnglish
      2·
      3 years ago

      This is why I prefer cloud services outside US jurisdiction, and refuse to use anything based in the USA - like iCloud. National Security Letters are a thing, and even massive companies like Apple can’t fight them.

  • NotSteve_@beehaw.orgEnglish
    11·
    3 years ago

    I’m actually surprised they can’t get more WhatsApp data considering it’s Facebook. I know WhatsApp’s thing is encryption but… It’s Facebook

    • Steeve@lemmy.caEnglish
      3·
      3 years ago

      There’s a lot of misinformation about Facebook on Reddit. They absolutely deserve scrutiny, but their main problem has always been growing too big too fast and all regular capitalism stuff. If you actually look further into their scandals than Reddit comment sections it becomes apparent that most of their issues (Cambridge Analytica, general misinformation, hate speech, etc) comes from just regular ol corporate incompetence at a massive scale rather than maliciousness. I don’t know if that makes anyone feel any better lol.

      They are trying to turn it around though and they’re investing a shit ton in privacy and trying to tackle “bad actors” and misinformation problems on their platforms (because I guess the scrutiny worked). They’re pushing heavily for Messenger to be fully E2EE like WhatsApp, so it’s pretty clear that they want to work with local law enforcement about as much as you want them to.

      They should definitely be heavily scrutinized, but I think a lot of the Meta criticism goes past constructive conversation and into rage-fueled hate, especially on Reddit and other competing social medias.

  • ozoned@beehaw.orgEnglish
    8·
    3 years ago

    No mention of Matrix. Wonder if it’s not on their radar, or they have nothing, or just wasn’t important to put it on there?

    • worfamerryman@beehaw.orgEnglish
      5·
      3 years ago

      I think it is because it is a bit nuanced. I used to host a matrix server and if the FBI was like hey, give us the data to something.

      I’d just give them anything they wanted. I did not allow signups, I only gave access to one friend and only had it setup as a learning project.

      I’m sure my friend wouldn’t do anything shady on it, I’ve been close friends with him for about 30 years. But I’m not going to fight the fbi on their behalf. Plus, if they were using the server for something that the fbi needed to get involved with, I’d be pissed they used my server to do it.

      tl:dr anyone can host a matrix instance and each host could have different levels of access.

    • worfamerryman@beehaw.orgEnglish
      1·
      3 years ago

      I think it is because it is a bit nuanced. I used to host a matrix server and if the FBI was like hey, give us the data to something.

      I’d just give them anything they wanted. I did not allow signups, I only gave access to one friend and only had it setup as a learning project.

      I’m sure my friend wouldn’t do anything shady on it, I’ve been close friends with him for about 30 years. But I’m not going to fight the fbi on their behalf. Plus, if they were using the server for something that the fbi needed to get involved with, I’d be pissed they used my server to do it.

      tl:dr anyone can host a matrix instance and each host could have different levels of access.

      • 676@lemmy.caEnglish
        2·
        3 years ago

        The server shouldnt be seeing anything of value if you’re end to end encrypted

        • worfamerryman@beehaw.orgEnglish
          1·
          3 years ago

          That is what I imagine as well. Either way, if they want files to try and decrypt then they can have them.

    • Sl00k@programming.devEnglish
      1·
      3 years ago

      Also important to note it’s been well known the CIA uses Matrix internally for communications. If they’re using it for communication it’s probably pretty sturdy.

  • tram1@programming.devEnglish
    8·
    3 years ago

    Telegram states at their site that: “To this day, we have disclosed 0 bytes of user data to third parties, including governments.”

    But according to Spiegel this is false. I don’t know German, I read the article using google translate, correct me if I’m wrong.

    Here is a quote from the article: “Contrary to what has been publicly stated so far, the operators of the messenger app Telegram have released user data to the Federal Criminal Police Office (BKA) in several cases.”

    If this is true, the fact that they are lying is very worrying…

  • TemporaryBoyfriend@lemmy.caEnglish
    7·
    3 years ago

    And FYI, the info about Signal was confirmed as they received a subpoena a couple years back, and their response was part of the public court records.

  • GuyDudeman@beehaw.orgEnglish
    6·
    3 years ago

    Here’s my foolproof method of not having any issue with the FBI: Don’t do illegal stuff.

    • flora_explora@beehaw.orgEnglish
      21·
      3 years ago

      This is such a bad take lacking any solidarity with people that have no choice in doing illegal stuff or who are trying their best to make the world a better place. What is legal or illegal is solely defined by governments. In the context of the US, it is now illegal in some parts to have an abortion, to be transgender, to be an immigrant, to be black, etc. So “don’t do illegal stuff” is a reminder of your privileged position to be able to lean back and have nothing to fear, while other people just by existing or by trying to survive automatically are considered illegal. And think of all the whistleblowers like Edward Snowden. We as peole are much better off because of them, yet they have to fear the state’s repressions.

      Your response makes me really angry just by how inconsiderate and insulting it is :(

      • GuyDudeman@beehaw.orgEnglish
        1·
        3 years ago

        Edward Snowden immediately fled to a fascist kleptocracy. Dude doesn’t care about anything. He just wanted his fame and glory and to save his own ass.

        Where in the US is it “illegal” to be trans or black? C’mon.

        And even then, it’s not a federal issue. The FBI doesn’t give a shit whether or not someone travels to another state to get an abortion.

    • MagicShel@programming.devEnglish
      16·
      3 years ago

      While Don’t break the law, asshole is solid advice for staying off the FBI’s radar, it’s not really a guarantee.

      • GuyDudeman@beehaw.orgEnglish
        0·
        3 years ago

        There are no guarantees in life. Who’s to say that the FBI didn’t write this article specifically to direct people to use Signal?

    • jherazob@beehaw.orgEnglish
      8·
      3 years ago

      Tell that to trans people in Florida, or people seeking abortion healthcare on Texas

      • GuyDudeman@beehaw.orgEnglish
        0·
        3 years ago

        It’s not illegal to be trans anywhere in the us.

        The FBI deals with federal matters, not state matters.

        • poop@lemmy.blahaj.zoneEnglish
          1·
          3 years ago

          This is a guide for local law enforcement. Also spoilers: federal laws aren’t all good and just, and extra spoilers for people who really haven’t been paying attention: the FBI sometimes goes after people who haven’t committed crimes but did stuff the FBI didn’t like.

    • Seathru@beehaw.orgEnglish
      2·
      3 years ago

      :mindblown: Holy crap! You just completely solved the problem in one take didn’t you?

  • Schedar@beehaw.orgEnglish
    5·
    3 years ago

    Wonder what a difference it now makes with the iCloud “advanced Data protection” that provides end to end encryption for iCloud backups etc. in theory that should block the iCloud backup route.

  • catastrophicblues@lemmy.caEnglish
    4·
    3 years ago

    It seems like Signal, Telegram, and Threema are the best for now. Signal provides the least information, but for the majority of people, the stuff from Telegram are things the government already know, and I’m not sure how useful the Threema information is.