An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:

  • Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

  • Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

  • Signal: date and time of account creation and date of last connection.

  • Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

  • Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

  • Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

  • WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

  • WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.

  • Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

  • Leigh@beehaw.orgM
    link
    fedilink
    English
    arrow-up
    36
    ·
    2 years ago

    This perspective lacks nuance.

    a service like iCloud is a bad idea if you care about your privacy

    Like all security and privacy measures, you have to consider your threat profile. From whom are you trying to maintain privacy from? If it’s other people or companies, then using a service like this is perfectly okay. If you’re worried about state actors or governmental agencies coming after you, then you have a very different set of requirements and considerations than most people, and you should plan accordingly.

    But saying that services like this aren’t for people who care about their privacy is a little disingenuous. As with all things, it’s a matter of degrees.

    • Melpomene@kbin.social
      link
      fedilink
      English
      arrow-up
      14
      ·
      2 years ago

      Fair point… and I’ll edit the comment to reflect that. Thanks for catching the lack of nuance… guess fasting for 24 hours has me both tired and salty.

    • Snapz@beehaw.org
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 years ago

      Learn from Reddit, don’t give corporations the power to do so and they can’t inevitably abuse that power.

    • mobyduck648@beehaw.org
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 years ago

      I feel a lot of people get ‘dragnet surveillance against everyone on the internet’ mixed up with ‘being actively under pressure from a state-level actor’. If the likes of MI5 or the FBI were genuinely after someone they’d need a lot more than an encrypted messaging service and a VPN to avoid them.

      I like my current setup but I’m under no illusion it would do much at all against the ‘electric cattle prod and water-boarding’ school of decryption exploits.

      • Melpomene@kbin.social
        link
        fedilink
        English
        arrow-up
        9
        ·
        2 years ago

        It’s not so much Apple is bad as “commercial providers, including Apple, aren’t great at privacy.”

        • fades@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 years ago

          I (and many others) would argue Apple is great at privacy, unless you are trying to hide from subpoenas