An official FBI document dated January 2021, obtained by the American association “Property of People” through the Freedom of Information Act.
This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata (“Pen Register”) or connection data retention law (“18 USC§2703”). Here, in essence, is the information the FBI says it can retrieve:
-
Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.
-
Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).
-
Signal: date and time of account creation and date of last connection.
-
Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.
-
Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.
-
Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).
-
WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.
-
WhatsApp: the targeted person’s basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time (“Pen Register”); message content can be retrieved via iCloud backups.
-
Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.
TL;DR Signal is the messaging system that provides the least information to investigators.
This is very useful information. People should be free to discuss ideas without the FBI glaring over their shoulder.
Takeaways:
- End-to-end encryption works.
- The only trustworthy computer is your computer. Don’t use cloud storage.
- The only trustworthy software is open-source software. Proprietary software serves the interests of the proprietor, not the user.
All of this was already well-known, of course, but it’s always nice to get confirmation.
Telegram states at their site that: “To this day, we have disclosed 0 bytes of user data to third parties, including governments.”
But according to Spiegel this is false. I don’t know German, I read the article using google translate, correct me if I’m wrong.
Here is a quote from the article: “Contrary to what has been publicly stated so far, the operators of the messenger app Telegram have released user data to the Federal Criminal Police Office (BKA) in several cases.”
If this is true, the fact that they are lying is very worrying…
I distinctly remember Telegram having given a phone number and account creation date for someone to a government, they didn’t have anything else to provide allegedly.
0 bytes of user data meaning message content, I suppose.
I don’t think this is what they mean. If you read the whole paragraph they also talk about “[…]the data that is not covered by end-to-end encryption”…
It says that they have nothing to give on Secret chats, and then: “To protect the data that is not covered by end-to-end encryption[…]” … “Thanks to this structure, we can ensure[…]” … “To this day, we have disclosed 0 bytes of user data to third parties, including governments.”
I mean, I would consider phone numbers, IPs, metadata, non-secret chats (I don’t know if that’s a thing, never used Telegram), to be “user data”.
I agree with you here, I’m simply playing devils advocate as to how Telegram can get away with this claim. I trust secret chats on Telegram and use them with my more… spicy acquaintances.
Ahhhh, that’s why furries use Telegram!
And FYI, the info about Signal was confirmed as they received a subpoena a couple years back, and their response was part of the public court records.
Yeah, Signals response pointing to how their service works and than all the data consisting of only these two things war hilarious.
As expected, Signal is still the best.
i love how telegram isn’t even encrypted or anything but they just ghost the authorities
To clarify because this is always a point of confusion whenever the topic comes up. Telegram is, of course, transport encrypted. Someone listening on the wire cannot read your data. It is not end-to-end encrypted, meaning Telegram can always read your messages and can, in principle, give anyone access.
That’s not entirely true. Telegram’s one on one secret chat is end to end encrypted. As well as one on one voice and video calls. Group chats are not end to end encrypted.
Additionally Telegram does have an auto delete features built in for all of its chat types. So while I can’t entirely rule out that Telegram could have a backup of a chat somewhere, you have a bit more piece of mind if you turn on the auto delete feature.
Thanks for the clarification I should have mentioned this. Especially for calls it is actually relevant but I feel like very few people actually use secret chats.
This is why I prefer cloud services outside US jurisdiction, and refuse to use anything based in the USA - like iCloud. National Security Letters are a thing, and even massive companies like Apple can’t fight them.
What about if Apples **‘Advanced Data Protection’ ** which I’m not sure if it is only enabled with iCloud+ subscriptions. Where Apple claims that ‘Advanced Data Protection uses end to end encryption to ensure that data types listed here can only be decrypted on your trusted devices, protecting your information even in the case of a data breach in the cloud’ this list includes VERY sensitive things such as FULL device backups, FULL Message Backups (iMessage & SMS etc), iCloud Drive and a whole lot more. Mainly because Apple literally says on their settings page to turn this on ‘Because Apple will NOT have the keys required to recover your data, you will be guided through verification of your recovery methods in case you ever lose access to your account.’
Can someone verify whether using this would mitigate attempts at retrieval of the data and would require a very lengthy brute-force instead of just HANDING OVER the decryption keys.
Thank you OP for continuing bringing this to people’s attention.
So basically use signal because they can get the least amount of data.
Or Telegram, unless you’re a confirmed terrorist.
Terrorist can be a very broad term. In France the government is using anti terrorism laws against ecologist organisation.
They also incarcerated people from another organisation 3 years ago using the same antiterrorism law, they haven’t found anything against them so now they are accusing them of using signal for their communication and encryption on their phone and laptop.
“I’m not a terrorist” - Subpoena DENIED
I’m curious what/if any info can be retrieved from Matrix servers?
I believe Matrix has the same encryption as Signal. Though there are some things that leak metadata, like reactions for some reason. Would like an investigation into it as well, as I pretty frequently use it. Obviously this is assuming it’s an encrypted chat. Though would also like to see the comparison of an invite only encrypted room, vs a public joinable encrypted room.
Nope. They are similar, but not the same: Comparison
Telegram seem to provide the least info, not signal.
But Telegram also have access to more info about its users, considering that messages are not end to end encrypted by default, than Signal does of its. This means that Telegram can share any data it wants, its users are just hoping that it won’t. In the case of Signal, they don’t have access to any meaningful data in the first place. Also leaving these here:
https://www.wired.com/story/the-kremlin-has-entered-the-chat/
https://tech.hindustantimes.com/tech/news/russian-court-directs-telegram-to-share-encryption-keys-to-access-users-messaging-data-story-1ZhjHvyTQJ89RhhNnp4bGL.html
Wonder what a difference it now makes with the iCloud “advanced Data protection” that provides end to end encryption for iCloud backups etc. in theory that should block the iCloud backup route.
I guess if you enable it on your device you are safe, but if your content is on another device that doesn’t enable it (it’s an opt in option), your content will be available.
Advanced data protection is across your entire account, not per device. According to Apple’s documentation they rotate the keys locally on your devices and then delete them from their services so they no longer have a key to give.
Here’s my foolproof method of not having any issue with the FBI: Don’t do illegal stuff.
This is such a bad take lacking any solidarity with people that have no choice in doing illegal stuff or who are trying their best to make the world a better place. What is legal or illegal is solely defined by governments. In the context of the US, it is now illegal in some parts to have an abortion, to be transgender, to be an immigrant, to be black, etc. So “don’t do illegal stuff” is a reminder of your privileged position to be able to lean back and have nothing to fear, while other people just by existing or by trying to survive automatically are considered illegal. And think of all the whistleblowers like Edward Snowden. We as peole are much better off because of them, yet they have to fear the state’s repressions.
Your response makes me really angry just by how inconsiderate and insulting it is :(
Agreed entirely–privacy is and will always remain an essential human right.
Tell that to trans people in Florida, or people seeking abortion healthcare on Texas
You’d be surprised at how many things you do today that has been illegal or will be illegal in the future. The last part is the real scary one.
Tell that to Fred Hampton.
Dude, that was literally 54 years ago.
And everyone knows that the FBI was never involved in the extrajudicial killing of an innocent dissident besides that one time.
Can you point to any in the last 20 years?
Can you name all of the actors that played Putties in the original English run of Power Rangers from the 90s?
See, I can set arbitrary, movable goal posts, too.
It doesn’t work that way. FBI documents remain classified for 50 years before being accessible to FOIA. That means that we don’t have the means to confirm culpability outside that 50-year window.
I can throw names at you. But here’s what I know will happen in response. You will either;
A) Claim the person was not innocent. Despite conflicting claims, they either had a weapon, attempted violence, whatever. So they deserved to be murdered.
Or
B) The situation is not clear. Nobody was outright blamed. Details are fuzzy. Investigations were inconclusive.
Regardless of what I post, the outcome will never be “Wow, you’re right. I guess law enforcement does kill innocent people without impetus sometimes.” You will always move the goal posts and claim that I did not meet your burden of proof. Because you’re arguing ideologically in bad faith. And since I’m not a fucking idiot, I’m not going to waste my time.
And if you want to say that you are, in fact, arguing in good faith, then my rebuttal is simple;
I’m not doing your fucking homework for you, Billy.
A+ reply.
Are you Big Brother?
While Don’t break the law, asshole is solid advice for staying off the FBI’s radar, it’s not really a guarantee.
And sometimes, justice requires breaking the law. Remember that the Holocaust was legal and Stonewall was not.
Again, I think I need to remind people that it’s 2023.
You’re now being intentionally obtuse, again look at all the anti-trans legislation, look at the repeal of Roe, look at all that and so much that is in the works, the fact that you’re in the privileged position to ignore it AND proceed to also ignore how damn many people don’t, leads me to believe you’d be the guy hiding the zombie bite in the team. Don’t be the guy hiding the zombie bite in the team, you can do better.
You’re right, it’s 2023 and Roe v. Wade was recently repealed, what do you think about that?
I think it sucks and that the entire Supreme Court ought to be disbarred.
Saying “it’s 2023” has no bearing on what is possible, seeing as how our society just lost 50 years of federally protected health and privacy rights. It’s 1972 to half the population now, not 2023.
Your argument “don’t do anything illegal and you won’t have anything to hide” is worthless to the half the population that had their rights to make their own health decisions stripped away from them.
Your statements are the Mason guy of the 40s anti-fascist propaganda.
https://www.youtube.com/watch?v=rJriMuVEPMY&pp=ygUQRG9udCBiZSBhIHN1Y2tlcg%3D%3D
