this post was submitted on 26 Jun 2023
669 points (100.0% liked)

Technology

37739 readers
782 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

An official FBI document dated January 2021, obtained by the American association "Property of People" through the Freedom of Information Act.

This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata ("Pen Register") or connection data retention law ("18 USC§2703"). Here, in essence, is the information the FBI says it can retrieve:

  • Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.

  • Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).

  • Signal: date and time of account creation and date of last connection.

  • Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.

  • Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.

  • Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).

  • WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.

  • WhatsApp: the targeted person's basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time ("Pen Register"); message content can be retrieved via iCloud backups.

  • Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.

TL;DR Signal is the messaging system that provides the least information to investigators.

you are viewing a single comment's thread
view the rest of the comments
[–] ozoned@beehaw.org 23 points 1 year ago (4 children)

No mention of Matrix. Wonder if it's not on their radar, or they have nothing, or just wasn't important to put it on there?

[–] worfamerryman@beehaw.org 9 points 1 year ago

I think it is because it is a bit nuanced. I used to host a matrix server and if the FBI was like hey, give us the data to something.

I’d just give them anything they wanted. I did not allow signups, I only gave access to one friend and only had it setup as a learning project.

I’m sure my friend wouldn’t do anything shady on it, I’ve been close friends with him for about 30 years. But I’m not going to fight the fbi on their behalf. Plus, if they were using the server for something that the fbi needed to get involved with, I’d be pissed they used my server to do it.

tl:dr anyone can host a matrix instance and each host could have different levels of access.

[–] jackattackson@lemm.ee 8 points 1 year ago (3 children)

I'm wondering the same thing.

I am a long time signal user but I just started using Matrix yesterday and now I'm very curious about whether Signal or Matrix is better somehow in terms of security/privacy.

[–] ozoned@beehaw.org 26 points 1 year ago (3 children)

I stopped using Signal after they said no alternate clients, then got into crypto, then introduce a proprietary shim to their stack.

I plan on someday actually running my own Matrix server for myself and family, right now I'm on Matrix.org though. At this point I don't know how folks recommend Signal over Matrix. There are a lot of clients, so maybe the choice of clients is too confusing? IDK.

But anyone saying Matrix isn't easy enough for non-tech folks to understand, my sister, niece, even wife set up Element themselves on their phones without issue. My father and step-mother both use Element with us. I configured it but they know how to message and do video chat and things.

[–] jackattackson@lemm.ee 8 points 1 year ago (1 children)

Thanks for sharing! I really want to get my family on Matrix now.

We have not been able to find a solid chat/video call app that the entire family (various ages and tech aptitude) can effectively use. We've been bouncing around to various apps since COVID lockdowns started. We had been using Slack for a while but the video calling in Slack is unusable now.

[–] ozoned@beehaw.org 3 points 1 year ago

We do voice and video chat every week with my family and it seems to work incredibly well. No real issues with any of it.

[–] dismalnow@kbin.social 4 points 1 year ago* (last edited 1 year ago) (1 children)

̷W̷̶̷h̷̶̷i̷̶̷l̷̶̷e̷̶̷ ̷̶̷F̷̶̷r̷̶̷a̷̶̷n̷̶̷c̷̶̷e̷̶̷ ̷̶̷i̷̶̷s̷̶̷n̷̶̷'̷̶̷t̷̶̷ ̷̶̷a̷̶̷ ̷̶̷p̷̶̷a̷̶̷r̷̶̷t̷̶̷ ̷̶̷o̷̶̷f̷̶̷ ̷̶̷F̷̶̷V̷̶̷E̷̶̷Y̷̶̷ ̷̶̷"̷̶̷t̷̶̷h̷̶̷e̷̶̷ ̷̶̷f̷̶̷i̷̶̷v̷̶̷e̷̶̷ ̷̶̷e̷̶̷y̷̶̷e̷̶̷s̷̶̷ ̷̶̷a̷̶̷l̷̶̷l̷̶̷i̷̶̷a̷̶̷n̷̶̷c̷̶̷e̷̶̷"̷̶̷,̷̶̷ ̷̶̷i̷̶̷t̷̶̷ ̷̶̷i̷̶̷s̷̶̷ ̷̶̷e̷̶̷x̷̶̷t̷̶̷r̷̶̷e̷̶̷m̷̶̷e̷̶̷l̷̶̷y̷̶̷ ̷̶̷l̷̶̷i̷̶̷k̷̶̷e̷̶̷l̷̶̷y̷̶̷ ̷̶̷t̷̶̷h̷̶̷a̷̶̷t̷̶̷ ̷̶̷i̷̶̷t̷̶̷ ̷̶̷i̷̶̷s̷̶̷ ̷̶̷c̷̶̷o̷̶̷m̷̶̷p̷̶̷r̷̶̷o̷̶̷m̷̶̷i̷̶̷s̷̶̷e̷̶̷d̷̶̷ ̷̶̷b̷̶̷e̷̶̷c̷̶̷a̷̶̷u̷̶̷s̷̶̷e̷̶̷ ̷̶̷M̷̶̷a̷̶̷t̷̶̷r̷̶̷i̷̶̷x̷̶̷ ̷̶̷w̷̶̷a̷̶̷s̷̶̷ ̷̶̷c̷̶̷r̷̶̷e̷̶̷a̷̶̷t̷̶̷e̷̶̷d̷̶̷ ̷̶̷b̷̶̷y̷̶̷ ̷̶̷t̷̶̷h̷̶̷e̷̶̷ ̷̶̷F̷̶̷r̷̶̷e̷̶̷n̷̶̷c̷̶̷h̷̶̷ ̷̶̷g̷̶̷o̷̶̷v̷̶̷e̷̶̷r̷̶̷n̷̶̷m̷̶̷e̷̶̷n̷̶̷t̷̶̷ ̷̶̷i̷̶̷n̷̶̷ ̷̶̷2̷̶̷0̷̶̷1̷̶̷8̷̶̷.̷̶̷ ̷̶̷ ̷̶̷

Keep in mind that op's foia request is from 2021.

Edit - I'm misremembering. Disregard.

https://en.wikipedia.org/wiki/Matrix_(protocol)

The initial project was created inside Amdocs, while building a chat tool called "Amdocs Unified Communications",[4] by Matthew Hodgson and Amandine Le Pape [fr]. Amdocs then funded most of the development work from 2014 to October 2017.[5] Matrix was the winner of the Innovation award at WebRTC 2014 Conference & Expo,[6] and of the "Best in Show" award at WebRTC World in 2015.[7]

[–] space@beehaw.org 16 points 1 year ago (1 children)

Fact check: the French govt did not create Matrix.

Matrix is an open protocol created in 2014, for an Israel-based private company.

In 2018 the french govt decided to use a verson of that protocol in their own chatting network.

[–] dismalnow@kbin.social 1 points 1 year ago

Thanks, and apologies. I've edited out my idiocy. Misremembered, and was thinking of something else.

[–] Liz@midwest.social 1 points 1 year ago

I stopped using signal when it was clear they don't know what they're doing with anything besides encryption and security. Literally every UI/UX change they made while I was using the app was a downgrade. When they decided to drop SMS, that was the last straw.

I just use google's messenger, which has encryption and SMS. Exactly what I want. Heck if I know what data is recoverable for governments and non-government hackers.

[–] adespoton@lemmy.ca 1 points 1 year ago

Well, there are a few leakage issues with Matrix, but there’s also the benefit that you can stand up your own server or use one based in a country you’re comfortable having access to your basic connection data.

So unlike Signal where the hashes are all stored in one place, with Matrix no single government has control over the entire network.

[–] scott@lem.free.as 1 points 1 year ago

Signal and Matrix both implement the same encryption protocol -- the double-ratchet algorithm from Whisper Systems.

[–] Sl00k@programming.dev 4 points 1 year ago

Also important to note it's been well known the CIA uses Matrix internally for communications. If they're using it for communication it's probably pretty sturdy.

[–] worfamerryman@beehaw.org 1 points 1 year ago (1 children)

I think it is because it is a bit nuanced. I used to host a matrix server and if the FBI was like hey, give us the data to something.

I’d just give them anything they wanted. I did not allow signups, I only gave access to one friend and only had it setup as a learning project.

I’m sure my friend wouldn’t do anything shady on it, I’ve been close friends with him for about 30 years. But I’m not going to fight the fbi on their behalf. Plus, if they were using the server for something that the fbi needed to get involved with, I’d be pissed they used my server to do it.

tl:dr anyone can host a matrix instance and each host could have different levels of access.

[–] 676@lemmy.ca 2 points 1 year ago (1 children)

The server shouldnt be seeing anything of value if you're end to end encrypted

[–] worfamerryman@beehaw.org 1 points 1 year ago

That is what I imagine as well. Either way, if they want files to try and decrypt then they can have them.