Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more

AndrewTateTrack1n2

Established Contributor
Regular Member
Joined
Jan 22, 2022
Threads
6
Post Replies
59
Status
away
Last seen
Not every secure messaging app is as safe as it would like us to think. And some are safer than others.


A recently disclosed FBI training document [dated January 7, 2021] shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about your usage of the apps.


The infographic shows details about iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp, and Wickr. All of them are messaging apps that promise end-to-end encryption for their users. And while the FBI document does not say this isn’t true, it reveals what type of information law enforcement will be able to unearth from each of the listed services.


Note: A pen register is an electronic tool that can be used to capture data regarding all telephone numbers that are dialed from a specific phone line. So if you see that mentioned below it refers to the FBI’s ability to find out who you have been communicating with.


iMessage
iMessage is Apple’s instant messaging service. It works across Macs, iPhones, and iPads. Using it on Android is hard because Apple uses a special end-to-end encryption system in iMessage that secures the messages from the device they’re sent on, through Apple’s servers, to the device receiving them. Because the messages are encrypted, the iMessage network is only usable by devices that know how to decrypt the messages. Here’s what the document says it can access for iMessage:
* Message content limited.
* Subpoena: Can render basic subscriber information.
* 18 USC §2703(d): Can render 25 days of iMessage lookups and from a target number.
* Pen Register: No capability.
* Search Warrant: Can render backups of a target device; if target uses iCloud backup, the encryption keys should also be
provided with content return. Can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud.
Line
Line is a freeware app for instant communications on electronic devices such as smartphones, tablets, and personal computers. In July 2016, Line Corporation turned on end-to-end encryption by default for all Line users, after it had earlier been available as an opt-in feature since October 2015. The document notes on Line:
* Message content limited.
* Suspect’s and/or victim’s registered information (profile image, display name, email address, phone number, LINE ID, date of
registration, etc.)

* Information on usage.

* Maximum of seven days’ worth of specified users’ text chats (Only when end-to-end encryption has not been elected and
applied and only when receiving an effective warrant; however, video, picture, files, location, phone call audio and other such
data will not be disclosed).


Signal
Signal is a cross-platform centralized encrypted instant messaging service. Users can send one-to-one and group messages, which can include files, voice notes, images and videos. Signal uses standard cellular telephone numbers as identifiers and secures all communications to other Signal users with end-to-end encryption. The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel. The document notes about Signal:
* No message content.
* Date and time a user registered.
* Last date of a user’s connectivity to the service.
This seems to be consistent with Signal’s claims.


Telegram
Telegram is a freeware, cross-platform, cloud-based instant messaging (IM) system. The service also provides end-to-end encrypted video calling, VoIP, file sharing and several other features. There are also two official Telegram web twin apps—WebK and WebZ—and numerous unofficial clients that make use of Telegram’s protocol. The FBI document says about Telegram:
* No message content.
* No contact information provided for law enforcement to pursue a court order. As per Telegram’s privacy statement, for
confirmed terrorist investigations, Telegram may disclose IP and phone number to relevant authorities.


Threema
Threema is an end-to-end encrypted mobile messaging app. Unlike other apps, it doesn’t require you to enter an email address or phone number to create an account. A user’s contacts and messages are stored locally, on each user’s device, instead of on the server. Likewise, your public keys reside on devices instead of the central servers. Threema uses the open-source library NaCl for encryption. The FBI document says it can access:
* No message content.
* Hash of phone number and email address, if provided by user.
* Push Token, if push service is used.
* Public Key
* Date (no time) of Threema ID creation.
* Date (no time) of last login.


Viber
Viber is a cross-platform messaging app that lets you send text messages, and make phone and video calls. Viber’s core features are secured with end-to-end encryption: calls, one-on-one messages, group messages, media sharing and secondary devices. This means that the encryption keys are stored only on the clients themselves and no one, not even Viber itself, has access to them. The FBI notes:
* No message content.
* Provides account (i.e. phone number)) registration data and IP address at time of creation.
* Message history: time, date, source number, and destination number.


WeChat
WeChat is a Chinese multi-purpose instant messaging, social media and mobile payment app. User activity on WeChat has been known to be analyzed, tracked and shared with Chinese authorities upon request as part of the mass surveillance network in China. WeChat uses symmetric AES encryption but does not use end-to-end encryption to encrypt users messages. The FBI has less access than the Chinese authorities and can access:
* No message content.
* Accepts account preservation letters and subpoenas, but cannot provide records for accounts created in China.
* For non-China accounts, they can provide basic information (name, phone number, email, IP address), which is retained for as
long as the account is active.


WhatsApp
WhatsApp, is an American, freeware, cross-platform centralized instant messaging and VoIP service owned by Meta Platforms.[ formerly FaceBook] It allows users to send text messages and voice messages, make voice and video calls, and share images, documents, user locations, and other content. WhatsApp’s end-to-end encryption is used when you message another person using WhatsApp Messenger. The FBI notes:
* Message content limited.
* Subpoena: Can render basic subscriber records.
* Court order: Subpoena return as well as information like blocked users.
* Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts.
* Pen register: Sent every 15 minutes, provides source and destination for each message.
* If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message
content.


Wickr
Wickr has developed several secure messaging apps based on different customer needs: Wickr Me, Wickr Pro, Wickr RAM, and Wickr Enterprise. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, including photos, videos, and file attachments. Wickr was founded in 2012 by a group of security experts and privacy advocates but was acquired by Amazon Web Services. The FBI notes:
* No message content.
* Date and time account created.
* Type of device(s) app installed on.
* Date of last use.
* Number of messages.
* Number of external IDs (email addresses and phone numbers) connected to the account, bot not to plaintext external IDs
themselves.
* Avatar image.
* Limited records of recent changes to account setting such as adding or suspending a device (does not include message
content or routing and delivery information).
* Wickr version number.


Conclusion
If there is one thing clear from the information in this document it’s that most, if not all, of your messages are safe from prying eyes in these apps, unless you’re using WeChat in China. Based on the descriptions, you can check out which apps are available on your favorite platform and which of the bullet points are relevant to you, to decide which app is a good choice for you.


The safest way however is to make sure the FBI doesn’t consider you a person of interest. In those cases even using a special encrypted device can pose some risks.
Stay safe, everyone!
 

DeadPrezi700

Established Contributor
Regular Member
Joined
May 14, 2022
Threads
10
Post Replies
58
Status
away
Last seen
Not every secure messaging app is as safe as it would like us to think. And some are safer than others.


A recently disclosed FBI training document [dated January 7, 2021] shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about your usage of the apps.


The infographic shows details about iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp, and Wickr. All of them are messaging apps that promise end-to-end encryption for their users. And while the FBI document does not say this isn’t true, it reveals what type of information law enforcement will be able to unearth from each of the listed services.


Note: A pen register is an electronic tool that can be used to capture data regarding all telephone numbers that are dialed from a specific phone line. So if you see that mentioned below it refers to the FBI’s ability to find out who you have been communicating with.


iMessage
iMessage is Apple’s instant messaging service. It works across Macs, iPhones, and iPads. Using it on Android is hard because Apple uses a special end-to-end encryption system in iMessage that secures the messages from the device they’re sent on, through Apple’s servers, to the device receiving them. Because the messages are encrypted, the iMessage network is only usable by devices that know how to decrypt the messages. Here’s what the document says it can access for iMessage:
* Message content limited.
* Subpoena: Can render basic subscriber information.
* 18 USC §2703(d): Can render 25 days of iMessage lookups and from a target number.
* Pen Register: No capability.
* Search Warrant: Can render backups of a target device; if target uses iCloud backup, the encryption keys should also be
provided with content return. Can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud.
Line
Line is a freeware app for instant communications on electronic devices such as smartphones, tablets, and personal computers. In July 2016, Line Corporation turned on end-to-end encryption by default for all Line users, after it had earlier been available as an opt-in feature since October 2015. The document notes on Line:
* Message content limited.
* Suspect’s and/or victim’s registered information (profile image, display name, email address, phone number, LINE ID, date of
registration, etc.)

* Information on usage.

* Maximum of seven days’ worth of specified users’ text chats (Only when end-to-end encryption has not been elected and
applied and only when receiving an effective warrant; however, video, picture, files, location, phone call audio and other such
data will not be disclosed).


Signal
Signal is a cross-platform centralized encrypted instant messaging service. Users can send one-to-one and group messages, which can include files, voice notes, images and videos. Signal uses standard cellular telephone numbers as identifiers and secures all communications to other Signal users with end-to-end encryption. The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel. The document notes about Signal:
* No message content.
* Date and time a user registered.
* Last date of a user’s connectivity to the service.
This seems to be consistent with Signal’s claims.


Telegram
Telegram is a freeware, cross-platform, cloud-based instant messaging (IM) system. The service also provides end-to-end encrypted video calling, VoIP, file sharing and several other features. There are also two official Telegram web twin apps—WebK and WebZ—and numerous unofficial clients that make use of Telegram’s protocol. The FBI document says about Telegram:
* No message content.
* No contact information provided for law enforcement to pursue a court order. As per Telegram’s privacy statement, for
confirmed terrorist investigations, Telegram may disclose IP and phone number to relevant authorities.


Threema
Threema is an end-to-end encrypted mobile messaging app. Unlike other apps, it doesn’t require you to enter an email address or phone number to create an account. A user’s contacts and messages are stored locally, on each user’s device, instead of on the server. Likewise, your public keys reside on devices instead of the central servers. Threema uses the open-source library NaCl for encryption. The FBI document says it can access:
* No message content.
* Hash of phone number and email address, if provided by user.
* Push Token, if push service is used.
* Public Key
* Date (no time) of Threema ID creation.
* Date (no time) of last login.


Viber
Viber is a cross-platform messaging app that lets you send text messages, and make phone and video calls. Viber’s core features are secured with end-to-end encryption: calls, one-on-one messages, group messages, media sharing and secondary devices. This means that the encryption keys are stored only on the clients themselves and no one, not even Viber itself, has access to them. The FBI notes:
* No message content.
* Provides account (i.e. phone number)) registration data and IP address at time of creation.
* Message history: time, date, source number, and destination number.


WeChat
WeChat is a Chinese multi-purpose instant messaging, social media and mobile payment app. User activity on WeChat has been known to be analyzed, tracked and shared with Chinese authorities upon request as part of the mass surveillance network in China. WeChat uses symmetric AES encryption but does not use end-to-end encryption to encrypt users messages. The FBI has less access than the Chinese authorities and can access:
* No message content.
* Accepts account preservation letters and subpoenas, but cannot provide records for accounts created in China.
* For non-China accounts, they can provide basic information (name, phone number, email, IP address), which is retained for as
long as the account is active.


WhatsApp
WhatsApp, is an American, freeware, cross-platform centralized instant messaging and VoIP service owned by Meta Platforms.[ formerly FaceBook] It allows users to send text messages and voice messages, make voice and video calls, and share images, documents, user locations, and other content. WhatsApp’s end-to-end encryption is used when you message another person using WhatsApp Messenger. The FBI notes:
* Message content limited.
* Subpoena: Can render basic subscriber records.
* Court order: Subpoena return as well as information like blocked users.
* Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts.
* Pen register: Sent every 15 minutes, provides source and destination for each message.
* If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message
content.


Wickr
Wickr has developed several secure messaging apps based on different customer needs: Wickr Me, Wickr Pro, Wickr RAM, and Wickr Enterprise. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, including photos, videos, and file attachments. Wickr was founded in 2012 by a group of security experts and privacy advocates but was acquired by Amazon Web Services. The FBI notes:
* No message content.
* Date and time account created.
* Type of device(s) app installed on.
* Date of last use.
* Number of messages.
* Number of external IDs (email addresses and phone numbers) connected to the account, bot not to plaintext external IDs
themselves.
* Avatar image.
* Limited records of recent changes to account setting such as adding or suspending a device (does not include message
content or routing and delivery information).
* Wickr version number.


Conclusion
If there is one thing clear from the information in this document it’s that most, if not all, of your messages are safe from prying eyes in these apps, unless you’re using WeChat in China. Based on the descriptions, you can check out which apps are available on your favorite platform and which of the bullet points are relevant to you, to decide which app is a good choice for you.


The safest way however is to make sure the FBI doesn’t consider you a person of interest. In those cases even using a special encrypted device can pose some risks.
Stay safe, everyone!
Just remember with some of these, like wickr it could change at any time and we wouldn't know. Remember what happened with encrochat? Just because LE might not be able to intercept and read your messages, doesn't meant they can't find other ways into your phone. Remember what LE did when they got access to the Hansa servers? Don't let yourself get relaxed on your opsec.

Anything sensitive you should still be using PGP.
 

MoneyOnMeBroadie

Established Contributor
Regular Member
Joined
Jul 24, 2022
Threads
10
Post Replies
52
Status
away
Last seen
Just remember with some of these, like wickr it could change at any time and we wouldn't know. Remember what happened with encrochat? Just because LE might not be able to intercept and read your messages, doesn't meant they can't find other ways into your phone. Remember what LE did when they got access to the Hansa servers? Don't let yourself get relaxed on your opsec.

Anything sensitive you should still be using PGP.
how about the San Bernandino shooter and that whole dog and pony show between Apple and ISIS, I mean the FBI, and then some Israeli company ends up cracking his phone for them in like 3 weeks.
How is a private Israeli company able to crac a device our intelligence agencies,, most sophisticated the worlhd has ever seen, had already given up n
 

DeadPrezi700

Established Contributor
Regular Member
Joined
May 14, 2022
Threads
10
Post Replies
58
Status
away
Last seen
how about the San Bernandino shooter and that whole dog and pony show between Apple and ISIS, I mean the FBI, and then some Israeli company ends up cracking his phone for them in like 3 weeks.
How is a private Israeli company able to crac a device our intelligence agencies,, most sophisticated the worlhd has ever seen, had already given up n
Maybe the "we give up" act was just that--an act. It's not implausible at all they would lie about this; it's certainly to their benefit if the American public thinks their gov can't hack their phones. Certainly they wanted to get that shooter but I'm sure targets MUCH bigger than that guy were watching intently to see what the FBI would admit to being capable of.
 

MoneyOnMeBroadie

Established Contributor
Regular Member
Joined
Jul 24, 2022
Threads
10
Post Replies
52
Status
away
Last seen
Maybe the "we give up" act was just that--an act. It's not implausible at all they would lie about this; it's certainly to their benefit if the American public thinks their gov can't hack their phones. Certainly they wanted to get that shooter but I'm sure targets MUCH bigger than that guy were watching intently to see what the FBI would admit to being capable of.
yeah fo sho, thats pretty much what I was getting at, I didnt really put a fine enough point on it though.
 

AndrewTateTrack1n2

Established Contributor
Regular Member
Joined
Jan 22, 2022
Threads
6
Post Replies
59
Status
away
Last seen
how about the San Bernandino shooter and that whole dog and pony show between Apple and ISIS, I mean the FBI, and then some Israeli company ends up cracking his phone for them in like 3 weeks.
How is a private Israeli company able to crac a device our intelligence agencies,, most sophisticated the worlhd has ever seen, had already given up n
Actually, the Israeli company that the FBI worked with, already had the tools and cracks available. The problem is that the FBI didn't want to make a 'DEAL' with an outside source, and wanted to crack the phone on their own. This is why it actually took 3 weeks to unlock. However, after the FBI negotiated with Isriali company, the phone was cracked in a matter of hours.
 

AndrewTateTrack1n2

Established Contributor
Regular Member
Joined
Jan 22, 2022
Threads
6
Post Replies
59
Status
away
Last seen
how about the San Bernandino shooter and that whole dog and pony show between Apple and ISIS, I mean the FBI, and then some Israeli company ends up cracking his phone for them in like 3 weeks.
How is a private Israeli company able to crac a device our intelligence agencies,, most sophisticated the worlhd has ever seen, had already given up n
Not totally sure what this means as your grammer sucks. But, Israel has the most incentive in all the world to be the best at cyber attacks due to being surrounded by islamic states that want israel destroyed. On top of that, Jews are the smartest race in the world, and Israel has the best coders/hackers in the world. Russia and china aren't shit compared to Israel hackers. The U.S.A is a distant second behind Israel.
 

PaulieDumps

Established Contributor
Regular Member
Joined
Feb 18, 2022
Threads
6
Post Replies
43
Status
away
Last seen
crazy how people still use wickr
 

BREADGANG

Established Contributor
Regular Member
Joined
Aug 9, 2022
Threads
9
Post Replies
68
Status
online
Last seen
Just remember with some of these, like wickr it could change at any time and we wouldn't know. Remember what happened with encrochat? Just because LE might not be able to intercept and read your messages, doesn't meant they can't find other ways into your phone. Remember what LE did when they got access to the Hansa servers? Don't let yourself get relaxed on your opsec.

Anything sensitive you should still be using PGP.
From your lips to God's ears. Put another way.... "You snooze, you lose." Relaxing your state of vigilance could be fatal. PGP for the win!
 

AndrewTateTrack1n2

Established Contributor
Regular Member
Joined
Jan 22, 2022
Threads
6
Post Replies
59
Status
away
Last seen
Just remember with some of these, like wickr it could change at any time and we wouldn't know. Remember what happened with encrochat? Just because LE might not be able to intercept and read your messages, doesn't meant they can't find other ways into your phone. Remember what LE did when they got access to the Hansa servers? Don't let yourself get relaxed on your opsec.

Anything sensitive you should still be using PGP.
PGP isnt as great as you'd think,
 

BREADGANG

Established Contributor
Regular Member
Joined
Aug 9, 2022
Threads
9
Post Replies
68
Status
online
Last seen
If you're using a 4096 bit key, and manually encrypting. It's your best option.
^^^^
generally a true statement, excluding the caviats that I outlined below
 

AndrewTateTrack1n2

Established Contributor
Regular Member
Joined
Jan 22, 2022
Threads
6
Post Replies
59
Status
away
Last seen
^^^^
generally a true statement, excluding the caviats that I outlined below
PGP has no forward secrecy. If your key is compromised, every piece of data that has ever been encrypted with it can be decrypted. Encrypted IM services such as Signal/Session/Threema, OTOH, *do* have forward secrecy. This means that if your private keys are compromised, none of the conversations you have had in the past can be decrypted - only ones going forward from the date that the key is compromised.
 

AndrewTateTrack1n2

Established Contributor
Regular Member
Joined
Jan 22, 2022
Threads
6
Post Replies
59
Status
away
Last seen
Nothing is perfect. PGP and encrypted im services both have their pros and cons. Again though like it said above, just because they can't intercept your messages doesn't meant they can't find other ways to read your shit. (Encrochat)
^^^^
generally a true statement, excluding the caviats that I outlined below
 

PaulieDumps

Established Contributor
Regular Member
Joined
Feb 18, 2022
Threads
6
Post Replies
43
Status
away
Last seen
Nothing is perfect. PGP and encrypted im services both have their pros and cons. Again though like it said above, just because they can't intercept your messages doesn't meant they can't find other ways to read your shit. (Encrochat)
If you are a target and they are tapping your device, they can intercept virtually anything. Doesn't matter.
 

BREADGANG

Established Contributor
Regular Member
Joined
Aug 9, 2022
Threads
9
Post Replies
68
Status
online
Last seen
Elaborate, because there are flaws in everything
>many pgp clients i am 100000% sure are riddled with buffer overflow and other exploits that allow for code exec when decrypting files or maybe even messages
>if you have direct access to RAM compromised you are as good as fucked when it comes to making keys and encrypting messages
>etc
>etc
so nothing is bulletproof
but there are a lot of really highly bullet resistent options out there for people who need protection
at the end of the day, it is all about what you are worth and who it is worth it to.
 

PaulieDumps

Established Contributor
Regular Member
Joined
Feb 18, 2022
Threads
6
Post Replies
43
Status
away
Last seen
>Don't let yourself get relaxed on your opsec.

>Anything sensitive you should still be using PGP.

FUCKING PREACH BRO mygod
 

AndrewTateTrack1n2

Established Contributor
Regular Member
Joined
Jan 22, 2022
Threads
6
Post Replies
59
Status
away
Last seen
Notice everyone how the concept of end-to-end encryption has been bastardized by these services. Ask an iphone user how e2e works and they will tell you that the iphone encrypts the message for them before sending it out through imessage. The idea that they could encrypt a message themselves and then copy/paste it into imessage is not even fathomable because their concept of e2e has been polluted from its inception.
 

BloodyWave

Established Contributor
Regular Member
Joined
Feb 3, 2022
Threads
9
Post Replies
35
Status
away
Last seen
Notice everyone how the concept of end-to-end encryption has been bastardized by these services. Ask an iphone user how e2e works and they will tell you that the iphone encrypts the message for them before sending it out through imessage. The idea that they could encrypt a message themselves and then copy/paste it into imessage is not even fathomable because their concept of e2e has been polluted from its inception.
Struth! These are just the latest in a long parade of people and companies pushing dubious ideas. First we had Hushmail, then Protonmail, then Tutanota, and gawd knows how many others; now we have all these companies only this time, they're using a grossly-insecure platform (smartphones) instead of a desktop/laptop.
 

BigBagzz

Established Contributor
Regular Member
Joined
May 6, 2022
Threads
6
Post Replies
29
Status
away
Last seen
Pure B.S.
All Apps are designed as a Mouse Trap.
Shazam was invented to detect your voice, anywhere,
to know where you are, even if you change phones daily.
even if you steal phones to random people on the street, and talk for just 1 second.
like GTA when you have 5 stars *****,
they will use the mouse trap to hunt you down.
does Not matter who is right and who is wrong.
is just about Power, control, fear, lies & manipulation.
Not about Freedom or Truth,
Freedom is dead.
Truth died long ago.
Trust No One.
 

Users who are viewing this thread

Top