On Sat, 17 Sep 2022 21:31:03 -0700 (PDT), Chandie Bong <
chandle...@gmail.com> said:
[some quoted material snipped]
> Just set up a whatsapp group... phpBB is a pain in the ass to maintain,
> you'll not want to have to deal with the BS, and moderation is dumb. more
> secure, less chance of discovery. Whatsapp also allows for secure message
> deletion for folks that don't want things traced to them.
>
> You can even sign up without a phone number:
https://www.techbout.com/whatsapp-without-phone-number-sim-5365/
>
> still surprised at the use of FTP, Filezilla, and phpBB... it's 2023...
> use SFTP, secure messaging, and NO 'bulletin boards'...
Documents released to Rolling Stone and ProPublica appear to argue otherwise:
ProPublica
WhatsApp assures users that no one can see their messages — but the
company has an extensive monitoring operation and regularly shares
personal information with prosecutors.
by Peter Elkind, Jack Gillum and Craig Silverman
Sept. 7, 2021, 5 a.m. EDT
[snip]
WhatsApp user data, ProPublica has learned, helped prosecutors build a
high-profile case against a Treasury Department employee who leaked
confidential documents to BuzzFeed News that exposed how dirty money
flows through U.S. banks.
http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion/article/how-facebook-undermines-privacy-protections-for-its-2-billion-whatsapp-users
Rolling Stone
FBI Document Says the Feds Can Get Your WhatsApp Data -- in Real Time
A previously unreported FBI document obtained by Rolling Stone reveals
that "private" messaging apps WhatsApp and iMessage are deeply
vulnerable to law-enforcement searches
By Andy Kroll - November 29, 2021
WASHINGTON -- As Apple and WhatsApp have built themselves into
multibillion- dollar behemoths, they've done it while preaching the
importance of privacy, especially when it comes to secure messaging.
But in a previously unreported FBI document obtained by Rolling Stone,
the bureau claims that it's particularly easy to harvest data from
Facebook's WhatsApp and Apple's iMessage services, as long as the
FBI has a warrant or subpoena. Judging by this document, "the most
popular encrypted messaging apps iMessage and WhatsApp are also the most
permissive," according to Mallory Knodel, the chief technology officer
at the Center for Democracy and Technology.
Facebook's Mark Zuckerberg has articulated a "privacy-focused
vision" built around WhatsApp, the most popular messaging service in
the world. Apple CEO Tim Cook says privacy is a "basic human right" and
that Apple believes in "giving the user transparency and control," a
philosophy that extends to the company's wildly popular iMessage app.
For journalists, activists, and government critics who worry about
government mass surveillance and political retribution, secure messaging
tools can mean the difference between doing their work safely or facing
imminent danger.
While the FBI document raises no questions about the apps' abilities
to keep out hackers and snoops-for-hire, the paper does describe how
law-enforcement agencies have multiple legal pathways to extract
sensitive user data from the most popular secure messaging tools. The
document -- titled "Lawful Access" and prepared jointly by the bureau's
Science and Technology Branch and Operational Technology Division --
offers a window into the FBI's ability to legally obtain vast amounts of
data from the world's most popular messaging apps, many of which hype
the security and encryption of their services.
The document, dated Jan. 7, 2021, is an internal FBI guide to what kinds
of data state and federal law-enforcement agencies can request from
nine of the largest messaging apps. Legal experts and technologists
who reviewed the FBI document say that it's rare to get such detailed
information from the government's point-of-view about law enforcement's
access to messaging services. "I follow this stuff fairly closely and
work on these issues," says Andrew Crocker, a senior staff attorney on
the Electronic Frontier Foundation's civil-liberties team. "I don't
think I've seen this information laid out quite this way, certainly not
from the law-enforcement perspective."
After the Cambridge Analytica controversy, when news outlets revealed
that personal data from more than 50 million Facebook users was
harvested without their permission to create psychological profiles of
American voters, Zuckerberg sought to rebrand the social media giant
as a tech company built around privacy. Facebook intended to make
that vision a reality largely through the design choices it made with
WhatsApp, which it had acquired in 2014 for $19 billion. Today, WhatsApp
is the most popular messaging app in the world with more than 2 billion
users. "I believe the future of communication will increasingly shift to
private, encrypted services where people can be confident what they say
to each other stays secure and their messages and content won't stick
around forever," he wrote at the time. "This is the future I hope we
will help bring about."
In the view of the FBI, however, WhatsApp is a wellspring of private
user data. According to the FBI's "Lawful Access" document, WhatsApp
will provide more practically real-time information about a user and
their activities than nearly every other major secure messaging tool.
A subpoena will yield only basic subscriber information, the FBI
document says. Presented with a search warrant, WhatsApp will turn over
address-book contacts for a targeted user as well as other WhatsApp
users who have the targeted individual in their contacts, according to
the FBI.
But WhatsApp is unique in how quickly it can produce data to
law-enforcement agencies in response to a so-called pen register --
a surveillance request that captures the source and destination of
each message for a targeted individual. WhatsApp will produce certain
user metadata, though not actual message content, every 15 minutes in
response to a pen register, the FBI says. The FBI guide explains that
most messaging services do not or cannot do this and instead provide
data with a lag and not in anything close to real time: "Return data
provided by the companies listed below, with the exception of WhatsApp,
are actually logs of latent data that are provided to law enforcement
in a non-real-time manner and may impact investigations due to delivery
delays."
A WhatsApp spokeswoman confirmed the company's near-real-time responses
to a pen register. But the spokeswoman added that the FBI document
omits important context, such as that pen registers for WhatsApp do
not yield actual message content and only apply in a forward-looking,
not retroactive, manner. The spokeswoman said the company uses
end-to-end encryption for the content of users' messages, which means
law enforcement can't directly access that content, and has defended
that message encryption in courts around the world. "We carefully
review, validate, and respond to law- enforcement requests based on
applicable law, and are clear about this on our website and in regular
transparency reports," the spokeswoman said. The FBI document, she
added, "illustrates what we've been saying -- that law enforcement
doesn't need to break end-to-end encryption to successfully investigate
crimes."
Even without the ability to legally request message content from
WhatsApp, however, the metadata provided by WhatsApp to law enforcement
captures which users talk to one another, when they do it, and which
other users they have in their address book. The handing over of that
data can have serious consequences for people who seek truly secure and
anonymous messaging, such as journalists working with a confidential
source or activists who face government threats and punishment.
In 2017 and 2018, Buzzfeed News published a series of explosive stories
about former Trump campaign chairman Paul Manafort, the Russian embassy
in the U.S., and other high-profile figures that drew on a trove
of confidential documents from the Treasury Department's Financial
Crimes Enforcement Network, or FinCEN. In early 2020, a former senior
FinCEN adviser named Natalie Edwards pled guilty to leaking so-called
Suspicious Activity Reports to an unnamed reporter, and Edwards later
said she was a source for Buzzfeed's reporting. A judge later sentenced
Edwards to six months in prison. According to the FBI's criminal
complaint in the case and subsequent reporting, Edwards and a Buzzfeed
reporter exchanged hundreds of messages on WhatsApp, which they believed
to be a safe place to communicate. Instead, authorities would later use
those WhatsApp messages to make their case against Edwards.
"WhatsApp offering all of this information is devastating to a reporter
communicating with a confidential source," says Daniel Kahn Gillmor, a
senior staff technologist at the ACLU.
Experts stressed that the FBI guide isn't the full scope of law
enforcement's snooping powers. The document, for instance, doesn't
touch on what happens when police or federal agents gain access to a
person's physical device. "For probably all of these platforms, if law
enforcement gets its hands on somebody's device, no amount of end-to-end
encryption is going to protect the information on the device," Nathan
Freed Wessler, deputy director of the ACLU's Speech, Privacy, and
Technology Project, says.
The other tech giant that can be compelled by law enforcement to hand
over potentially large amounts of sensitive messaging data is Apple.
iMessage, Apple's text-message service, comes loaded on the iPhone and
is used by 1.3 billion people worldwide. According to the FBI's "Lawful
Access" guide, if served with a court order or a search warrant, Apple
must hand over basic subscriber information as well as 25 days' worth of
data about queries made in iMessage, such as what a targeted user looked
up in iMessage and also which other people searched for that targeted
user in the app. That doesn't include actual message content or whether
messages were exchanged between different users.
But the amount of data available to law enforcement is potentially far
greater -- greater even than the user data provided by WhatsApp -- if
a targeted user backs up their iMessage activity to iCloud, Apple's
online storage platform. If that's the case, the FBI document says, then
law enforcement can request back-ups of the target's device, including
actual messages sent and received in iMessage if they're backed up in
the cloud.
While Apple describes iCloud as an encrypted service, it comes with a
giant loophole. Apple holds an encryption key that can unlock user data
in iCloud, and so police departments or federal agencies can request
that key with a search warrant or a customer's consent to access certain
user data. "You're handing someone else the key to hold onto on your
behalf," says Mallory Knodel of the Center for Democracy and Technology.
"Apple has encrypted iCloud but they still have the keys, and as long as
they have the key, the FBI can ask for it."
An Apple spokesman declined to comment on the record and referred
Rolling Stone to Apple's legal-process guidelines, which describe the
kinds of data the company hands over to law enforcement under certain
circumstances.
Daniel Kahn Gillmor, the ACLU senior staff technologist, says Apple
has the ability to implement end-to-end encryption for iCloud.
But the company reportedly abandoned plans to do so after federal
law-enforcement agencies put pressure on Apple, saying fully encrypting
iCloud backups would interfere with the government's investigative
abilities. "For cloud-based backup providers, they could if they want to
lock themselves out of their users' data," Gillmor says. "iCloud has not
made that choice for iMessage backups."
There are several messaging apps listed in the FBI document for which
minimal data is available to law enforcement without the actual device
in hand. Signal will provide only the date and time someone signed up
for the app and when the user last logged into the app. Wickr will
give law enforcement data about the device using the app, when someone
created their account, and basic subscriber info, but not detailed
metadata, the FBI document says.
But the number of users on Signal and Wickr, while growing, pales in
comparison to WhatsApp and iMessage, which the FBI's own guide describes
as two of the most permissible secure-messaging apps in existence.
And that imbalance raises questions about the complaints from law-
enforcement agencies about secure and encrypted messaging apps
interfering with their ability to investigate crimes. Wessler of the
ACLU says the FBI's "Lawful Access" should act as a reality check
the next time police officers or FBI officials insist that encrypted
messaging hampers their work. "As we can see, [those complaints are]
completely overblown and not representative of how much information
they continue to have access to even from these encrypted communication
platforms," he says.
Property of the People, a Washington, D.C.-based nonprofit transparency
group, received the document via a Freedom of Information Act request
and shared it with Rolling Stone. "Privacy is essential to democracy,"
says Ryan Shapiro, Property of the People's executive director. "The
ease with which the FBI surveils our online data, mining the intimate
details of our daily lives, threatens us all and paves the way for
authoritarian rule."
https://www.rollingstone.com/politics/politics-features/whatsapp-imessage-facebook-apple-fbi-privacy-1261816/