FBI document shows what data can be obtained from encrypted messaging apps

Related thread about the same document from a month ago (November 30th) with 450+ comments : <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=29396643" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=29396643</a>

This document is classified U&#x2F;&#x2F;FOUO (unclassified&#x2F;&#x2F;for official use only). The actual abilities of the FBI&#x2F;NSA and like agencies are surely classified to some higher level.

Messages are decrypted when you read them.<p>It&#x27;s reasonable to believe that at any point in time Root exploits exist for both iOS and Android.<p>It&#x27;s viable that the FBI or someone they cooperate with has such exploits from time to time (which doesn&#x27;t mean they are reliable, or cheap to use).<p>If you root-hack a phone you can easily get all messages the user sees after you hacked it.<p>Even without root hacking you might get some, in some circumstances.<p>EDIT: I should have read the article first, it&#x27;s more about what content they get <i>without</i> hacking.

I&#x27;m skeptical of the accuracy of this document. Telegram is by default unencrypted and virtually public. Yet this document says the FBI can&#x27;t get any message content?

I worked long enough in telecom industry to know that there is no way for regulators to leave major communication platforms without some sort of surveillance. They can&#x27;t sleep without it, and they don&#x27;t take &quot;Oh! sorry it&#x27;s encrypted&quot; as an answer.<p>I don&#x27;t buy this. Maybe it&#x27;s true about FBI, but other agencies have the keys for right or wrong reasons.

18 U.S. Code § 2703 - Required disclosure of customer communications or records - Contents of Wire or Electronic Communications in Electronic Storage.<p>&quot;can render 25 days of iMessage lookups and from a target number.&quot;<p>I thought iMessage was E2EE and with all the iJunk turned off this isn&#x27;t possible?

Since you do not [most likely] have root access to your phone, you cannot directly examine what Apple&#x2F;Google has installed on _your specific_ phone. Any of these applications could have its memory examined transparently if the operating system is evil.

Previously discussed: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=29396643" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=29396643</a>

What are the obstacles with current technology to use OTP encryption technology. As far as i know its unbreakable. Of course you are limited to people you know in person, but that should be not an issue for people for who private communication is of most importance.

&quot;The service was acquired by video conferencing software maker Zoom in May 2020.&quot;<p>thats when i revoked all my keybase information.

Imagine how much of a threat to the current security and encryption model it would be if a remote desktop server was running quietly in the secure enclave. You likely would never be able to know it is running. What good is end to end messaging if you can be watched using the app?

is facebook messenger omitted because they dont have access to it?

I don&#x27;t think this document has anything contrary to existing knowledge, but it does emphasize another significant reason that WhatsApp is not a great choice for privacy despite the use of E2EE. They readily hand over substantially more metadata, and while this is less likely to be enough evidence to convict someone of anything it is more than enough to seriously compromise privacy.<p>&gt; <i>Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts.<p>&gt; </i>Pen register: Sent every 15 minutes, provides source and destination for each message.

From the top: &quot;FBIs ability to legally access...&quot;<p>Implying there are illegal ways to access?

This has been already posted at least five times

Signal FTW!

reaaallyyy!?!?! its simple. assume no privacy. someone is always watching.