345
Nebraska Mom pleads guilty to abortion after Meta gives DMs to cops
(www.theregister.com)
This is a most excellent place for technology news and articles.
Important to note that police only sought the warrant after the women mentioned to them that they had talked on Facebook messenger about it.
Never talk to the police.
Also never trust a message is private unless you've at minimum encrypted it. Facebook, Twitter, reddit, even here.
Nothing here is private. At the very least, your messages are stored unencrypted on both the sending and receiving servers, and are completely readable to instance admins.
Yup. If it isn’t E2EE, don’t trust it.
If you’re on Apple, use iMessage or a reputable dedicated encrypted messaging app (not WhatsApp). If you’re on Android, likewise use a dedicated encrypted messaging app or make sure that you and your recipient are both using the same Google Jibe RCS implementation and have it on.
I don't fully trust Apple's claims because I feel they might have backdoors. I would trust only FOSS apps like Signal, Session, or Matrix.
Understandable to not trust a big corp. Apple does have a solid track record on encryption though and actively fighting against backdoors.
FOSS is generally the best choice though.
I'll trust them more if they are more transparent like Signal
https://signal.org/bigbrother/
They do have a transparency report they publish twice a year. The first one for 2022 should be out soon.
https://www.apple.com/legal/transparency/us.html
They also publish one for almost if not all countries they operate in.
It’s not as detailed as Signals but does detail all government requests they get.
As far as the encryption goes, keys are generated by the devices themselves and not Apple servers.
They also detail where the keys are stored for iCloud based on what protection you choose. https://support.apple.com/en-us/HT202303
And they’re fairly transparent on all the privacy features.
I wouldn’t trust them entirely if you’re a very high risk for breach like a journalist in hostile countries, but I also wouldn’t trust any off the shelf solution for that and would be running a heavily locked down privacy focused Android fork in that case.
The cross OS compatibility is an issue though and I use Signal for anyone on Android that I talk to.
Also if you don't trust either of the ends, it doesn't matter much if it is E2E.
Never trust a message is private unless you've at minimum end to end encrypted it and make sure both devices are not compromised.
Emphasis on "you've encrypted." If you don't have the keys its not safe. Imessage has great encryption but Apple will just hand over the keys if asked so its useless.
Apple doesn’t have the keys to it. That’s one of the major points of iMessage. Your keys are generated on device only. Apple can’t give what they don’t have. With the newer keychain stuff they’ve also made iCloud end to end encrypted as well, using keys generated on device, if you use advanced data security.
And if they would, they wouldn’t have gone to court over it when it was literal terrorists, the San Bernardino shooters a decade ago. They couldn’t turn over the keys to their iMessages because they didn’t have them and they went to court after they refused to put a back door in for the US government.
There’s a LOT to hate about Apple, but privacy so far hasn’t really been one of them. They’re pretty transparent about privacy features and how data is handled.
even if it's encrypted. if you don't want someone to find out about it.. don't talk about it online. you never know if the encryption really safes your ass in the worst case. there are cases where the police has deactivated or bypassed them without the user knowing about it.. or where they found the password.
here in germany the police hacked a server of a darknet drug market and deactivated the encryption and collected all the user passwords when you logged in. they collected data for almost a year and then screwed everyone over who used the service at that time.
never trust anyone or anything. if you want to keep a secret... don't post it online. even if it's encrypted.