Are messaging and phone services allowed to not offer goverment data request?

If it’s does such service exist?

Mostly asking for eu laws but anything would be interesting.

Chat logs, Call logs, email, username and phonenumber

As far as I understand as long as the service doesn’t store this information themselves it is allowed. If so can’t most of it be stored locally?

Many companies opt to give data to governments voluntarily, but either way none can deny a request sent by a court. So yes, the government will get all the data the companies have if they can prove their need in court (very low bar mind you).

Phone companies have direct link to governments. They might need to overcome some evidence hurdle if they want to use that data in court, but assume they know everything. VPNs might be worth looking.

Don’t use email to anything that requires anonymity or security. You can use services like SimpleLogin or Addy.io to hide your true email from big tech / data brokers / breach databases, but probably not the government.

For private communication, maybe SimpleX is your best option. No data required to open an account and no notifications sent through Google/Apple.

Signal requires a phone number and Matrix/Element requires an email. Sure you can use temp numbers and email, but that’s added potential points of failure. And I think both will use Google/Apple infrastructure for notifications. They might encrypt the contents, but the government can still have the timestamps on your messages. Unless both parties have custom Android OS without Play Services.

If you have a specific need, I’d go with SimpleX. If it’s for general avoidance of surveillance, I’d go with Signal, it’s more mainstream and it’s hard enough already to get people to use anything other than WhatsApp/iMessage.

Check The Best Privacy Tools, Services, and Ad-Free Recommendations - Privacy Guides

2 Likes

Thank you for the suggestion.

But you seem to suggest that best you can get is not being able to get traced to a person. The actual conversation itself cannot be hidden?

My other concern is, that you’d not be able to share these messaging accounts unless in person.

If you use a End to end encrypted messenger like simplex, signal, etc. your messages cannot be seen by anyone except the sender and the receiver.

Signal allows discovery by both usernames and phone number. So you can just ask someone to message you on your phone number or your username.

That is true for simplex as well since servers know your IP and they also see the message queues. Any threat model where the messaging network is your adversary, simplex, currently, is about the same as signal.

1 Like

I’m not sure about matrix requiring an email address , i guess it depends on the homeserver you sign up with

“Once again, Signal doesn’t have access to your messages; your calls; your chat list; your files and attachments; your stories; your groups; your contacts; your stickers; your profile name or avatar; your reactions; or even the animated GIFs you search for – and it’s impossible to turn over any data that we never had access to in the first place.”

What data does signal provide in case of a goverment request then?

They provide only these 2 things:

  1. Unix timestamps for when each account was created
  2. The date that each account last connected to the Signal service

Proved multiple times in court docs and unsealed subpoenas. Contrary to popular belief, they don’t provide the phone numbers. The phone numbers are actually supplied by the law enforcement to get the above 2 data about the phone number.

1 Like

Thank you. That this level of privacy is possible is awesome.

1 Like

Yes, projects like Tor, Signal, GrapheneOS, etc. have all worked really hard to make privacy commonplace and easy. Donate if you can!

1 Like

Can you use something else than google notifications, without installing a costum rom and a device that is not rooted?

Found this thread:

I’d advise thinking if this is something you actually need. The worst that can happen with Google/Apple notifications is that those companies can know is that someone (they can’t link it to you) received a notification.

Signal notifications currently do not show anything like who sent the message, who received the message, message content, etc. The way it works is this:

  1. Someone sends you a message
  2. It goes to Signal server
  3. Signal then sends a ping that contains instructions to ping a random ID to Google firebase.
  4. Whichever device has that random ID, and the device then connects to Signal server directly.

Here is Signal’s president clarifying this: Meredith Whittaker: "In Signal, push notifications simply act as a pin…" - Mastodon

This is the relevant code used for push notifications: Signal-Server/service/src/main/java/org/whispersystems/textsecuregcm/push/APNSender.java at 9573d9e38571f5a84cf24d1597cae014b94a39bd · signalapp/Signal-Server · GitHub

If you still want Signal notifications without Google/Apple servers and without an alternative OS like GrapheneOS, then you can look at Molly (https://molly.im/), which is a secure frontend for Signal that has independent notifications.

But in my opinion, most (99%) of people actually don’t have a high enough threat model that Apple/Google based notifications would hurt them.

Doing what Signal or other applications are doing is not enough.

The backend server should be sending decoy notification traffic to throw off threat actors observing traffic on the wire and then using timestamps to correlate conversations.

Google/Apple should also be sending decoy notifications to help mitigate this issue, but at the end of the day, it will still be a mitigation and not a real solution.

While this is not relevant for the absolute majority of people, it’s relevant to highly targeted individuals to whom Signal and other similar apps are recommended to keep them safe.

2 Likes

Correlation attacks are currently undefendable given the attacker has access to the entire or large-ish part of the network. If someone creates a perfect solution, I’d be the first to jump in. Otherwise it’s just a matter of large enough control and enough time.

No current solution that depends on a network can defend against correlation attacks by the network itself.

I agree they should solve for it, but it’s not at all an easy solution.

That doesn’t seem right to me. Are you sure about that? Do their servers keep a log of notifications? Signal doesn’t, I don’t why they would.

That’s why they get it from Google and Apple, not from Signal. Take a look at this:

Of course it’s different if SimpleX servers get NSA hacked.

Yes very sure. SimpleX servers can have both your IP (I think they partially solved it?) and keep logs (since SimpleX cannot actually test if each server is running clean code, no attestation available). Of course the answer from SimpleX is “use trusted nodes”, but what happens when most nodes are in places like US and Germany where owners can be forced to quietly make tracking changes through stuff like NSLs. The only guarantee should be technical or hard legal guarantees. Community moderation isn’t the best.

SimpleX is working to solve correlation attacks, here is the GitHub issue: [Feature]: Protection Against Correlation Attacks through a "Sync" button · Issue #3197 · simplex-chat/simplex-chat · GitHub

Here is also a recent message by the creator of tinfoilchat about how deanonymization may happen if someone controls the network: SimpleX vs. Cwtch, who is right? - #29 by maqp

It is also happened sometimes against more robust anonymity focused decentralized networks like Tor network, where malicious guard nodes, and control of sufficient exit nodes can help correlate. Network correlation will always be a problem until someone is able to make all traffic look the same, or absurdly actually random over long time. Exactly the same ball park as fingerprinting.

1 Like

I don’t actually think we’re disagreeing here. You’re saying that their servers are not safe from being compromised (well, nothing is, so…) and they currently have low safeguards to protect against compromised community servers, which users don’t use unless they manually add the anyway.
But baseline (hacking aside) is still no, SimpleX doesn’t keep logs and LE won’t get your logs by asking them for your data.

Is this wrong?

1 Like

Ah sorry then, my bad. Yes we agree, simplex by itself doesn’t log or anything, same as signal. Both are very respectable projects in that regard.

2 Likes