Here in the US, most people I know use iPhones and therefore, they use iMessage. I have mostly migrated to Signal, but I can’t convince everyone to use it. I still have to communicate with them. Even though Apple touts the privacy and security of its products, would you trust iMessage for your texting and voice calls? It’s supposed to use E2EE. I just don’t know if it collects as much metadata as WhatsApp or as minimal as Signal or even in between. What do you guys think?
Yeah iMessage is a huge step up from SMS. It has several features that I use as well like check in. Unfortunately the E2EE by default is undercut a bit because it backs up to iCloud without ADP by default, which is not E2EE, although if you enable ADP or disable iCloud backups it solves the issue. That’s the main kicker though I reckon.
For calls, FaceTime is always E2EE although it lacks the contact key verification that iMessage has so you won’t be able to verify the keys.
1 Like
No, never.
Oh, I didn’t know about that. It’s good to know that security-wise, ADP can be used with iMessage.
Furthermore, is there a hardening guide out there? I’m thinking about disabling the option to send as an SMS. Should I send it with the phone number or Apple ID?
I’m still curious about the metadata, but I do realize that information isn’t public.
Why not?
iMessage can collect your data by definition. As per this article, getting it requires a 2703d court order. And yes they do hand it: Apple acknowledges tracking iMessage metadata and sharing it with law enforcement (Apple Insider)
Signal only stores when you last connected to the server, and when you registered the server. So always Signal. You’ll also get the nice benefit of more transparent security with the open source client.
If you want your client to actively protect your metadata like E2EE protects your message content, use Tor Onion Service based messengers like https://docs.cwtch.im/.