All these comments about metadata not being useful are missing the point. Metadata is incredible valuable and sometimes just as valuable as the decrypted data itself. Knowing what sites a target visits, access patterns, changes in behavior: all this can be fed into ML algorithms to come up with fingerprints.
You don't need to be able decrypt the data in transit if you know the endpoints and can somehow compromise the endpoints at a later date. And that is way easier. Breaking encryption is hard and time consuming. Identifying a site a user regularly visits and exploiting that is more straightforward.
It honestly worries me that this is the top comment on hacker news. Not because it is wrong (it isn't) but because of all places that website filled with tech workers and experts in the full software stack, full of people that work on and exploit meta data, it still needs to be discussed how important metadata is.
If we can't convince people with their ear to the ground, how does one convince the general public. Especially since it isn't intuitive how metadata is useful. Though the analogy I typically use is a private investigator following you around. Can't hear your conversations, but can see everyone you talk to, where, and for how long.
The people who visit this website are the people who are paid to create and administer all of this technology. They're not only the last people you would be able to convince of something that would affect their livelihoods, but even the ones who do understand feel like it is part of their duty to deceive the less technically adept about the capabilities and dangers of the technology that they're surrounded with.
The comfortable upper middle-class are the most conservative elements of any society; they're providing the management and expertise to implement any dystopia that's coming. Beneath them are the tradespeople and unskilled laborers who choose between working or starving, and above them are morons.
Nobody who has spent more than a moment thinking about it fails to understand the dangers of metadata, they just don't think they it will be a problem for them. Hence the most common response is something about how their lives are boring, and how they have nothing to to hide. "Who cares if I'm at Starbucks at 2 o'clock?" Technologists know full well what they could do with that information, that's what they're paid to know, and they're who are going to be doing it, or they're going to have to find another job.
> The people who visit this website are the people who are paid to create and administer all of this technology.
Exactly, some falsely assume all technologists somehow share an enthusiasm for morality. Many of the most successful technologists I know simply work for the highest pay from military/intelligence contracts.
The term "hacker" in "hacker news" is too misleading, especially those of us who use the more RMS-esque definition of it. Petition to change to something more appropos.
I personally agree that the more RMS-esque or Steven Levy definition of "hacker" is a good idea. However, we must acknowledge that "hackers" is not never a homogeneous group, and even more so today. I know some greyhat hackers who do brilliant technical works that rightfully entitie them "hacker", but they have questionable ethics. Normally I use the generic definition from RFC 1392 as the compromise.
> hacker: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
Using this definition, calling this site "Hacker News" is not exactly accurate, but also not too far-off. I think this website is 40% "Silicon Valley & Startup" News, 40% "Hacker" News, and 20% misc.
To add to that, even if the word "hacker" has a malicious connotation, today, the meaning of the word is closer to "the one who knows his/her stuff well and enjoys breaking them down and creating new things".
One of my favourite sites is the IKEAhackers.net (no affiliation). That site truly shows what a "hacker" does, in the furiture domain, but still, decomposing, redesigning, reusing.
Exactly like the RFC 1392 (aka "Internet Users' Glossary") as you mention. There is a distinction to the word "cracker" which shows malicious intent (what our dear friends on EF + NSA are doing).
This piece of news should also be a reminder to ALL, that these agencies that "protect" us (irrespective of flag) cannot and should not be trusted with/for anything. Especially not with the truth.
we should made labels by hashing publicly registered semi-precise definitions, and maybe add markers to indicate how closely what we mean fits said registered definition of the label.
(I don't actually think this is what people should do, but I do think it might be a cool expirament.)
Your comment implies that working for military/intelligence is automatically immoral. Nothing could be further from the truth. Believing that freedom is "free" is highly delusional. This civilization that we have, and enjoy, almost entirely depends on having more, better, bigger guns than the "bad guys" (in fact, having more, better, bigger guns is the best way to ensure you don't have to use them).
What you do with the guns is a different issue, but there's clearly many nations worldwide that focus on defense but not offense (maybe not US, but probably Switzerland).
> They're not only the last people you would be able to convince of something that would affect their livelihoods
Working in Silicon Valley, I would not agree with saying that engineers in general are involved in this for any immoral reasons. (One of the few exceptions is ad tracking experts, who dig like pigs for truffles through PII.) The reasons are not knowing history (ie. Crypto AG pwnage), and just a lack of intellectual curiosity.
I'd like to comment on the importance of metadata analysis.
This is not well-known, but before the British were able to decrypt German WW2 traffic, they used very detailed radio traffic metadata analysis to map everything they needed to know about ground troops. (The architect of that was given US citizenship after the war and built the US' system, but on a global scale.)
Details of that were classified long after the war in both countries. And it was just metadata.
I think that conservative means "in support of a (certain kind of) status quo" in this case, rather than the American line-up of hot-button culture war issues. The upper middle-class wants stability, whatever it is, because of the structure of their income stream. That's why upper middle class people are basically centrists and don't want to rock the boat too much: they're doing very well in the boat, and rocking it will have them taking on water. Other folks have much less to lose (which we should all remember over the next month).
Why do these points not apply to the upper class? I would expect them to be at least as conservative as the upper middle class, and all of these arguments fail to distinguish the groups. But the claim is that the upper-middle class is more conservative than the upper class. That's... weird?
Example: Upper middle class wants to limit immigration since it hurts their salaries. Upper class wants more immigration to get cheap labor into the country.
All the political terms - left, right, conservative, progressive, liberal, etc have definitions which vary greatly from country-to-country, over time, and by which group is using them. Clinton and Biden are representatives from American's dominant liberal party and represent views which are left-of-center when you do the sane thing and define center as "median voter in the country being discussed" and not "my group of friends" or whatever time or place you're imagining.
You might as well say 'Bill Gates is very poor, by any reasonable standard' (because unlike the rich people of 2,000 years ago, he can't raise an army that rivals that of his home nation-state or the rich of the future who take vacations on the moon).
I think the parent means that both Clinton and Biden are establishment candidates. Neither of the are boat rockers like Bernie or Trump in 2016. I think the reality of Trump’s presidency is far more establishment than his original campaign but still.
Liberal & Conservative in the US usually have to do with what changes a person wants to make but Clinton, Romney, Obama, Biden, hell Bush are all literally conservative in the scope and amount.
I wish you would not refer to arguments that you disagree with as tropes, it's a thought terminating cliché. Clinton ran on "America is already great" and Biden is running on a "return to normality" ticket under which "nothing will fundamentally change." The Clintons were the center of the DLC, who assassinated the candidacy of Jessie Jackson to bring on an era in which the Democrats would "End Welfare As We Know It," sign the crime bill, and deregulate everything. Biden got into politics as a New England Dixiecrat, of the kind that was extremely popular around Boston when white children there were threatened with being exposed to black children in school. His VP is a prosecutor who bragged about jailing the parents of truant children. Both supported the Iraq War. Biden championed the crime bill that was passed under a Clinton administration.
Yes, they wouldn't be conservative for Saudi Arabia, but they would both continue to closely ally us with the Saudis and aid them in murdering Yemenis.
> center as "median voter in the country being discussed
Both Biden and Clinton, issue by issue, are well to the right of the median US citizen. It's pretty dishonest to restrict the people allowed to have their opinions considered to the people who thought that the distinction between Republican and Democratic administrations was important, when the argument being made is about whether both candidates are conservative. The median eligible voter is barely more likely to vote than not.
I disagree with your claim that Biden and Clinton are "well to the right of the median US citizen". They are clearly to the left in literally every assessment - whether in the actual elections or polling done by any reputable organization. You're imagining that "median US citizen" is somehow far left of "median US voter" and that's just not true.
Additionally, everything you listed is just exposition on your initial claim. Saying that you will "End Welfare As We Know It" sounds like a potentially wildly liberal plan - perhaps UBI, government-guaranteed employment, housing and healthcare or some other fundamental shift. The victims of crime are disproportionately the poor, people of color and people who are structurally disadvantaged so removing the threat of violent crime from their lives falls well within the standard goals of liberals (even if the actual implementation of the bill you're referencing had more mixed results).
I agree with the general sentiment, but Trump is a very poor yardstick for conservative political beliefs. Out of Reagan, both Bushes, McCain, Romney, and Trump, Trump is the clear outlier.
You're right that Trump is not necessarily representative of other Republicans. But I think the skew is actually the opposite direction of what you're saying. I think Trump is actually less likely to be favored by wealthy people vs say Bush.
Look at this polling of support of Bush vs Kerry by income level[1], as income rises support for Bush almost always rises, and support for Kerry almost always decreases.
I didn't mean to suggest anything about the directionality of the skew, just to mention he's not a classical conservative and there's likely some skew between supporting Trump and having conservative political leanings.
(On a side note, there's some smaller skew between voting Republican and having conservative political leanings. I'm conservative in fiscal policy, foreign policy, and favoring action at a local and state level, but liberal regarding most social policies, criminal justice reform, and environmental regulation. I think government enforced price transparency plus a German-style universal healthcare system via private insurance decoupled from employment is preferable to either a US model or a Canadian/UK-style single payer system. I've always registered as a Democrat.)
Your behavior is characteristic of a terrorist/pedophile/drug dealer. An automated computer system/bureaucracy, the workings of which are too complex for a human to intuit or critique, decides on the basis of this "fingerprint" that you should be dealt with. You are bombed by a drone / disparaged in authoritative media / shot by police along with your kids and dogs / have your possessions taken by force / have your life ruined for a few months. Nobody at any step of this process is individually culpable, and nobody can identify with any certainty the actions which initiated this process.
That seems more than just the dangers of metadata. That's more of the dangers of giving machines the authority to drop bombs with no human oversight at all. That same kind of problem could happen if the government wasn't spying on anything, or if the government was spying on content, not just metadata.
Humans follow orders which are given by humans on the basis of data which is analyzed by machines and interpreted by humans.
If the machine says "dude is terrorist based on XYZ" and the human cannot realistically verify all of that is factually correct (perhaps the subject's phone was lost as the subject walked by a mosque?), then it is much easier for the human to say "Data says this dude is terrorist" than it is to say "Data says this dude is terrorist, but the data is probably wrong and we shouldn't..."
The existence of the data itself is a threat against every subject the data includes, at a minimum.
I believe the core problem there is still making extreme decisions without proper evidence. This could happen if the government knows much less about you (e.g. just the info on your driver's license) or much more about you. That is, the problem in these specific examples is not the existence of the data, but rather the willingness to throw caution to the wind and operating on shaky foundations.
Human's have a threshold where their confidence in the accuracy of something will determine their willingness to participate or take action. The machines/algorithms/authority structures and so forth are in place in large part to provide that confidence.
The issue today is that the leadership (in many areas of life from business to military to government), who make the decision to kill/censor/interrupt business/etc or not, are saying "we have to follow the data" without having any understanding of what that really means.
Ultimately, this creates false confidence both in the decision-maker and those that are following their lead. I find it unlikely that there would be anywhere near the same willingness if the 'intelligence' many of these decisions were based on didn't seem as rich and unmistakably correct as it often does.
Of course, the practical effect here is that leadership gets to blame the algorithm/model/data instead of having to accept the blame themselves. If only those pesky engineers and nerds in the lab were better at the job we'd bomb less foreigners.
As is being talked about elsewhere the social and interest graphs that can be generated are the most important aspects.
I'll give you an analogy that might help. Let's say that a personal investigator is following you. They have a GPS tracker on you. They can see where you go, who you talk to, for how long, what you buy, etc. The only thing is that they don't know what you are talking to people about or exactly what you buy (but they know where you bought it from). Would you feel comfortable with this person following you around?
I'm assuming not, because I don't know anyone that has answered yes. It feels like an invasion of your personal space, right? They can still learn a lot about you and your habits by doing this, right? But all they've gathered is metadata on you. So why do you feel uncomfortable?
It's not that important what you talk about and what are you doing somewhere for who those systems are used. Just knowing who talk with, and where you're is extremely helpful to law-enforcement to triage from millions of people in the country, to something closer on the order of thousands of people of interest.
Goal of metadata investigation isn't to directly target you, most of the time. It's to put you in the bucket of interesting people, that government will pay attention to.
It's exactly the same as ads on the internet - they maybe classifying you as a person potentially interested in computer security because you're visiting tech crunch. Are all people visiting it interested in computer security? Of course not. But you're many orders of magnitude more likely to be interested in it, than a random person from the internet.
> Even by that account, the scale of collection brought to mind an evocative phrase from legal scholar Paul Ohm. Any information in sufficient volume, he wrote, amounted to a “database of ruin.” It held personal secrets that “if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm.” Nearly anyone in the developed world, he wrote, “can be linked to at least one fact in a computer database that an adversary could use for blackmail, discrimination, harassment, or financial or identity theft.” Revelations of “past conduct, health, or family shame,” for example, could cost a person their marriage, career, legal residence, or physical safety.
> Mere creation of such a database, especially in secret, profoundly changed the balance of power between government and governed. This was the Dark Mirror embodied, one side of the glass transparent and the other blacked out. If the power implications do not seem convincing, try inverting the relationship in your mind: What if a small group of citizens had secret access to the telephone logs and social networks of government officials? How might that privileged knowledge affect their power to shape events? How might their interactions change if they possessed the means to humiliate and destroy the careers of the persons in power? Capability matters, always, regardless of whether it is used. An unfired gun is no less lethal before it is drawn. And in fact, in history, capabilities do not go unused in the long term. Chekhov’s famous admonition to playwrights is apt not only in drama, but in the lived experience of humankind. The gun on display in the first act—nuclear warheads, weaponized disease, Orwellian cameras tracking faces on every street—must be fired in the last. The latent power of new inventions, no matter how repellent at first, does not lie forever dormant in government armories.
take a look at the history of the behavior of intelligence services through the 20th century and ask yourself how comfortable you are with this power being wielded by anybody.
Chekovs gun is a tool for better stories. It does not work in reality, because in the real world it is always a cost to doing things. And extreme action has extreme costs, so very seldom does any country do anything extreme. As an example, nobody has used a nuke in war since ww2.
What most people don't understand is that a targeted IP, with a stream size and a timestamp is enough to identify pretty every https page uniquely if it is accessible by a spider.
A headless chrome makes measurements of timings even easier these days. The order of how files are loaded, which file size e.g. jquery.123.min.js has, and where and when exactly in which order it is loaded from is very unique among all pages of a website.
I think that's more complicated than you realize. That list would be impossibly large to scrape and search, not to mention collisions and dynamic content problems.
>The order of how files are loaded
It's a good idea, but you don't know what files I have in my cache and when they expire, or what files my extensions are blocking. This'd only work in an ideal-case scenario.
An analogy I like is that they know you called a suicide hotline from a tall bridge in the middle of the night, but they don't know what you discussed.
I believe I read the same example in 2600 quarterly some years back, in which the metadata was described and scrutinized in greater detail. It was impactful enough at that time for me to recall even today.
In the lead-up to Australia's metadata retention legislation, some org posted the following examples. I found them reasonably effective at convincing normal people, but we failed to convince the decision-makers in Parliament:
- "What if your call logs indicated a 45-minute call to a suicide hotline made from a bridge. Do they need to hear exactly what was said?"
- "What if your call logs showed you receiving a call from a sexual health clinic, and that you then called a bunch of people in rapid succession. Do they need to hear exactly what was said?"
I think the lynchpin is not knowing. We don't know what all the data is used for or why it's taken. As long as we don't know we lack the ability to judge. We don't have the power to make a strong rhetorical argument without shared knowledge.
Colbert's white house correspondent's address covered it. Politicians don't talk about super depressing stuff like guantonomo bay and journalists have the courtesy to not try and find out.. We don't talk about data collection in any serious manner.
I think the weakness of data collection is when it gets in the average joe's way and it hasn't done that yet in a big way. The more we hammer home that it must facilitate movement through life and not hinder it, the better the middle ground will be.. maybe.
There is a requirement that both sides get really good at eviscerating lies and liars. Neither side of the fence wants fake data or betrayal.
> If we can't convince people with their ear to the ground, how does one convince the general public.
Convince them of what? Some of us don't believe the NSA are bad actors and and possibly we also believe they're doing their jobs and support them in that.
"The NSA" - who do you mean here? The org in its official function doing unofficial things without oversight? Or the individual working for the NSA spying on his ex-lover for blackmail material?
I mean, either you're saying "no one within the NSA has ever been a bad actor", or you're saying "the bad actions are acceptable collateral damage; no oversight needs to be applied to ensure the trade off between effectiveness and collateral damage is balanced", or you're saying "not ALL actors are bad" and leaving it at that.
And...none of those strikes me as a particular defensible position to take.
You're one of the people this [0] comment is talking about.
Also, how can you possibly believe that the NSA are not bad actors? Between trying to hobble encryption, spying on everything, and enabling bad individual actions, and having a horrible success rate [1], what is left to defend?
NSA's competence or success rate doesn't invalidate the need for such an organization. Individuals part of the organization that behave badly don't either. Other states have organizations like the NSA and in order for the USA to defend itself from them the USA also needs one. We don't question the need for a military because one lieutenant burns down a Vietnamese village, we demand justice and changes, but we continue to support the need for a military. That's my thought around the NSA. I support private companies protecting their customers by utilizing encryption and I support the NSA to do whatever they can to amass all the information they can when private companies fail. Why? Because our enemies are doing the same thing. A moral position that loses doesn't last, and for sure there are some moral positions I would stand by them even if it meant losing, but this one isn't one of them. Not for me anyway.
This comment doesn't stand up to any kind of scrutiny whatsoever.
One, handwaving institutional corrupt and violation of the constitution by claiming it's only a few "bad actors" ignores how high up that corruption emenates from. Two, it assumes that the violations are needed for national security, a claim which can easily be dissected by understanding what William Binney has told us about thinthread, just as an singular example in a vast sea of examples. Three, it's a strawman to jump to arguing that because other countries are doing this, we need the NSA too. Very few people are actually calling for the dismembership of the NSA, and in general want accountability and a return to constitutional surveillance. Four, implying the constitution is a "moral position that loses" is absolutely a machievellian, realpolitik, ends-justify-the-means policy position that we and the world have suffered enough consequences and blowback of.
Your entire argument revolves around using the safety as justification for violations of their mandate and oaths, when all the evidence points towards the truth being quite the opposite: the surveillance program has failed to be effective for safety, and not only that, that failure is largely due to this very kind of thinking in the first place! By being willing to undermine the constitution the NSA (et al intel agencies) inherently reduce long term security and safety in the US by allowing bad actors in all kinds of sectors the ability to abuse the data they get.
The totalitarian surveillance system is about control, not safety, always remember that!
"Go again and see not just the film and the play but read the text of Robert Bolt's wonderful play "Man For All Seasons", some of you must have seen it - where Sir Thomas Moore decides that he would rather die than lie or betray his faith and at one moment Moore is arguing with a particularly vicious witch-hunting prosecutor (a servant of the king and a hungry and ambitious man), and Moore says to this man "You'd break the law to punish the Devil, wouldn't you?" And the prosecutor, the witch hunter, says "Break it?" He said "I'd cut down every law in England if I could do that, if I could capture him." And Moore says "Yes you would wouldn't you? And then when you corner the Devil and the Devil turned round to meet you, where would you run for protection? All the laws of England having been cut down and flattened, who would protect you then?" - Christopher Hitchens
Just chiming in here: it’s almost all about the graph. If you have the graph, the content is almost irrelevant.
This is why Signal hiding the graph as best they can, using SGX, is incredibly important work. Say what you want about Secure Enclaves, we know of no better way to conceal social graphs.
Yes there is still potentially some metadata analysis that can be done at the server to coordinate IP addresses but we know signal doesn’t keep those logs because of their response to the sealed subpoena (which they successfully sued with the ACLU to unseal):
>...we know signal doesn’t keep those logs because of their response to the sealed subpoena ...
That doesn't prove that. If Signal was, say, a NSA project they would have to respond to such things in that way to protect the signal intelligence value of the metadata they were collecting for their primary mission.
After Crypto AG we know it is a bad idea to trust any particular entity. Something like Signal can only be trusted as much as can verified.
If you are not trusting the people that are running these things, then Signal is just another siloed messenger where the servers are controlled by a single entity. There are certainly worse but Signal is not special.
Signal has open clients with reproducible builds. We know that they are keeping their promises wrt what information is communicated with the backends. That's a step above the other options in common use, and in fact does make Signal special.
> Signal has open clients with reproducible builds.
Not really. First of all, there is only one Signal client allowed to connect to Signal’s servers. And in the real world, the vast majority of Signal uses are getting their APK for that app from the Google Play store (the Signal team has said that they prefer you to use the Play store as well, instead of direct-downloading an APK from their website which they offer only grudgingly). That means that a state-level actor could possibly carry out a targeted attack to replace the Signal app on a given person's phone with a malicious build.
Also, Signal’s reproducible build system requires a specific version of the Android development kit. It has been pointed out that a state-level actor could be sitting on vulnerabilities in that, and not in the Signal source code itself.
Both these attacks indicate a problem that doesn't have anything to do with using Signal. If the actor can replace apps on your specific phone, then you're pretty fucked no matter what app you use.
If the attack is on the android dev kit, but not on signal, then.. the attack isn't on Signal, it's on the dev kit. Unless Signal's using an unusual version of the dev kit, your risk exposure to this attack is equal to any other app that you would use instead of Signal.
> That means that a state-level actor could possibly carry out a targeted attack to replace the Signal app on a given person's phone with a malicious build.
No, they couldn't. They would need the Signal developers' key. Android requires app updates to be signed with the same key as the original app.
A state-level actor can get the Signal key either covertly or by simply marching into the Signal offices with either a warrant or (if that fails) guns. Now, whether that will actually happen is a secondary issue -- but I submit that you have a mistaken conception of what a "state-level actor" means in a threat model. The fact that Google Inc doesn't hold the necessary keys but Signal LLC does is not a meaningful distinction to a state-level actor.
That isn't to say "all crypto is hopeless", simply that you shouldn't consider Signal to be state-level actor proof.
Do you personally do that with every release (which happens every few weeks or so)? Do you know anyone who does that who is trustworthy? If not, it's a fairly useless form of protection.
That's all a smoke screen. Nobody is running an open client with a reproducible build, everybody is running whatever version is downloaded from their app store of choice.
Have you personally done that? Do you know of anyone who is doing that and publicly tracks said verification? It doesn't matter how trivial it would be to verify if nobody is actually doing the verification (not to mention you'd actually want many people doing it and publicly posting their verification, as well as you checking that your hash matches everyone else's before installing the APK -- and there is no automated setup for doing that on Android.)
I don't think any significant number of people do it. I don't use Signal specifically, but I don't even know that there is a way for me to actually do it and then track whether that matches the version the iOS app store loaded on my phone, at least not without jailbreaking the phone.
In contrast to Signal, Telegram doesn't end-to-end-encrypt messages by default (they get stored in plaintext on their servers), it also doesn't protect the social graph and even stores your contact list on their servers. Even WhatsApp is more secure than Telegram.
They are more or less the same thing if you are not trusting anyone. Both require you have to verify the key fingerprint for a particular contact (safety numbers) if you want effective end to end encryption. Both are silos. Telegram is better about distribution and can be gotten from places you might trust better (e.g. F-droid, Debian). Both have some sort of reproducible build thing going on. Both could get access to your connections to other users if they wanted where Signal also insists on access to everyone's phone number. Telegram works on desktop without also insisting you have the program running on your phone.
> Say what you want about Secure Enclaves, we know of no better way to conceal social graphs.
I'm not following. Secure Enclaves have nothing to do with protecting the social graph of Signal users. They're used to store the contact list (and other things) in the "cloud" in a safe way – things that weren't even shared / stored anywhere by Signal before Secure Value Recovery was introduced.
> Metadata is incredible valuable and sometimes just as valuable as the decrypted data itself.
Just adding an example for the people who don't see the value of metadata: WhatsApp is still a viable revenue source for Facebook even as they have no access to the text of the messages due to E2EE.
Knowing who talks to who, at what times, the type and approximate size of messages, the members of groups, and the contents of the phone book of every user gives enough information to keep their business model without exposing them to court orders asking for the plaintext (that's the reason they added E2EE to start with, there is no incentive to improve the service when they have a billion heads of cattle to milk).
> WhatsApp is still a viable revenue source for Facebook even as they have no access to the text of the messages due to E2EE.
A friendly reminder to everyone that even if the encryption that is used to send the messages in WhatsApp seems to be solid they upload your entire chat history as unencrypted dumps to the cloud.
Even if you turn it off your chats will still end up there as long as whoever you are chatting with doesn't also disable this.
I suppose the AFAIK (I do not use WhatsApp), it's Google backup services on Android. WhatsApp stores the local chat history unencrypted in the device and does not mark it as "do not backup", so the cloud sync service uploads it to the backup service. And Android does not encrypt this information.
For contrast, Signal does encrypt the local history and the backups (to the point that is a bit harder to backup the chat to outside in Android, you need to copy a randomly generate password manually to restore it. But it's a safe approach).
Additionally, WhatsApp heavily encourages storing backups in Google Drive as well, with semi-regular popups asking users to configure backups in GDrive and to set the backup interval, if not already done. Obviously this doesn't mean Facebook has the information and the straightforward interpretation is that it's the least involved way of creating backups without sending it all to facebook
My point is mostly aimed at people claiming WhatsApp is somehow very safe just because of the end-to-end encryption.
I'm saying end-to-end encryption is a really great idea and everyone should do that and still encouraging people to look beyond that and think about the entire threat model when deciding what is important for them.
> they have no access to the text of the messages due to E2EE.
Correction: they might not have access to the message text. It's entirely possible (if not plausible: FB doesn't exactly have a good track record) for FB to just self-MitM the E2EE and see everything that passes through their servers.
From their site:
> The verification process is optional for end-to-end encrypted chats, and only used to confirm that the messages and calls you send are end-to-end encrypted.
Even this process--which I'm sure very few people do--is fallible given the lack of authenticity: there's no way to confirm that the given keys are what's actually used for encryption.
Yes, this may come across as very "tinfoil-hat-y," but do you really trust FB to not be exploring every possible avenue to increase their data streams?
> It's entirely possible (if not plausible: FB doesn't exactly have a good track record) for FB to just self-MitM the E2EE and see everything that passes through their servers.
Why would they even need to MitM in transit when they control the endpoints? They can just analyze the raw text locally (in the app) and extract valuable information.
Knowing who talks to who, at what times, the type and approximate size of messages, the members of groups, and the contents of the phone book of every user gives enough information to keep their business model without exposing them to court orders asking for the plaintext
Similarly Google runs 8.8.8.8 so they know what services you use that aren’t HTTP that they don’t have bugged already.
> According to a former drone operator for the military’s Joint Special Operations Command (JSOC) who also worked with the NSA, the agency often identifies targets based on controversial metadata analysis and cell-phone tracking technologies. Rather than confirming a target’s identity with operatives or informants on the ground, the CIA or the U.S. military then orders a strike based on the activity and location of the mobile phone a person is believed to be using.
That's actually pretty good policing. They should apply that domestically for non-terrorist violent criminals. +1 they have my vote. (Obviously not on the "drop random bombs on them" part.)
In general, entities like the NSA need to treat metadata as important because that is often all they have. That is because most everything is encrypted these days. The NSA has known about the "going dark" problem for a long time now and this is the reaction.
So this situation can be considered a sort of a triumph. For most people metadata is no real threat to them. Generally it is already publicly known who your friends and family are and those are the people most interact with online. It is mostly valuable that no one else know what those interactions are even if they know when they occurred.
For the important instance of businesses the situation is much the same although sometimes there might be value in traffic analysis for larger businesses that have enough traffic to analyze.
I can't believe that anyone that was around here during the snowden stuff hitting the fan would even remotely say metadata isn't useful.
"Law enforcement agencies have claimed that metadata helps to eliminate suspects by revealing their networks and contacts. But there is no information regarding the use of metadata by government bodies that are not officially enforcement agencies within the meaning of the data retention laws."
Forget ML; just a queryable database where your analysts can plug in a known surveillance target and see who they're talking to has lots of value. (IIUC, that's Palantir's original core product, not anything in the ML space.)
Both you and these commenters are missing the point. They're not just collecting metadata. We know from the Snowden leaks that the NSA was able to decrypt most https traffic as well as most SSH and VPN traffic around 2013. Although protocol security has been beefed up a bit and many bugs have been weeded out since then, it's still naive to assume they've lost this capability.
You don't need to be able decrypt the data in transit if you know the endpoints and can somehow compromise the endpoints at a later date. And that is way easier. Breaking encryption is hard and time consuming. Identifying a site a user regularly visits and exploiting that is more straightforward.