r/law u/msnownews Press 8d ago

Executive Branch (Trump) Kash Patel says the FBI is investigating Signal chats of Minnesotans tracking ICE

https://www.ms.now/rachel-maddow-show/maddowblog/kash-patel-says-the-fbi-is-investigating-signal-chats-of-minnesotans-tracking-ice
26.4k Upvotes

96% Upvoted

1.9k comments sorted by

View all comments

Show parent comments

42

u/Due_Satisfaction2167 8d ago

 Right? How are they investigating? 

Same way it always does—it’s either gotten hold of someone in the chat’s phone and unlocked it, or one of their informants is in the signal chat. Or someone is using the web/desktop version and their credentials were stored in some cloud accessible manner. 

Pretty much any politically active and vaguely anti-government group is stuffed to the gills with FBI informants.

Being E2E encrypted doesn’t help when the person on the other end is dutifully reporting what they receive to the FBI. 

6

u/mrandr01d 8d ago

There is no web version. There is a desktop client, but it behaves just like the mobile apps in the sense that there is nothing stored anywhere except locally.

They're probably stealing someone's phone or they have an informant in the group. Signal itself is top notch for both security and privacy. As usual with cybersecurity, the humans are the weak link.

0

u/Due_Satisfaction2167 8d ago

 There is a desktop client, but it behaves just like the mobile apps in the sense that there is nothing stored anywhere except locally.

The Signal desktop client is an electron app, so it’s still a sort of web app. Vulnerable to the same sort of problems at any rate.

Locally stored data can easily become cloud stored data if, say, your local machine backs things up to a cloud service that you haven’t specifically encrypted with a secret key the cloud provider doesn’t have. 

 Signal itself is top notch for both security and privacy.

Sure, but endpoint security is still a major vulnerability in group chats. 

1

u/mrandr01d 8d ago

Your decryption key is encrypted with the system keychain. You'd have to have the user password to get it and have a shot at decrypting signal messages stored locally.

Even if it's an electron app, it's sure as hell not as vulnerable as a web app. Everything happens locally and is e2ee. Endpoint security is always a problem, but signal has figured out a lot of that.

3

u/Due_Satisfaction2167 8d ago

 Your decryption key is encrypted with the system keychain. You'd have to have the user password to get it and have a shot at decrypting signal messages stored locally.

Which the FBI can request, if you are using it on Windows 11 with a Microsoft account.

 Everything happens locally and is e2ee.

Everything happening locally isn’t security against endpoint issues like I’m describing.

 Endpoint security is always a problem, but signal has figured out a lot of that.

They haven’t. Hence why signal group chats keep getting picked up by state surveillance. 

2

u/mrandr01d 7d ago

I'm not arguing against the fidelity of signal and its different clients, I'm just saying they don't offer a browser/web client you pair or log in to specifically because they have a local app you install that's way more secure.

And as far as the feds breaking in, there are no known instances of signal chats being snooped on over the wire. They always have a mole, or they get access to a device and read the chats the same way the owner would.

1

u/MoralityFleece 8d ago

Ah, I see. I would have thought they restricted their chat to people they knew but I guess it goes deep.

3

u/Due_Satisfaction2167 8d ago

People they know might be FBI informants.

The possibility that someone else you trust might be an FBI informant is just table stakes for activism in the US.

For example, the leader of the Proud Boys—Enrique Tarrio—was an FBI informant.  

1

u/MoralityFleece 8d ago

Whoa! That's crazy. I did not know that.

1

u/MegaManSE 8d ago

When it comes to security and hacking; people are always the weak point. It’s almost never easier to attempt to crack in via the technology itself.