Silk Road forums
Discussion => Security => Topic started by: 1mIcedout on April 05, 2013, 12:31 pm
-
There are a few interesting articles released recently about the DEA not being able to intercept iMessages sent from apple device to apple device.
Not that I would trust it but interesting.
-
Makes sense, since iMessage utilizes internet data to send its message.
So to get to your iMessages they would have to be able get access to your internet and everything you download/upload from your phone, Then figure out whats what i guess?
Theres a few different 'chat' apps that would work on the same concept I would say.
One that comes to mind is 'snapchat' send a picture message or whatever, and only allows the person to see it for a few seconds before deleting. and notifies the sender if a screenshot was taken etc.
Its more used for sending joke pictures to your mates, but I guess it could be used for anything else ;)
-
Stupidest shit in the world. I just read about the technical specifications and it looks like the only encryption used is TLS. That means the link up to apples server is encrypted. Could it stop the feds from wiretapping at the local level (ie: observing only your link to the server)? Maybe, if they can't MITM it anyway. But it is completely irrelevant because they can wiretap at apples servers. For one, Apple will immediately bend over backwards for the feds and allow them to tap anyone they want to , especially if the feds have a court order. And for two, we don't even know if Apple keeps logs indefinitely allowing the feds to retroactively tap into the communications. Essentially it is as secure as AIM, XMPP, IRC or any other instant message protocol that allows for TLS encrypted links.
So in short, either the feds complaining about not being able to tap this are fucking hopelessly retarded and should all be fired for being incompetent fuckwads, or they are cleverly trying to get idiots to think TLS links to major American corporation servers are enough to protect them from the feds. Most likely it is misinformation purposely released by the feds.
-
Yeah.. Im sure they could tap the apple servers..
But if they do not know the apple users account name where will they look ?
I dont know the first thing about all this. It just had me thinking.
If I had a different apple user name totally unassociated to me and my mobile phone number and used it to imessage from a separate dedicated device it would make it hard for them to have anywhere to even begin a tap.
Or at least it sounds as if its alot more difficult for them to intercept communications between two i devices by imessage than it is by way of text message thru a mobile service provider.
As the imessage does not get logged and or saved by the mobile service provider there is no record of the communication on their database.
This would have to be a more anonymous way of mobile instant messaging dont you think ?
The only record of the communication would be on the apple servers under a jacked, unassociated user name and the dedicated devices being used. Just a thought..
-
I wouldn't even begin to allow MY DOG to use apple products for anything remotely sensitive.
-
Yeah.. Im sure they could tap the apple servers..
But if they do not know the apple users account name where will they look ?
I dont know the first thing about all this. It just had me thinking.
If I had a different apple user name totally unassociated to me and my mobile phone number and used it to imessage from a separate dedicated device it would make it hard for them to have anywhere to even begin a tap.
That is what traffic analysis is for. They will use traffic analysis to trivially link your IP to apples server , from there they get the username associated with that IP address from apple, from there they intercept communications going through apples server in plaintext. It is a shitty solution and if you value your security at all you will just immediately stop thinking about using imessage to defeat the feds, lol. Get an XMPP client that supports OTR, run it on an android smart phone routed through Tor, and use OTR to client to client encrypt the messages. That is a solution the feds cannot get around. TLS to apples servers being the end of federal wiretaps is just a bad joke, obviously intentionally planted by the feds to get people thinking they are secure using a totally, entirely, fundamentally insecure solution.
-
Those articles just caught my eye and had me thinking about this subject. I dont have any intention of actually using the method. And its not that I send any overly incriminating messages as it is. But I do like my privacy and security and believe that if im messaging someone that the message should only be able to be read by that person.
I will do some reading on the solution you mention above now and try to get my head around it all.. Thanks again.
Also I dont really have to worry about the DEA as Im not in the US and I dont sell drugs.
-
DEA ATF FBI they can all do whatever they want.
When it comes down to it theyll threaten these execs in 100 diff ways financially
then not to mention possible jail time for whatever bullshit 'obstruction of investigation'
charge they dangle in front of you...Don't and dont even think about trusting the media, especially in America!
This should turn into a discussion about the best and most efficent way of communicating
obviously its not going to be a mainstream easy to use imessage, but its also not going to be tormail
for most drug users/buyers/sellers so there must be an app out there which is surprisingly well encrypted
that i can tell my friends about.
-
Im just going off what is said in the official DEA release.. Not any media shit talk
-
I saw something about the fbi saying they wanted to be able to listen in on every conversation but the end of the year. They didn't justify it at all just said other countries do it to their citizens so they should be able to as well
http://www.wired.co.uk/news/archive/2013-02/01/silk-road-crackdown
-
The (weak) Apple encryption only hinders pen registers and other real time intercepts permissible by court order or subpoena. If your case is interesting enough, they'll simply get a search warrant and read the content directly from Apple's servers as others have pointed out.
-
they use strong enough encryption, TLS, and pen registers are only for traffic analysis not payload interception. The issue is the encryption is only up to the server, it is not encrypted passing through their servers, and that is where the tap will take place.
-
Ahh didn't know iMessage used TLS--that's good to know if one uses it for communicating legit stuff--although any kind of encryption is going to nullify real time data collection by the po po.
I figured LE was having trouble with said traffic analysis and were pissed about having to get a search warrant in order to do basic electronic surveillance. Obviously iMessage is not "secure" from the authorities in any way as it only encrypts to the server and not end to end like you said. Too bad it doesn't quite frustrate them like Nextel's "chirp" back in the day lol.
-
PGP messages... even if they intercept they will still have to decrypt.