(no title)

Meta can also just lie about it. If they were secretly granting backdoor root access to some NSA spooks, like Microsoft did with PRISM or AT&T did with 641A, most likely no one would find out, so, there'd be zero actual downside to simply lying.

"'specific information request to government" == fully automated requests for literally everything all the time.

I think group messages would still be considered personal. It would only be messages you send to a business or in a group with a business that wouldn't be personal.

Meta works by identifying users, modelling their behavior, and then combining that data with third party sources (typically your financial activities) and then selling access to that data to third parties. Mostly for advertising.

When you use credit or debit cards your transactions and data related to it is collected and sold. When you apply for mortgages and close on a house all that information you put in there is collected and sold.

When you put your address in for the post office, when you apply for a drivers or fishing license... Your local governments collect that information and sell access to it.

Meta tries to then tie in your online and app/phone activity with your legal/financial identity it can obtain through partner data brokers.

This is Facebook's businesses model.

So, yes, this data is available to pretty much anybody that is willing to pay for it. Which includes governments.

None of this should be surprising to anybody at this point. Apple, Google, Microsoft, etc.. all of these companies will do this to greater or lesser extents nowadays since has worked out so well for Meta's bottom line.

And they are legally required to do this in most places

Yep. Learning to read legal is an invaluable modern skill.

De Morgan's transformations come in handy here :^)

it's well know they track

group messages and messages (metadata),

messages to business accounts (these they can read in full as the client send to a meta owned private key),

and who forwards media to who (deduplication and cdn)

and links (thanks to previews)

and it scans and uploads your contact list in full all the time.

I mean, i would be pretty shocked if meta refused to honour american search warrants/NSL.

The real question is where they draw the line, not if they do it ever.

Remember Snowden outlined the Google<>US government interface:

The US agency would type in the gmail address of the subject (ie the primary key/identifier) and somewhere between the agency and Google a decision would be automatically made as to whether the owner of the account was a US person* or not.

If yes - FISA warrant was required

If no - the US agency user would have immediate access to the entire google account (think Google Take Out).

In other words, if you were not a US person there was no duty to protect data.

* = US Person is either a US citizen located anywhere in the world or anyone of any nationality who is physically in the US (current interpretation includes visa holders, visitors and even undocumented but that's shifting)

Isn't it more likely that Meta has been infiltrated by Mossad, just as they no doubt have by other intelligence services and they use these insiders to exfiltrate location data on specific targets?

> building tools for governments to mass-export data based on their queries

While I can totally imagine that governments would mass-export data, and I don’t doubt your friends claim, I can also imagine more innocent interpretation of this work.

I once worked on a large company’s GDPR data-export project. It was a large enough company that it also had a dedicated team to handle legal requests regularly from government(s). GDPR exporting needs to work “at scale” for all accounts, without human-in-the-loop work, and without causing any load issues to running services. The same system also handled legal requests, where the legal team could get an export for a user (almost) identically to the process of a user getting their own data. The legal team had tools set up to work with warrants, subpoenas and similar (internationally) legal data requests from courts and law enforcement. It looks like a “mass export” system, because it was, but it wasn’t used in “bulk requests” from the legal system.

I think rdrd just missed that piece of the fine wordsmithing - so long as there's at least one person not included in that "some users", then "we don’t keep logs of who EVERYONE is messaging" is still true.

> Especially now that they are inserting ads.

I'm no apologist for Facebook, none of whose services I use. But get your facts straight. They are not 'inserting ads' in your chats, as you imply. AFAIK they are adding adds to the never-used 'Updates' tab.

Annoying from an ad perspective, no doubt. Vastly different from a are-they-MITMing-your-messages perspective.

In general, all your personal information stored with Google or Apple or any other American company is subject to getting requested by a court order. If you listen to any of the True Crime podcasts, you'll always hear how google searches and cell tower location are always presented in a trial as evidence. People here always think they are so smart saying

> Actualllly you can't prove that it was me who made that search query.

> Actualllly you can't prove that it was me who had that cellphone around that cell tower. Could have been anybody. I could have been hacked.

Judges always allow those evidence and jury always views it as incriminating. What makes more sense, that some unknown hacker hacked into your account and googled something about the thing you're here for, or that you actually just googled it yourself?

Definitely, but they don't have to contain any (plaintext) message content for encrypted messengers.

On Android, push notifications were always processed by the receiving app, so it can just decrypt a payload directly (or download new messages from the server and decrypt these); on iOS, this isn't as reliable (e.g. swiping the app out of the app switcher used to break it in several iOS versions), but "VoIP notifications" and the newer "message decryption extension" [1] are.

The same principle applies to Web Push – I believe end-to-end encryption is even mandatory there.

[1] https://developer.apple.com/documentation/usernotifications/...

Additionally the NSA has all Meta and WhatsApp servers directly tapped and can just harvest data, oops i mean 'meta data', that way. Then just pass that info to Israel when their internal systems get an alert on good intel.

IME, they're stored on device only. If you've ever moved phones this becomes painfully obvious unless you've setup backups to your personal Google Drive (native integration with app).

I'm not saying I believe their statement, but in principle they could be storing messages indexed by recipient and have the sender id be part of the encrypted content? Then you can drop messages in each user's inbox as they arrive, from which the user's app can read, but not have stored enough information to retroactively query "Show me everyone Alice has talked to"?

Yep, they confirm it here: https://faq.whatsapp.com/444002211197967/?locale=en_US

"This may include information about how some users interact with others on our service."

"We don't log whom Zuck is messaging, and therefore the statement 'we don't keep logs of who[m] everyone is messaging' is mathematically true!"