The Metadata Trap by Micah Lee

Journalists should also take steps to reduce the amount of information about their communication with sources that tech companies can access, and that ends up on their sources’ devices, by always using encrypted messaging apps instead of insecure text messages and always using the disappearing messages feature in those apps. They should also encourage their sources not to add them to the contacts in their phone, which might get synced to Google or Apple servers.

At the moment, Tor Browser is the best web browser for protecting user privacy.


It’s a long article and a bit scary on how easily anyone’s data could be accessed via what Goole and Apple and others know. There were also other parts that hit my eyes.

Between September 2013 and February 2014, according to the indictment, Hale and the journalist allegedly “had at least three encrypted conversations via Jabber,” a type of online chat service. It’s unclear where the government got this information; it could have been from internet surveillance, from the Jabber chat service provider, or from analyzing Hale’s computer. And as in the Winner and Albury cases, the FBI knew exactly which documents Hale had allegedly printed and when. Hale allegedly printed 32 documents, at least 17 of which were later published by the news organization “in whole or in part.”

You may know Jabber better as XMPP since 2003, but many use the words interchargeably and from context I find it unlikely that they mean CISCO Jabber or they could simply ask CISCO.

It’s not enough that these apps encrypt messages. They also need to do better at promptly deleting data that’s no longer needed. End-to-end encryption protects messages as they travel from one phone to another, but each phone still has a copy of the plain text of all these messages, leaving them vulnerable to physical device searches. Disappearing messages features are a great start, but they need to be improved. Users should have the option to automatically have all their chats disappear without having to remember to set disappearing messages each time they start a conversation, and they should be asked if they’d like to enable this when they first set up the app. And when all messages in a conversation disappear, all forensic traces that a conversation with that person happened should disappear too.

I think Keybase may be the best at this. When you are a team admin or in a direct chat with someone, you can set the message expiry time and if you set it to seven days or less, exploding messages are used and they also include forward secrecy. Why I say that Keybase is the best is that the message expiry also applies to older messages and not just the new ones. If you aren’t an admin, that is an open issue that I have opened.

Signal while having an option for disappearing messages, doesn’t have an option to remove older messages . Wire again does have the option to enforce message expiry time only for groups, with private chats both parties have to enable exploding messages by themselves and there is no message expiry time.

I wonder if there are issues to these clients about this or should I start opening them for others than Keybase too? Should we at PTIO start listing exploding messages and how do they work for apps?

Edit: I went and opened an issue for us.

By default, web browsers keep a detailed history of every webpage you ever visit. They should really stop doing this. Why not only retain a month of browser history by default, and allow power users to change a setting if they want more?

This is a good question, currently there are options to either remember history forever or remember history until closed. I wonder if there are issues about this already (do I spend too much time on issue trackers to ask that all the time?), but what would be the consequences? At least Riot is already randomly forgetting it’s keys, so maybe that would be pushing people towards Electron based apps more.

1 Like