
FBI used Signal app messages in leak investigation - yborg
http://www.chicagotribune.com/news/nationworld/politics/ct-ex-senate-staffer-charged-leak-investigation-20180607-story.html#nt=oft02a-1li3
======
dbrgn
"Unfortunately, our website is currently unavailable in most European
countries." -> Bravo, Switzerland is not in the EU.

~~~
mtgx
Try this: [https://archive.fo/PHbd3](https://archive.fo/PHbd3)

------
yborg
>"After the story published, Wolfe congratulated the reporter, using Signal,
stating “Good job!” and “I’m glad you got the scoop,” the indictment said."

It's not revealed how the message content was obtained, but this seems to
question the security of the application.

~~~
mtgx
This says the messages weren't obtained, though:

> The government did not obtain the content of any of Watkins's messages

It seems like they just got the metadata. Signal has been minimizing the
amount of data it _collects_ , but I think someone like the FBI could still
intercept metadata in transit. Moxie has talked before about how difficult it
is to anonymize metadata.:

[https://signal.org/blog/contact-discovery/](https://signal.org/blog/contact-
discovery/)

It doesn't help that Signal still doesn't support emails as usernames, but
just phone numbers, though.

I think if you want to report something shady to the media, you really ought
to use something based on Tor, like SecureDrop, OnionShare, stuff like that,
and even then you have to be super-careful about your opsec. The SecureDrop
developers seem to want to make that more foolproof with Qubes OS/Whonix
integration:

[https://securedrop.org/news/road-towards-integrated-
securedr...](https://securedrop.org/news/road-towards-integrated-securedrop-
workstation/)

