Facebook turns over mother and daughter’s chat history to police resulting in abortion charges ( www.theverge.com )

cross-posted from: lemmy.ml/post/1874605

A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.

nearhat ,

There is no presumption of privacy, especially when you’re the product.

MrFagtron9000 ,

Facebook doesn’t use e2e.

There is a private chat e2e feature, but then your chats don’t show up on PC.

octet33 ,

So either FB isn’t actually E2E, or their implementation is Twitter-grade broken.

redballooon ,

Who said facebooks private chat would be e2e?

boonhet ,

Facebook claims to have E2E chats, but not by default. Likely these people used the default, non E2E messages.

Not that I’d trust FACEBOOK with E2E anyway.

redballooon ,

WhatsApp claims e2e by default.

boonhet ,

Will all the chats be gone if you switch devices?

redballooon ,

If you restore from a backup on iOS, probably not. I’m not a WhatsApp user, but I don’t remember losing my Signal history.

Ghoelian ,

By default whatsapp makes unencrypted backups. You can enable encrypted backups, but then of course if you lose the password you can’t restore the backup.

ghariksforge ,

There is no way for these companies to say no to law enforcement. That is why you should stay away from corporate social media.

Technomancer ,

She aborted at 28 weeks. That’s nearly 6 and a half months pregnant. Most babies can survive outside the womb when they’re around 22 to 23 weeks. This was a baby, not some tiny fetus.

smegger ,

Perhaps this may be the case. But I'm sure she'd have got the abortion far earlier if not for these backwards laws against it

corsicanguppy ,

I was born decades ago and 2 months early; in the glass box for weeeeks to beat the 11% survival-at-all stats.

Having said that, IT’S STILL NOT FACEBOOK’S BUSINESS as a conveyor and not a filter.

Technomancer ,

You’re right, it’s not Facebook’s business, but this 17-year old and her mother chose to discuss a crime on Facebook’s platform. Facebook had a legal obligation to hand over those messages because they were served a valid warrant.

InternetTubes ,

Yeah, this really shouldn’t be a case people who support abortion rights should stand behind, but I think the focus is on how their chat history might have been compromised, although I´m not sure what people were expecting on that end either. The fediverse will also eventually have to deal with requests from law enforcement as well, too.

If you private message someone else on a web service, your entire conversation is saved on their servers. If you have an app on your phone, then it can be designed to store the messages locally.

The reason the investigation was started wasn’t because someone peaked in on it, it was because there was a buried dead baby.

fcuks ,

this is pretty disgusting even for Facebook

Solrac ,

This is right up their alley.

zzz ,

this is pretty disgusting even for Facebook

Not really. I mean, what did you expect from a company that’s responsible for manipulation of two major, major elections (one in the US and UK each) as well as a genocide in SEA?

And that’s just what’s known publicly.

patch1 ,

I thought messenger was end-to-end encrypted, at least according to Facebook. How were they able to hand over the chat logs? The messages should be encrypted with a key that is itself encrypted with user’s password, which Facebook doesn’t store.

What am I missing?

adibis ,

You’re missing the fact that they lied to get users

EddieTee77 ,

It’s not enabled by default

PrimaCora ,

And on the official app it isn’t called end to end encryption or even a setting toggle. It’s called secret chat and clicking on it opens a chat from the original chat. The only difference I see is a little lock icon where an emoji usually is.

Goun ,

Sounds like Telegram, smh

linux_user_6967 ,

wait, what ? can you elaborate, since I use telegram on daily bases

rhys ,
@rhys@rhys.wtf avatar

@linux_user_6967 @Goun Telegram's end-to-end encryption isn't enabled by default. You have to specifically choose to start an encrypted chat. Assuming you trust MTProto though, there's no indication they're otherwise implemented poorly.

Sophie ,

You’re not telling me Facebook LIED are you? No way I wouldn’t believe it /s

patch1 , (edited )

Actually that page suggests that they can’t access it. They’d never passed the security on it if that page was lying and they don’t encrypt it. Clearly there must be some kind of mechanism they can use to decrypt it for law enforcement. The technicals of that are what I was actually interested in from my original comment.

EDIT: Oh my God I just figured it out. It’s not enabled by default. You have to explicitly turn it on per conversation. That’s terrible

jabjoe ,
@jabjoe@feddit.uk avatar

Even if you turn it on, they control the end points, so it’s not really any more secured.

Xcf456 , (edited )

Presumably they maintain full access because they control both ends. The encrypted part would stop others intercepting messages. At least that’s how I’ve always read it

Edit: I’m wrong, end to end does exclude even the app provider from seeing messages. So yeah, either not enabled or they lied

mexicancartel ,

To add to other replies, proprietary apps like messenger can also have backdoor access to your messenger app, where the messages are stored decrypted. I.e. maliciously taking the chat history from either ends of the end-to-end encryption.

ghariksforge ,

End2End encryption is mostly a PR stunt. In practice it’s not hard to go around it. For example:

  • going after unencrypted backups (such as in google drive)
  • compromising or seizing your device
  • forcing the app developer to leak the private keys
  • forcing you to turn over the information by threatenening you with not cooperating.

It reminds me of this XKCD: xkcd.com/538/

Boldizzle ,
@Boldizzle@lemmy.world avatar

And y’all thought China having your data was something to be afraid of.

Imgonnatrythis ,

Curious why you are so comfortable with that?

Boldizzle ,
@Boldizzle@lemmy.world avatar

I never said I was comfortable with it, but you clearly missed the point I was making.

Worry about what data is being harvested in your own country where a law change can suddenly put you in danger of being arrested before worrying about China having some of your data.

Is it bad how much data the Chinese govt get from you using apps like Tik Tok or phones made by Huawei? Sure, but the threat is a lot closer to home than you think as this article shows.

imPastaSyndrome , (edited )

Here’s a novel concept - we’re against our government doing it too, obviously. I don’t know why you think we wouldn’t be, this is the stupidest divorced from reality gotcha take

Boldizzle ,
@Boldizzle@lemmy.world avatar

Lol get it all out bro.

imPastaSyndrome ,

Lawl

Novman ,

China spying is a problem for your government, your government spying is your problem.

Raphael ,
@Raphael@lemmy.world avatar

When you oppose the left-wing, you’re defending this.

linux_user_6967 ,

btw, I oppose both

iviattendurefort ,

It’s kind of stupid to think that one side would use it and the other wouldn’t. Just because they aren’t destroying your privacy for this purpose doesn’t mean left leaning politicians wouldn’t use your data for their own clandestine reasons.

corsicanguppy ,

The right destroys privacy for either their control of the poors or for religious morality police.

The left destroys privacy to root out fascism.

They are not the same[.gif].

super_user_do ,
@super_user_do@feddit.it avatar

America fuck yeahhh 🇺🇸🇺🇸🇺🇸🦅🦅🦅🦅

bouncingbollocks ,

Serious clickbait bs, the one time FB didn’t do anything slimy, at least not by FB standards of slimy

PepperDust ,

I have mixed feelings on abortion, but spying on and snitching on people you disagree with is too far

pulaskiwasright ,

I honestly don’t get this stance. If you believe abortion is killing a human, then you treat it like murder. If you believe it isn’t killing a human, because it really isn’t, then it’s just an inconsequential medical procedure that no one should care about.

PepperDust ,

I never said abortion is murder, i just said i do not know what to think of abortions

Beetschnapps ,

@PepperDust @pulaskiwasright that’s the fucked up part. As a man you have the benefit of not needing to know what to think. Women don’t get that luxury. Yet every man’s opinion gets to dictate women’s legality.

pulaskiwasright ,

That’s how democracy works. Every man has just as much power over whether or not abortion should be legal as every woman has power over whether or not men have to register for the draft.

Beetschnapps ,

@pulaskiwasright wow pointing out one problem to justify another… all while avoiding the consequences of either. bravo

pulaskiwasright ,

I’m pointing out that in a democracy, people really do make laws for things that they don’t do. It couldn’t work any other way.

glacier ,
@glacier@lemmy.blahaj.zone avatar

There hasn’t been a draft since the 1970s. It’s hardly an issue anymore. Yet women have been actually dying and suffering because of a lack of access to life saving medical care since Roe was overturned last year.

pulaskiwasright ,

Absolutely correct. My point though is that saying “men don’t get to have an opinion” is a silly, and unproductive argument in favor of what should he abortion rights. Representative democracy wouldn’t function at all if no one was allowed to have an opinion on things that they don’t do directly and not let those opinions influence how they vote. That’s a silly argument.

emi ,
@emi@lemmy.blahaj.zone avatar

Gonna Re-Share this resource… PLEASE forward to individuals who may need it! eff.org/…/digital-security-and-privacy-tips-those…

TimewornTraveler ,

Gonna Re-Share this resource… PLEASE forward to individuals who may need it! eff.org/…/digital-security-and-privacy-tips-those…

thank you!

Mikina ,

I’m almost certain that if something like this happened to any fediverse instance - that a local police enforcement would contact the admin and asked for user’s data, which they are required by law to provide or they would go to jail/get a hefty fine and possibly a criminal record, they would do that too. That’s also why E2E is required, to prevent such problems for instance admins - but then again, there’s really nothing you can do against local law, and if it requires that you have to be able to cooperate, well… Then there’s not much the admin can do, without putting himself in a real risk of prosecution, because he is breaking the law by have E2E.

That’s also a good reason to be careful when selecting your home instance, and making sure that you choose one in a country that has all right laws in that regard.

Of course, that’s assuming the police makes contact. I don’t suppose that the admins would be searching through the DMs of people to snitch on them. And if Meta is doing that preemtively and is actively snitching on people - that’s downright evil.

interdimensionalmeme ,

Single user instance locally hosted, is the only way forward

devils_advocate ,

Is this practical? How technically difficult is it? What are the hardware requirements?

interdimensionalmeme ,

Any potato that can run a docker container. I’d say for 1 user that’s going to be under 1gb ram and 1 vcpu

chrstnwhlrt ,
@chrstnwhlrt@lemmy.ml avatar

The federation API isn’t using E2E either. It makes no difference if you use your mobile client to contact the mobile API or if you’re hosting your own instance to use the federation API in safety regards. You should always be aware that every message / post / image you publish (even in a closed group) in the internet could be traced back to you and with enough afford be available to anybody with the right skills.

Only end to end encryption can help you there - this is the way.

Mikina ,

Is it even possible to implement E2E in the context of ActivtyPub? I mean, as far as I know, the federation doesn’t specify what content you send, only activities, groups and object definitions. There’s nothing stopping you from making the actual data E2E encrypted, altough making it so would be a hard problem.

On the other hand… As I’ve mused about in the other comments, it should be possible to create a fediverse app that serves as a self-hosted front-end for interacting with different fediverse apps. All of your personal data would live on it, and you are in full control. Which would also allow for a safe implementation of E2E, because you just publish your public key, and know that since the app is under your control, noone can get to it. However, this would mean that the other users whould have to use the same standart.

I actually really like that idea. If we can separate users from servers with content, so Lemmy instances would only host posts and comments, but DMs would be handled by the private user instances, it would make Fediverse a lot more private.

The only question standing in the way is - who hosts the content of the posts I make? If my home is programming.dev, and I post to lemmy.ml, do I send the post data through ActivityPub to Lemmy to host, or do I host in on programming.dev, and Lemmy.ml just gets the ID of the post? If it’s first one, making the self-hosted user frontend will be easy, since all you need is a few API calls to make posts, and the only storage you need is for DMs and your account details (which may actually static, so a faked webpage returning your data may suffice). If it’s the latter, then it will be a lot more difficult to easily self-host.

chrstnwhlrt ,
@chrstnwhlrt@lemmy.ml avatar

There is also the question of trust: The best solution should be an infrastructure that is due to E2E not able to read the messages it processes. The problem with this setup is, that you want to communicate publicly and you never know, who is part of your communication. I would advice to use signal or matrix if you need E2E. If not, use either Tor to proxy lemmy and try to stay anonymous or be aware, that your messages are not (which is always the best approach in my opinion).

interdimensionalmeme ,

Yes however they can’t get your phone without nearly as easily as a third party’s data

Mikina , (edited )

Hmm, that actually sounds like a great idea. Does it actually need to be reachable from the outside, if you don’t want to host any of your own communities on it? Or will it be enough for the instance to just pool data? Apart from no-one being able to contact you via DM, that is.

I’ll look into it, having my own home instance actually sounds pretty easy and it may work.

Actually - wouldn’t it even be possible to build a browser extension for that? One that just simulates ActivityPub calls, and you just browse on someone else’s instance without logging in while still allowing you to comment or vote on your behalf?

EDIT: I’ve posted some more thoughs about it to another comment, which I assumed was a reply to this one. The more I think about it, the more I really like the idea of a self-hosted front-end for Fediverse apps that doesn’t host communities, but only user interactions and allows you to interact with other apps and instances.

interdimensionalmeme ,

I think a cell phone is more than enough for one user, probably 100 users would still be fine. With a store and forward proxy even the momentary disconnections would cause missed messages nor notification

Most important is, a content discovery and sorting now lives on your device

ctr1 , (edited )
@ctr1@fl0w.cc avatar

An extension would be cool! I’m currently trying to do something similar, in some sense; I’ve patched my instance to filter out DB results from public queries so that only my posts and comments are visible (unless I am logged in).

The only thing I’m not sure about yet is if it’s possible - if I create a Post on an instance that’s not my home, who is hosting the data? Do I only send ActivityPub Create Post with the data and the instance then saves it, or do I create the post on my own instance, send an ID, and if someone requests the Post data on the instance I posted to, it will be requested from mine?

I believe it might be possible, but I’m not sure. It seems that the protocol itself is mostly geared for synchronizing data and distributing updates. From my limited understanding, servers follow users or communities on other servers, which inform those servers that updates should be sent to the requesting inbox. These updates are then used to build up a local copy of the remote page. In the case of a remote community, users interact with their local copy and notify the remote community of those changes.

For example, I am viewing a local copy of this post that I received from lemmy.ml, and my reply to your comment will be stored locally. My server will notify lemmy.ml of this comment (including its contents), and lemmy.ml will notify my inbox if anyone interacts with it (because I am a follower).

It seems that at least some of this syncing might not be necessary… a lightweight frontend could rely on the API of each site it connects with to build up the activities it sends. However, this would probably cause some unnecessary traffic, as such a follower would both receive updates and query the API. Also it would probably break some things, such as ap_id (see the multicolored fedilink icon, which points the original copy of the content on my instance).

ComradePorkRoll ,

I hear what you’re saying. We have to take to the sea. We should all pitch in and make a mega instance that floats on international waters.

asexualchangeling ,

Why one? Let’s make several instances that float in international waters!!

darcy ,
@darcy@sh.itjust.works avatar

the fediverse is not meant to be private…

Mikina ,

EDIT: I though you are replying to the comment about just hosting single-user instances, and assumed that you meant that if everyone had their own single use private instances, it would be against the fediverse idea. Sorry about that.

I wouldn’t say that’s making the fediverse private - it’s only making my personal account and data about what I visit private. That’s what the ActivityPub protocol is for, and the more I think about it, the more I hope that some kind of app would show up - one that would be designed to just act as a personal front-end for the Fediverse, which would allow you to interact as a user from your instance with others, but also one that would keep all of your data, which are currently at mercy of your instance admins, at your personal instance.

Of course, you still need people to host instances that are actually made for communities and content, and that’s what Lemmy or Mastodon is designed for - but I’d like to see a Fediverse app that isn’t made for hosting content, but only for letting you interact with other instances. There’s no drawback - quite the contrary, instance admins don’t have to deal with and take care of my private data, because my instance is handling all of that, while I still will be providing content for their instance. I think that definitely fits into the idea of what Fediverse should be.

The only thing I’m not sure about yet is if it’s possible - if I create a Post on an instance that’s not my home, who is hosting the data? Do I only send ActivityPub Create Post with the data and the instance then saves it, or do I create the post on my own instance, send an ID, and if someone requests the Post data on the instance I posted to, it will be requested from mine? Because if it’s the first one, then such a client that only implements DMs, your own user account, and a frontend for showing posts on other instances would be doable. And definitely something important, because it solves the biggest privacy issues of Lemmy right now. I see no drawback in that - the only data I would not be in control of are the ones I post to other instances, but that’s ok. And even if you would be the one hosting it, all it means is that it would be a little bit harder do host it yourself.

Also, if I understand the ActivityPub right, if you’re ok with not getting notifications or DMs, your personal instance wouldn’t even need to be online at all times, since you only request data about communities and posts when you are browsing. But this would depend on whether the content and comments are hosted at your instance, or at the instance you are commenting or posting to.

I really like this idea. And from what I’ve seen of the ActivityPub protocol, it should even be that hard, aside from the UI.

rikudou ,

Generally, choose any instance hosted in European Union and you should be good to go.

wagesof ,
@wagesof@links.wageoffsite.com avatar

E2E is technically illegal for any interstate communications in the USA, since refusal to comply with a wiretap order will put you in jail for contempt, regardless of whether the medium allows for interception or not.

CO_Chewie ,

How do communication apps get away with E2E in the US then? Is there a backdoor that allow for companies to comply or does law enforcement seek alternative means of obtaining the information?

wagesof ,
@wagesof@links.wageoffsite.com avatar

There aren’t any US based e2e messaging or voice services as far as I know.

Gabu ,

PSA: I’m neither American nor a lawyer, but AFAIK, US law forbids the indiscriminate investigation of foreign individuals to prosecute US citizens, so having your account in a foreign instance is one more layer of protection.

corsicanguppy ,

Have you heard of the CLOUD act?

raistlin ,

I honestly think the trick for E2EE is to just collect so little, that even by complying, you can’t give them very much. That trick has worked really well for Signal in the past.

Fickle_Ferret ,
@Fickle_Ferret@lemmy.ml avatar

Meta needs to be destroyed. No organisation, person, or people should hold that much power.

ATiredPhilosopher ,

As much as I dislike corporations, the conservative parties and judges deserve as much, if not more, blame for this.

Kissaki ,
@Kissaki@feddit.de avatar

which prompted the state to issue Meta with a search warrant for their chat history and data including log-in timestamps and photos. Meta complied with the request

They followed the law. Which they have to do.

This is an issue primarily with the law. It’s not like Meta proactively shared that data.

There’s huge issues with Meta. But they’re mostly beside the point here, and certainly not the problematic power at play here.

Deflecting from law makers, courts, and prosecution to just Meta is misplaced and counter-productive.

LifeInMultipleChoice ,

If there were actually end to end encryption on the messages, they wouldnt have the ability to decrypt the messages for the government when asked. So either A. Meta lied about their encryption, or they are lying about storing users passwords which is arguably worse as many use passwords for multiple uses even when we know we shouldn’t. If Meta is required to not use encryption then once more I agree users should not use them for any personal messaging. Which is what it sounds people are preaching against here.

Kissaki ,
@Kissaki@feddit.de avatar

Was the form of private messages disclosed? Does meta claim end to end encryption on Facebook/Facebook messenger? That would be new to me.

Having to provide back doors is another issue with the law/government and courts, not Meta or their power.

IMO lying is not an issue of power as the commenter I replied to mentioned. They implied Meta was the perpetrator, the active part in all this. When in fact they either followed law or followed the law while being a shitty company. But they’re not the active part, the cause in this ordeal.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • technology@lemmy.ml
  • random
  • All magazines
    •