MESO-Rx

Anabolic Steroids

Wickr compromised

scientifik said:
The only thing I can say is that they will from now on keep record for 90 days at LE disposal for any eventuality and give them full access to the account. Probably my title was a bit misleading. But as I said to seller firstly to change eventually platform used.
Click to expand...
Okay, where’s the proof backing this claim?
 
Lol this guy is like talking to a politician. You keep asking the same question but they just talk in circles without answering it. You say a lot of words but don’t provide any answers.
 

Required Legal Process


Wickr will not release customer information without a valid and binding legal demand properly served on us, such as a subpoena, search warrant, or other legal process. Wickr objects to overbroad or otherwise inappropriate demands as a matter of course.


Method of Service


Wickr does not accept service of subpoenas, search warrants, or other legal process except through the Amazon Law Enforcement Request Tracker (“ALERT”).1 Legal process must be served by uploading the appropriate documentation to ALERT.


Requests from Non-U.S. Law Enforcement


A non-U.S. law-enforcement agency seeking to obtain data from Wickr must work through the available legal and diplomatic channels in its jurisdiction, including through bi-lateral or multi-lateral legal assistance treaties (“MLATs”) or letters rogatory processes. Such international requests may be made to the U.S. Department of Justice Office of International Affairs.


Other Information


Preservation. Upon receipt of a lawful and binding request, Wickr will preserve requested information for up to 90 days.


Emergencies. Wickr reserves the right to respond immediately to urgent law enforcement requests for information in cases involving a threat to public safety or risk of harm to any person. These requests must be submitted through the ALERT by selecting the emergency request button. During the emergency, ALERT will grant law enforcement temporary account access.


Reimbursement. Wickr might seek reimbursement for costs associated with responding to law enforcement requests for information, particularly if the costs incurred are the result of responding to burdensome or unique requests.


Contents of Communications Are Not Available


Our system is designed to protect our customers privacy and therefore Wickr does do not have access to our customers decrypted message content. Any customer content that might be stored on Wickr’s System is encrypted and indecipherable.


What Must Be Included in Account Information Requests?


Law enforcement or other government requests for customer information must include:


  • Identifying information for the account from which information is requested, such as Customer ID or phone number (please note that phone numbers will only yield responsive information when the customer has enabled ID Connection); and
  • A description of the information sought

Will Wickr Notify Customers of Requests for Account Information?


No, because Wickr will notify customers only if Wickr will disclose content information, and Wickr does not have access to any such information.


What Information Does Wickr Store?


Wickr has the following information about Wickr Me customer accounts:


  • Date of account creation
  • Type of device(s) on which such account was used
  • Date of last use
  • Total number of sent/received messages
  • Number of external IDs (email addresses and phone numbers) connected to the account, but not the plaintext external IDs themselves
  • Avatar image (if customer elected to provide one)
  • Limited records of recent account setting changes, such as adding or suspending a device (does not include message content or routing and delivery information)
  • Wickr version number

Wickr has the following information about AWS Wickr customer accounts:


  • Network affiliation
  • AWS Wickr ID (email address)
  • Phone number, if provided by network administrator as a second form of authentication
  • Date of account creation
  • Type of device(s) on which such account was used
  • Date of last use
  • Total number of sent/received messages
  • Avatar image (if user elected to provide one)
  • Limited records of recent account setting changes, such as adding or suspending a device (does not include message content or routing and delivery information)

Wickr has the following information about on AWS Wickr* network administrator accounts:


  • Administrator ID (email address)
  • Network membership
  • Payment-related information
  • Network-wide settings including limited records of recent changes to network settings (e.g. enabling or disabling federation)

* The configuration of each AWS Wickr network varies depending on the enterprise needs, and this might further limit the information available to Wickr.





1 – Wickr was acquired by Amazon and is now part of Amazon Web Services (AWS). Learn more here: AWS welcomes Wickr to the team | Amazon Web Services
 
oldie59 said:

Required Legal Process


Wickr will not release customer information without a valid and binding legal demand properly served on us, such as a subpoena, search warrant, or other legal process. Wickr objects to overbroad or otherwise inappropriate demands as a matter of course.


Method of Service


Wickr does not accept service of subpoenas, search warrants, or other legal process except through the Amazon Law Enforcement Request Tracker (“ALERT”).1 Legal process must be served by uploading the appropriate documentation to ALERT.


Requests from Non-U.S. Law Enforcement


A non-U.S. law-enforcement agency seeking to obtain data from Wickr must work through the available legal and diplomatic channels in its jurisdiction, including through bi-lateral or multi-lateral legal assistance treaties (“MLATs”) or letters rogatory processes. Such international requests may be made to the U.S. Department of Justice Office of International Affairs.


Other Information


Preservation. Upon receipt of a lawful and binding request, Wickr will preserve requested information for up to 90 days.


Emergencies. Wickr reserves the right to respond immediately to urgent law enforcement requests for information in cases involving a threat to public safety or risk of harm to any person. These requests must be submitted through the ALERT by selecting the emergency request button. During the emergency, ALERT will grant law enforcement temporary account access.


Reimbursement. Wickr might seek reimbursement for costs associated with responding to law enforcement requests for information, particularly if the costs incurred are the result of responding to burdensome or unique requests.


Contents of Communications Are Not Available


Our system is designed to protect our customers privacy and therefore Wickr does do not have access to our customers decrypted message content. Any customer content that might be stored on Wickr’s System is encrypted and indecipherable.


What Must Be Included in Account Information Requests?


Law enforcement or other government requests for customer information must include:


  • Identifying information for the account from which information is requested, such as Customer ID or phone number (please note that phone numbers will only yield responsive information when the customer has enabled ID Connection); and
  • A description of the information sought

Will Wickr Notify Customers of Requests for Account Information?


No, because Wickr will notify customers only if Wickr will disclose content information, and Wickr does not have access to any such information.


What Information Does Wickr Store?


Wickr has the following information about Wickr Me customer accounts:


  • Date of account creation
  • Type of device(s) on which such account was used
  • Date of last use
  • Total number of sent/received messages
  • Number of external IDs (email addresses and phone numbers) connected to the account, but not the plaintext external IDs themselves
  • Avatar image (if customer elected to provide one)
  • Limited records of recent account setting changes, such as adding or suspending a device (does not include message content or routing and delivery information)
  • Wickr version number

Wickr has the following information about AWS Wickr customer accounts:


  • Network affiliation
  • AWS Wickr ID (email address)
  • Phone number, if provided by network administrator as a second form of authentication
  • Date of account creation
  • Type of device(s) on which such account was used
  • Date of last use
  • Total number of sent/received messages
  • Avatar image (if user elected to provide one)
  • Limited records of recent account setting changes, such as adding or suspending a device (does not include message content or routing and delivery information)

Wickr has the following information about on AWS Wickr* network administrator accounts:


  • Administrator ID (email address)
  • Network membership
  • Payment-related information
  • Network-wide settings including limited records of recent changes to network settings (e.g. enabling or disabling federation)

* The configuration of each AWS Wickr network varies depending on the enterprise needs, and this might further limit the information available to Wickr.





1 – Wickr was acquired by Amazon and is now part of Amazon Web Services (AWS). Learn more here: AWS welcomes Wickr to the team | Amazon Web Services
Click to expand...
Thanks
 
DoctorX said:
How about signal?
Click to expand...
Signal:

"When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication here."

signal.org

Government Communication

When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication here.
signal.org signal.org

Also, noteworthy...

"Whenever Signal receives a properly served subpoena, they work closely with the American Civil Liberties Union to challenge and respond to it, handing over as little user data as possible. Signal publishes a post to the “Government Requests” section of their website (signal.org/bigbrother) whenever they’re legally forced to provide user data to governments, so long as they’re allowed to. Some of the examples include challenges to gag orders, allowing Signal to publish the previously sealed court orders.

If Signal receives a subpoena demanding that they hand over all account data related to a user with a specific username that is currently active at the time that Signal looks it up, they would be able to link it to an account. That means Signal would turn over that user’s phone number, along with the account creation date and the last connection date. Whittaker stressed that this is “a pretty narrow pipeline that is guarded viciously by ACLU lawyers,” just to obtain a phone number based on a username.

Signal, though, can’t confirm how long a given username has been in use, how many other accounts have used it in the past, or anything else about it. If the Signal user briefly used a username and then deleted it, Signal wouldn’t even be able to confirm that it was ever in use to begin with, much less which accounts had used it before.

In short, if you’re worried about Signal handing over your phone number to law enforcement based on your username, you should only set a username when you want someone to contact you, and then delete it afterward. And each time, always set a different username.

Likewise, if you want someone to contact you securely, you can send them your Signal link, and, as soon as they make contact, you can reset the link. If Signal receives a subpoena based on a link that was already reset, it will be impossible for them to look up which account it was associated with.

If the subpoena demands that Signal turn over account information based on a phone number, rather than a username, Signal could be forced to hand over the cryptographic hash of the account’s username, if a username is set. It would be difficult, however, for law enforcement to learn the actual username itself based on its hash. If they already suspect a username, they could use the hash to confirm that it’s real. Otherwise, they would have to guess the username using password cracking techniques like dictionary attacks or rainbow tables."
Click to expand...

Lee, M. (2024, March 4). Signal’s New Usernames Help Keep the Cops Out of Your Data. The Intercept. Signal’s New Usernames Help Keep the Cops Out of Your Data
 
getsession.org

Session | Send Messages, Not Metadata. | Private Messenger

Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.
getsession.org getsession.org

en.m.wikipedia.org

Session (software) - Wikipedia

en.m.wikipedia.org en.m.wikipedia.org

“Session started as a fork of another messenger, Signal, aiming to build upon its foundation. However, concerns about the centralized structure of Signal Protocol and potential metadata collection led the team to deviate and create their own protocol, called "Session Protocol". This approach prioritized increased anonymity and decentralization.“
 
Millard said:
Signal:

"When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication here."

signal.org

Government Communication

When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication here.
signal.org signal.org

Also, noteworthy...



Lee, M. (2024, March 4). Signal’s New Usernames Help Keep the Cops Out of Your Data. The Intercept. Signal’s New Usernames Help Keep the Cops Out of Your Data
Click to expand...
Good info.thank you for posting
 
baxter0312 said:
getsession.org

Session | Send Messages, Not Metadata. | Private Messenger

Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.
getsession.org getsession.org

en.m.wikipedia.org

Session (software) - Wikipedia

en.m.wikipedia.org en.m.wikipedia.org

“Session started as a fork of another messenger, Signal, aiming to build upon its foundation. However, concerns about the centralized structure of Signal Protocol and potential metadata collection led the team to deviate and create their own protocol, called "Session Protocol". This approach prioritized increased anonymity and decentralization.“
Click to expand...
SO will it be possible for a person to create a session key then delete it quickly once the message was sent or received? If so then most likely even more limited info be passed to LE.
 
You must log in or register to reply here.

Similar threads

M
US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data
2
Replies
21
Views
2K
MR_Midas
MR_Midas
W
How Police Secretly Took Over a Global Phone Network for Organised Crime
Replies
3
Views
1K
MFAAS
M
P
THE ULTIMATE ONLINE PRIVACY GUIDE
Replies
3
Views
5K
spanky013
S
P
How to Anonymize Everything You Do Online
Replies
12
Views
2K
pumpingiron22
P

Sponsors

Latest posts

Top