Whenever you use TLS encrypted messaging tools
- AOL Instant messenger
- Blackberry Messenger
- Facebook Messages
- Telegram Standard chats
- WhatsApp (old protocol)
- Yahoo Messenger
there’s a “trusted” man in the middle. The trust in this context is “trust us, or don’t use our services”. Data aggregation is real; Facebook is being sued over analyzing private conversations, and the best quote about trustworthiness of server seeing messages comes from Mark Zuckerberg, the CEO of Facebook:
Zuck: They “trust me”
Zuck: Dumb fucks.
What’s worse, the five applications colored red provide content and metadata to NSA via FBI.
The following diagram illustrates how subpoenas, NSLs and PRISM bypass TLS encryption completely. Other HSAs most likely have similar access to their domestic companies, and since many times HSAs co-operate, obtaining data from servers in allied nations is trivial.
In the cases where server is in neutral or hostile country, HSAs may compromise the server with malware to steal log files in real time or periodically.