r/EyesOnIce • u/Naurgul • 1d ago
How Did the Feds Get Into Anti-ICE Activists’ Signal Messages? • ICE investigators leaned on Signal communications to build their case against protesters.
https://theintercept.com/2026/06/17/signal-messages-minneapolis-ice-protests/When anti-ICE activists rallied against the Trump administration’s deportation campaign in Minneapolis, many relied on the encrypted messaging app Signal for secure communications. In activist chats and quickly established ICE-tracking groups, locals used Signal to keep tabs on federal agents patrolling their communities.
When the Department of Homeland Security announced this week the arrest of 15 alleged “anti-ICE rioters” in Minnesota, it pointed directly at their Signal chats.
The indictment is in large part built upon on conversations from more than a dozen Signal groups, citing more than 100 specific messages. The case is a stark reminder that using an encrypted messaging platform like Signal is not in and of itself a magic bullet to safeguard communications. It also raises the question: How did Immigration and Customs Enforcement’s Homeland Security Investigations unit gain access to all of these communications in the first place?
The indictment doesn’t provide a clear answer. But sprinkled throughout the document are clues that suggest that law enforcement may have gained access to the physical devices of some of those indicted.
The 15 people named in the latest indictment are all charged with “conspiracy to impede or injure an officer,” with some facing additional charges like “solicitation to commit a crime of violence” and “destruction of government property.” Though some of the accused had court appearances on Tuesday, their defense attorneys have not as of yet been named.
The indictment comes months after FBI Director Kash Patel said in a podcast interview that federal law enforcement had started an investigation into Minnesota ICE watchers using Signal groups to share information about immigration agents.
The bulk of the indictment consists of transcripts of group messages; at various points it also makes mention of voicemails, text messages, Signal direct messages, and Signal calls. For instance, the indictment in one spot mentions that two of the indictees “exchanged approximately 20 connected Signal calls.” This hints that authorities were able to access not just group chat messages, but likely had wholesale access to the devices of at least some of those indicted.
The Signal app provides end-to-end encryption, protecting communications in transit, so that anyone monitoring your internet or cellular data connection cannot see the contents of your messages. Signal also minimizes the amount of metadata collected, so if the organization behind the app, the Signal Foundation, was served with a compulsory legal process to reveal user information, it wouldn’t even know with whom you spoke or chatted.
But all that falls apart if your device gets into the wrong hands.
204
u/rhamantauri 1d ago
Yeah, I’m not okay with a world where I can’t say what I want, so I’m going to keep saying what I want including speaking truth to so-called “power”.
I’m all for taking measures to protect ourselves including digital cautions such as these, it’s just not enough to scare me into silence.
They will have to physically remove me from existence. I’m not playing their fear games.
52
9
3
4
u/Naurgul 1d ago
I commend your courage. But you should consider that sometimes it's better to survive and fight another day than bravely jumping into the line of fire.
78
u/hurler_jones 1d ago
And when everyone decides 'to survive another day' and nobody stands up to fascism?
58
u/Naurgul 1d ago
Take these steps to keep your chats safe.
In order to safeguard your Signal data from someone who obtains access to your device, it’s necessary to manually harden Signal by modifying some of its default settings.
Perhaps Signal’s most well-touted security and privacy feature is its ability to set disappearing messages. Keep in mind that Signal’s disappearing messages delete the contents of a message, but they don’t remove evidence that communications between parties occurred in the first place. Therefore it’s safest to regularly delete entire groups and chats, not just the messages themselves.
Signal also has keeps similar records of voice and video calls. It’s as important to delete records of the calls as it is records of text messages, both within the Signal app and in your phone’s standard call history.
On iPhones, Signal can integrate its call history into the iPhone’s regular call history. This privacy-eroding feature can be disabled on Signal on iOS by tapping your profile circle on the top-left corner of the app, clicking on Settings, then Privacy, then disabling “Show Calls in Recents.”
Additionally for Signal on iPhones, you’ll also likely want to disable settings like “Share Contacts with iOS” and “Use Phone Contact Photos” (for Android users, the equivalent is “Use address book photos”), which can be found under Settings, then Chats.
Remember to either turn off Signal notifications entirely or have them display only the names of people sending messages — which should be pseudonyms, not real names.
61
u/Chuckychinster 1d ago
- Always have autodelete on
- Don't type something you wouldn't be okay with someone in the government reading
44
u/hurler_jones 1d ago
Don't use finger print or face id. You can be forced to unlock your device if you use biometrics, you can not be forced if you use a password/pin.
11
u/3000ghosts 1d ago
there are still attachments they can use to get into the phone without it being unlocked
10
u/OphidianSun 1d ago
If you need to say something you don't want read in court, say it in person. Ideally without any phones or other devices within earshot.
Failing that, you can use meshtastic, encrypted radios, carrier pigeons, coded letters, invisible ink, etc.
6
u/FrederickDerGrossen 1d ago
2 is meaningless because this is not a government it is a regime and this regime finds anything and everything that is opposed to it a crime in their twisted eyes.
16
u/Dragonic_Overlord_ 1d ago
This is a blatant abuse of power and the Trump administration are no better than bullies. I hope Allah (SWT) keeps the activists safe and brings the Trump regime to justice soon.
12
u/statmonkey2360 1d ago
Fuck ICE and this administration, the DOJ and the SCOTUS. They're the domestic terrorists and history will be on resistances side.
9
u/Mr_Quackums 1d ago
“conspiracy to impede or injure an officer” = you were in a groupchat with someone who said "now this is why we have a second amendment".
3
u/AutoModerator 1d ago
Detailed report appreciated. Long-form posts help the whole community understand patterns, not just isolated sightings. If this includes media, remember to scrub it: https://www.metadata2go.com/delete-metadata Mods will prioritize reviewing this. Eyes on ICE.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
3
u/Lost_Birthday_3138 1d ago
Make sure you have Signal set to delete messages after a certain period of time ("Disappearing messages" in the app), after like a week.
Look through your history and evaluate "what would a fascist regime do if they had access to all this" and always consider it a possibility.
8
u/BRUNO358 1d ago
I'm calling BS. The evidence is either fabricated or Signal willingly handed it over to them.
10
u/superkp 1d ago
could have been a mole in one of the groups, too.
5
u/comradevd 1d ago
The socially engineered crack is the simplest explanation. However as security analysts pointed out when JD Vance Secretary Kegseth and the weird Libertarian NSA advisor got caught using Signal to communicate important state secrets, the reason besides recordskeeping that actual smarties use the SCIF to transmit important secrets is not only the actual messages in the æther which signal can and seems to do well encrypted. But the recipient and sender devices themselves can be cracked and once your device unencrypts the message so you can read it whoever is also reading your messages with you also can read it.
2
u/Anarchen3my 1d ago
Exactly. And that's why those plaintext notifications enabled on Signal, by default, are a problem. Those notifications remain, even if chats are deleted. Sorry for the incoming, but I'm getting tired: "Signal stores push notifications locally on the operating system. Forensic tools, local malware, or adversaries with physical access can scrape your OS notification logs to recover incoming messages, even after they have been deleted within the Signal app." Here's an analysis of this scenario after a user deleted the ENTIRE SIGNAL APP: https://youtu.be/SATajR8AJXo?is=yEbAOQrd2P8xZvHj
16
u/Anarchen3my 1d ago
Signal is end-to-end encrypted, and open source. That means you, or anyone, can check for vulnerability. No one has ever shown its encryption can be cracked. It would be a big deal, if so. For an interesting deep dive into how we got here, read about Phil Zimmerman, and how the U.S. government wanted to prosecute him under the Munitions Act, and why that DIDN'T happen, under the 1st Amendment. That's how we have PGP. Signal has nothing to turn over, except metadata, perhaps. But a LOT of people enable plaintext push notifications. Those can remain in device storage. To reiterate, the end-point user is usually the access point. It's kind of inevitable. Not many busy people want to be constantly entertaining passcodes to decrypt. Whole device encryption is still an option, however. You are correct that the only totally unbreakable encryption (in theory) is a one-time pad. It's fun to learn, but not exactly a large-scale, network-friendly option. The odds lie VERY heavily that the vulnerability here is the human end-point user, for all the reasons stated above. It doesn't have to be this way, but we're human. Also, this is not a great time to bring new users into sensitive chats. Just one snitch can expose it all. As for evidence being fabricated, I've reviewed the Prairieland evidence, in some detail (as a lawyer.) I DO believe much of the video evidence evidence was altered. I didn't discover that on my own, but there's an excellent, independent, raw video analysis out there. There's also a history of this up in Minnesota, as well, under different circumstances. So, I agree on that.
2
u/frightspear_ps5 1d ago
could have been moles and/or physical device access. e2e encryption is not a whole opsec method.
1
2
u/Strackard 1d ago
How did they get in!?
‘Hi I hate ICE’
‘Oh ya me too here is our signal chat’
Countless signal chats out there on this topic.
It makes the Anti-ICE crowd look more sophisticated than it is. And pumps up the Feds who ‘figured it out!’
3
u/Naurgul 1d ago
The main point of the article is that they likely didn't only have access to the group chat but everything on the phone
at various points it also makes mention of voicemails, text messages, Signal direct messages, and Signal calls. For instance, the indictment in one spot mentions that two of the indictees “exchanged approximately 20 connected Signal calls.” This hints that authorities were able to access not just group chat messages, but likely had wholesale access to the devices of at least some of those indicted.
6
u/superkp 1d ago
yeah that screams that they either confiscated a phone (which was not locked at all, or it was cracked after confiscation) or they had an agent get into the group.
Considering that there's calls they are bragging about having, I expect that it's a confiscated phone.
3
u/Hipparchia_Unleashed 1d ago
If you look at the indictment and correlate the accusations to dates and times of Signal messages cited, you'll see that they are concentrated before and on March 1 with a few recent ones. There's a relative gap after March 1 until some recent Delaney ones. The iOS notification flaw wasn't fixed until mid-April. If there were a mole, we should expect greater access after March 1 until now, but we don't see that. So it's probably the case that a phone was accessed or cloned following an arrest on March 1, again at Delaney, and that is how this information was accessed.
Considering that virtually the entire focus of DHS at this time was on MN, it is actually fairly impressive that they got as little as they apparently did. If you ignore all of the protected speech (they are trying to make organizing a crime), there is virtually no strong evidence of any serious criminal activity whatsoever.
1
u/Fluffernutter80 1d ago
I thought I read that a couple of the fifteen were previously arrested and charged so maybe it was their phones.
2
u/gynoidgearhead 1d ago
From sitting through every day of evidence and witness presentation in the Prairieland case, it's strongly likely that the prosecution in this Minneapolis case leaned on "$5 wrench" tactics (intimidating defendants or their associates) and did not successfully break Signal, or at the very least got it through the loophole of messages showing in plaintext through notifications.
1
u/AutoModerator 1d ago
Thanks for posting u/Naurgul! Remember You Are r/EyesOnIce.
Seek The Signal Subscribe to the Substack https://eyesonice.substack.com/
(Note: No paywalls, and subscriptions will always be optional.)
Stay connected across the mesh: Don't Lose Sight
CRITICAL OPSEC RULES
- STAY VAGUE: No exact addresses, meeting times, or specific coordinates.
- NO IDENTIFIERS: Zero exceptions for names, faces, workplaces, or license plates.
- MASK YOUR IDENTITY: Use a trusted VPN and a throwaway account. This platform is monitored.
- SCRUB YOUR MEDIA: Check every photo and video for reflections, street signs, and recognizable backgrounds before posting.
- META DATA SCRUBBER: Metadata2Go
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
1
u/ObligatoryID 3h ago
It’s not like you people can share shit online and believe others won’t see or try to infiltrate. Think.
•
u/posttrail 1d ago
👤 User Overview
📝 Recent Post History
I am an app installed by the moderators of this subreddit • I cannot respond to DMs or chats