What we found
WhatsApp: FWhatsApp says no one can see your messages, but the FBI gets a list of everyone you talk to every 15 minutes.
FBI 'Lawful Access' document (Jan 2021, FOIA) reveals WhatsApp provides pen register data every 15 minutes in near-real-time. With warrants: contacts + reverse contacts. If iCloud backup enabled: full message content via Apple. Meta disclosed data in 78%+ of law enforcement requests in 2024.
Facebook Messenger: FMeta kept your Messenger conversations readable for over a decade while their other app (WhatsApp) had encryption since 2016.
Messenger operated with ZERO E2E for 12+ years (2011-2023). WhatsApp (also Meta) had it since 2016. Even post-Dec 2023, group chats, business conversations, Marketplace messages, Meta AI chats remain unencrypted.
WeChat: FCitizen Lab's Jeffrey Knockel discovered that WeChat doesn't just spy on Chinese users — it spies on everyone.
Citizen Lab researchers Jeffrey Knockel, Christopher Parsons, and Ron Deibert proved in 2020 that WeChat surveils content shared among non-China-registered accounts, using those conversations to train keyword censorship algorithms for domestic users. Messages between two Canadians were analyzed and fed into political censorship filters.
Discord: FDiscord asked users to upload passports and driver's licenses for age verification, promising secure handling.
In October 2025, hackers breached Discord's vendor 5CA, stealing 1.6TB including 70,000 government IDs submitted for age verification. A single compromised employee account exposed the entire cache. The breach lasted 58 hours before detection. The Scattered Lapsus Hunters demanded $5 million ransom.
LINE Messenger: FLINE told Japanese users their messages were private.
LINE's end-to-end encryption ("Letter Sealing") is opt-in for group chats and does not cover voice calls, video calls, or the many integrated services (LINE Pay, LINE News, LINE Healthcare). In 2021, it was revealed that LINE had allowed engineers at a Chinese subsidiary (LINE Plus) to access Japanese users' personal data — including names, phone numbers, and messages — without user knowledge. The Japanese government launched an investigation.
Telegram (Privacy Claims): FTelegram is not encrypted by default.
Telegram CEO Pavel Durov was arrested in France in August 2024 on charges including complicity in drug trafficking, CSAM distribution, and fraud facilitated through the platform. Telegram's default chats are NOT end-to-end encrypted — only "Secret Chats" (which few users enable) use E2EE. Regular messages, group chats, and channels are stored in plaintext on Telegram's cloud servers, accessible to Telegram staff and potentially to law enforcement.
Telegram: DTelegram says your messages are 'heavily encrypted' but actually holds the keys to read almost all of them.
Default Cloud Chats use only client-server encryption. Telegram holds the decryption keys. Only opt-in Secret Chats are E2E — buried in UI, device-bound, no desktop, no groups. With 950M+ MAU, essentially all conversations are server-readable.
Slack: DSlack calls your DMs "private." Your employer can export every private message, every deleted message, every file you ever shared — without telling you.
Compliance Export on Business+ and Enterprise Grid allows administrators to export every message — including DMs, private channels, and deleted messages — without notifying employees. Your boss can read every private message, every deleted rant, every DM about job hunting.