Comment by Night_Thastus
2 years ago
Every single time I've seen Signal asked for data in a court case, they've basically handed back a unix timestamp of when the account was created and said "that's all we have". Or it was last access time, I could have misremembered.
Either way, that seems quite good to me.
You're right, that's how it used to be. They still have pages on their website bragging about times when they didn't have anything to turn over because they didn't keep any of it. A while ago that all changed. They started collecting and forever storing in the cloud the exact data those requests were asking for. Lists of everyone you've been contacting, along with your profile data (name, phone number, photo).
https://community.signalusers.org/t/proper-secure-value-secu...
If you're a Signal user and this is the first time you're hearing about this, that should tell you everything you need to know about how trustworthy Signal is.
The technical info in that community form is a few notches too technical, I work in a different knowledge base.
If someone broke down what the timeline was, what new info is being stored that wasn't before, how that is known, and how Signal has responded, etc, then that would be useful.
I'll admit it doesn't seem great. Phone number I understand, but name and contacts are more concerning.
There's a good article on the topic here: https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...
Note that the "solution" of disabling pins mentioned at the end of the article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.
There's a lot more information about it in various places, but Signal went out of their way to be as confusing as possible in their communications so it caused a lot of people to get the wrong idea (see for example https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...)
The forums were in an uproar for months asking Signal to not start collecting data or at least give people a means to opt out. Here's a good thread with links to a bunch of the conversations people were having at the time: https://community.signalusers.org/t/mandatory-pin-is-signal-...