Obviously doesn't include warrants they may have received where a gag order is in place, but you can see from the responses they do publish that they only store phone number, initial registration date, and last connection date.
They love to brag about the times when they were asked to hand over data and they had to tell the feds that they couldn't because that kind of data was never collected or stored in their systems in the first place. They still love to brag about it, but it's no longer true. They now collect and permanently store in the cloud exactly the kind of data that the police and feds were asking them to provide. Your name, your phone number, your username, your profile picture, and most importantly a list of everyone you have contacted with signal.
This is in direct opposition to the very first line of their privacy policy which lies when it states "Signal is designed to never collect or store any sensitive information." and they've refused for years now to correct that lie and update their policy to detail all the new data collection they're doing.
Do you have details on this? Given that usernames just came out, I don’t expect they’re storing many of them, but I’m interested in specifically a source for “a list of everyone you have contacted with signal”
At this point that's entirely unclear. Because they're keeping your data in the cloud my guess is that the US government can easily access that data and any other government can get anyone's data as long as they can guess the person's PIN. You can find a discussion on the problems with their security here: https://community.signalusers.org/t/proper-secure-value-secu...
As if you can't get a whole lot of information on most people with just their phone number. The number of people whose Signal ID is built off a burner phone ad no longer traceable back to them is miniscule.
> As if you can't get a whole lot of information on most people with just their phone number. The number of people whose Signal ID is built off a burner phone ad no longer traceable back to them is miniscule.
Yes, but what are you going to do with this information? All you know is how long they've been a signal user and when they last connected.
That doesn't explain why it has nothing to do with spam.
If you know how to build an anonymous communication platform, that is convenient to use, and is also spam resistant/proof, you have the miracle platform idea.
And then when you're faced with potential criminal suits and/or the security state coming after you for "national security" reasons, you implement the tracking the government wants so you don't potentially go to trial and/or prison.
That's why Signal only stores your phone number (and when you last connected) - they know nothing about your real identity, so they can't link it back to you.
Signal publishes their responses to court orders already: https://signal.org/bigbrother/.
Obviously doesn't include warrants they may have received where a gag order is in place, but you can see from the responses they do publish that they only store phone number, initial registration date, and last connection date.
They love to brag about the times when they were asked to hand over data and they had to tell the feds that they couldn't because that kind of data was never collected or stored in their systems in the first place. They still love to brag about it, but it's no longer true. They now collect and permanently store in the cloud exactly the kind of data that the police and feds were asking them to provide. Your name, your phone number, your username, your profile picture, and most importantly a list of everyone you have contacted with signal.
This is in direct opposition to the very first line of their privacy policy which lies when it states "Signal is designed to never collect or store any sensitive information." and they've refused for years now to correct that lie and update their policy to detail all the new data collection they're doing.
Do you have details on this? Given that usernames just came out, I don’t expect they’re storing many of them, but I’m interested in specifically a source for “a list of everyone you have contacted with signal”
8 replies →
I do love that the two responses to this question are a confident assertion that they surely wouldn’t do that and yours posting evidence they do.
this seems to have stopped in 2021?
At this point that's entirely unclear. Because they're keeping your data in the cloud my guess is that the US government can easily access that data and any other government can get anyone's data as long as they can guess the person's PIN. You can find a discussion on the problems with their security here: https://community.signalusers.org/t/proper-secure-value-secu...
Required reading:
https://eprint.iacr.org/2016/1013.pdf
That was before they started collecting and storing sensitive data in the cloud.
See https://sgaxe.com/files/SGAxe.pdf for an attack that leaked Signal contacts.
The parent is right: https://news.ycombinator.com/item?id=39414322
An order to what? Hand over a random phone number?
As if you can't get a whole lot of information on most people with just their phone number. The number of people whose Signal ID is built off a burner phone ad no longer traceable back to them is miniscule.
> As if you can't get a whole lot of information on most people with just their phone number. The number of people whose Signal ID is built off a burner phone ad no longer traceable back to them is miniscule.
Yes, but what are you going to do with this information? All you know is how long they've been a signal user and when they last connected.
3 replies →
No tech professional is going to resist people with legalized force showing up at their door.
That’s why you design a system that doesn’t require such info in the first place, if you don’t have it, nothing to hand over.
That doesn't explain why it has nothing to do with spam.
If you know how to build an anonymous communication platform, that is convenient to use, and is also spam resistant/proof, you have the miracle platform idea.
And then when you're faced with potential criminal suits and/or the security state coming after you for "national security" reasons, you implement the tracking the government wants so you don't potentially go to trial and/or prison.
That's why Signal only stores your phone number (and when you last connected) - they know nothing about your real identity, so they can't link it back to you.
that already exists; IRC for one. But not particularly user-friendly for everyone (requires presence).
In Sweden they have some spine to do this
https://mullvad.net/en/blog/2023/4/20/mullvad-vpn-was-subjec...
True, but edge case. Spine and fortitude are rare.