Comment by Sanzig
2 years ago
Signal publishes their responses to court orders already: https://signal.org/bigbrother/.
Obviously doesn't include warrants they may have received where a gag order is in place, but you can see from the responses they do publish that they only store phone number, initial registration date, and last connection date.
They love to brag about the times when they were asked to hand over data and they had to tell the feds that they couldn't because that kind of data was never collected or stored in their systems in the first place. They still love to brag about it, but it's no longer true. They now collect and permanently store in the cloud exactly the kind of data that the police and feds were asking them to provide. Your name, your phone number, your username, your profile picture, and most importantly a list of everyone you have contacted with signal.
This is in direct opposition to the very first line of their privacy policy which lies when it states "Signal is designed to never collect or store any sensitive information." and they've refused for years now to correct that lie and update their policy to detail all the new data collection they're doing.
Do you have details on this? Given that usernames just came out, I don’t expect they’re storing many of them, but I’m interested in specifically a source for “a list of everyone you have contacted with signal”
This has been true for many years now. At the time it caused a major uproar among the userbase (myself included) whose concerns were almost entirely ignored. Their misleading communication at the time caused a lot of confusion, but if you didn't know that Signal was collecting this data that should tell you everything you need to know about how trustworthy they are.
Here's some reading from the time of the change:
https://community.signalusers.org/t/proper-secure-value-secu...
https://community.signalusers.org/t/dont-want-pin-dont-want-...
https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...
https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...
Note that the "solution" of disabling pins mentioned at the end of that last article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.
My personal feeling is that Signal is compromised and the fact that the very first sentence of their privacy policy is a lie and they refuse to update it to detail their new data collection is a big fat dead canary warning people to find a new solution for secured communication. Other very questionable Signal moves that make me wonder if it wasn't an effort to drive people away from the platform as loudly as they were allowed to include the killing off of one of the most popular features (the ability to get both secured messages and insecure SMS/MMS in the same app) and the introduction of weird crypto shit nobody was asking for.
5 replies →
Sealed sender.
1 reply →
I do love that the two responses to this question are a confident assertion that they surely wouldn’t do that and yours posting evidence they do.
this seems to have stopped in 2021?