Comment by autoexec
2 years ago
At this point that's entirely unclear. Because they're keeping your data in the cloud my guess is that the US government can easily access that data and any other government can get anyone's data as long as they can guess the person's PIN. You can find a discussion on the problems with their security here: https://community.signalusers.org/t/proper-secure-value-secu...
Required reading:
https://eprint.iacr.org/2016/1013.pdf
That was before they started collecting and storing sensitive data in the cloud.
See https://sgaxe.com/files/SGAxe.pdf for an attack that leaked Signal contacts.
The parent is right: https://news.ycombinator.com/item?id=39414322