Comment by ebb_earl_co
2 days ago
This is why I still prefer Signal; this practice seems to be their modus operandi even though they, too, were affected by AWS us-east-1 catastrophe
2 days ago
This is why I still prefer Signal; this practice seems to be their modus operandi even though they, too, were affected by AWS us-east-1 catastrophe
Signal used to never collect data on users, but they've changed that a while ago and now they keep user's name, photo, phone number, and a list of their contacts permanently in the cloud protected from the government by nothing except by a leaky enclave and a pin (https://web.archive.org/web/20250117232443/https://www.vice....)
More recently they've started collected the contents of messages into the cloud too, yet to this very day their privacy policy opens with the lie: "Signal is designed to never collect or store any sensitive information." which hasn't been true for a very very long time. I consider their refusal to update their privacy policy to be a massive dead canary warning people that the service has already been compromised, but feel free to take your chances.
You're able to disable the pin feature to prevent that data from being saved though, so it definitely isn't a requirement.
I'm also not sure where you've read that they collect the contents of messages, because as far as I'm aware they still aren't doing that and I can't find any info online that indicates that they are (other than their secure backup feature that's opt-in only I suppose)
Actually you can't. If you choose not to set a pin, Signal just chooses one for you and uses that to upload all your data, only you won't be able to access it. There is no way to prevent your data from being sent to the cloud. For more info see here: https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin... and https://community.signalusers.org/t/what-contact-info-does-t...
The fact that Signal users are still unaware of where their data is going and when should tell you all you need to know about how trustworthy the service is. Not being 100% clear about the risks people take when using software which is promoted for use by people whose freedom and/or lives depend on it being secure is a very bad look for Signal.
As for message backups they are at least opt-in (for now anyway) and you can learn more about them here: https://signal.org/blog/introducing-secure-backups/
Well shit.
Alternatives?
Was hard enough getting my circle on signal.
I don't have a good one sorry. I'm currently using silence for unsecured texting and jami for secure communication. Both are not something I'd recommend to regular people the way Signal used to be back when they let you get secure and insecure texts in one place.