That was in the past though. Now Signal is storing exactly that same information permanently in the cloud. Specifically they store your name, phone number, photo, and a record of every person you contact.

Metadata is enough to execute people (by certain country but anywhere in the world--it is immoral for Signal to position itself as secure if it provides such data).

Last I checked Signal was outright lying in their privacy policy which was never updated after they started collecting and storing user data in the cloud. You can't morally market yourself as secure while you lie to your users about what their risks are.

When did that change and how do you know about this?

But did you actually read that? It specifically doesn’t mention the obvious data that they do have (phone and IP), but instead focus on other sensitive metadata:

> variety of information we don’t have, including the target’s name, address, correspondence, contacts, groups, calls.