Obviously doesn't include warrants they may have received where a gag order is in place, but you can see from the responses they do publish that they only store phone number, initial registration date, and last connection date.
They love to brag about the times when they were asked to hand over data and they had to tell the feds that they couldn't because that kind of data was never collected or stored in their systems in the first place. They still love to brag about it, but it's no longer true. They now collect and permanently store in the cloud exactly the kind of data that the police and feds were asking them to provide. Your name, your phone number, your username, your profile picture, and most importantly a list of everyone you have contacted with signal.
This is in direct opposition to the very first line of their privacy policy which lies when it states "Signal is designed to never collect or store any sensitive information." and they've refused for years now to correct that lie and update their policy to detail all the new data collection they're doing.
Do you have details on this? Given that usernames just came out, I don’t expect they’re storing many of them, but I’m interested in specifically a source for “a list of everyone you have contacted with signal”
This has been true for many years now. At the time it caused a major uproar among the userbase (myself included) whose concerns were almost entirely ignored. Their misleading communication at the time caused a lot of confusion, but if you didn't know that Signal was collecting this data that should tell you everything you need to know about how trustworthy they are.
Note that the "solution" of disabling pins mentioned at the end of that last article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.
My personal feeling is that Signal is compromised and the fact that the very first sentence of their privacy policy is a lie and they refuse to update it to detail their new data collection is a big fat dead canary warning people to find a new solution for secured communication. Other very questionable Signal moves that make me wonder if it wasn't an effort to drive people away from the platform as loudly as they were allowed to include the killing off of one of the most popular features (the ability to get both secured messages and insecure SMS/MMS in the same app) and the introduction of weird crypto shit nobody was asking for.
I was a user and a fan. Spent years recommending Signal to others. People are pretty used to software turning to shit but it still sucks to have to reach out to tell people they should look for alternatives to the software I'd once recommended to them.
I swear if VLC ever turns evil I'm giving up on recommending software forever (in the meantime, check out VLC if you haven't already!).
> I was a user and a fan. Spent years recommending Signal to others.
I don’t blame you, I think it did start with a good promise initially, but I believe just like anything centralized that turns big, it will become evil.
> in the meantime, check out VLC if you haven't already!
The player? Or is that a new messaging app? For messaging I usually use Matrix/simpleX/Session.
Even before they added all the data collection and cloud storage 'sealed sender' didn't do much to protect users.
"Even under the sealed sender, observers said, Signal will continue to map senders' IP addresses. That information, combined with recipient IDs and message times, means that Signal continues to leave a wake of potentially sensitive metadata. Still, by removing the "from" information from the outside of Signal messages, the service is incrementally raising the bar." (https://arstechnica.com/information-technology/2018/10/new-s...)
A couple years after that "incremental" improvement Signal started keeping everything forever in the cloud which means that today governments can get a signal user's information just by brute forcing a PIN
At this point that's entirely unclear. Because they're keeping your data in the cloud my guess is that the US government can easily access that data and any other government can get anyone's data as long as they can guess the person's PIN. You can find a discussion on the problems with their security here: https://community.signalusers.org/t/proper-secure-value-secu...
As if you can't get a whole lot of information on most people with just their phone number. The number of people whose Signal ID is built off a burner phone ad no longer traceable back to them is miniscule.
> As if you can't get a whole lot of information on most people with just their phone number. The number of people whose Signal ID is built off a burner phone ad no longer traceable back to them is miniscule.
Yes, but what are you going to do with this information? All you know is how long they've been a signal user and when they last connected.
You're not thinking this through. You might have someone else's device with access to their signal chats, but need to confirm the identity of someone they're talking to. You might have been able to ID a person but only have had temporary access to the message data (eg undercover agents who sneak or are granted a look at someone else's Signal messages). You might have a Signal conversation with someone you suspect of crime, and want to establish correlation with their use of signal (by most-recently-accessed timestamps) and some other activity.
That doesn't explain why it has nothing to do with spam.
If you know how to build an anonymous communication platform, that is convenient to use, and is also spam resistant/proof, you have the miracle platform idea.
And then when you're faced with potential criminal suits and/or the security state coming after you for "national security" reasons, you implement the tracking the government wants so you don't potentially go to trial and/or prison.
That's why Signal only stores your phone number (and when you last connected) - they know nothing about your real identity, so they can't link it back to you.
What experience do you have to have gained this confident knowledge?