I meant at the server. We have no way to know that is running there.

tptacek · 2025-01-26T23:13:19 1737933199

The point of end-to-end encrypted messaging is not having to care about what the server is running, which is why the threat models for most academic cryptographic research on these things is "assume a compromised server", and, if that gets you real compromises, the protocol is considered broken.

upofadown · 2025-01-27T01:37:20 1737941840

End to end encryption protects content. It doesn't protect things like information about who is talking to who. For that you need something like an onion network. As already mentioned, Briar uses Tor for that. Signal claims to not collect such information but my point is that we have no way to know what they collect. Claims don't count for anything for these sorts of things..

Almondsetat · 2025-01-26T19:52:26 1737921146

How can the server collect data you aren't sending to it?

mmooss · 2025-01-26T19:23:03 1737919383

The server is open source too. You could download it and run your own server, afaik.

TiredOfLife · 2025-01-26T19:35:23 1737920123

Signal occasionally drops something that could be the server code.

When they were working on their cryptocurrency they didn't release anything for over a year.

chikere232 · 2025-01-26T19:25:54 1737919554

isn't that what the e2e encryption is for?

I guess they could collect metadata of course