zlacker

[parent] [thread] 4 comments
1. autoex+(OP)[view] [source] 2023-11-16 18:44:13
> Everyone likes to bash more privacy oriented companies if they aren't absolutely 100% perfect in every single way, but IMO perfect is the enemy of good and Signal has been very good.

Signal has not been good. The absolute least we should expect from any "privacy oriented company" is that they're honest and fully transparent about the data they collect and store, and Signal is none of that. Since they started collecting and forever storing sensitive user data in the cloud they've refused to update their privacy policy to alert people to that data collection.

If you advertise your service to human rights activists, journalists, and whistleblowers whose freedom and/or lives are on the line you owe it to them to be extremely clear about what their risks are by using your service, but Signal outright lies to them in the very first line of their privacy policy.

This isn't "perfect being the enemy of good" this is either a massive dead canary warning people not to use/trust Signal, or it's completely immoral and irresponsible.

replies(1): >>Night_+C
2. Night_+C[view] [source] 2023-11-16 18:47:13
>>autoex+(OP)
Every single time I've seen Signal asked for data in a court case, they've basically handed back a unix timestamp of when the account was created and said "that's all we have". Or it was last access time, I could have misremembered.

Either way, that seems quite good to me.

replies(1): >>autoex+A2
◧◩
3. autoex+A2[view] [source] [discussion] 2023-11-16 18:56:31
>>Night_+C
You're right, that's how it used to be. They still have pages on their website bragging about times when they didn't have anything to turn over because they didn't keep any of it. A while ago that all changed. They started collecting and forever storing in the cloud the exact data those requests were asking for. Lists of everyone you've been contacting, along with your profile data (name, phone number, photo).

https://community.signalusers.org/t/proper-secure-value-secu...

If you're a Signal user and this is the first time you're hearing about this, that should tell you everything you need to know about how trustworthy Signal is.

replies(1): >>Night_+8h
◧◩◪
4. Night_+8h[view] [source] [discussion] 2023-11-16 19:59:29
>>autoex+A2
The technical info in that community form is a few notches too technical, I work in a different knowledge base.

If someone broke down what the timeline was, what new info is being stored that wasn't before, how that is known, and how Signal has responded, etc, then that would be useful.

I'll admit it doesn't seem great. Phone number I understand, but name and contacts are more concerning.

replies(1): >>autoex+tn
◧◩◪◨
5. autoex+tn[view] [source] [discussion] 2023-11-16 20:31:26
>>Night_+8h
There's a good article on the topic here: https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...

Note that the "solution" of disabling pins mentioned at the end of the article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.

There's a lot more information about it in various places, but Signal went out of their way to be as confusing as possible in their communications so it caused a lot of people to get the wrong idea (see for example https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...)

The forums were in an uproar for months asking Signal to not start collecting data or at least give people a means to opt out. Here's a good thread with links to a bunch of the conversations people were having at the time: https://community.signalusers.org/t/mandatory-pin-is-signal-...

[go to top]