Also a few interesting things: I saw a lot of people saying that Signal isn’t keeping metadata, and a few articles from4 years ago claiming that. I took a look at the signal ToS and Privacy Policy which states quite the opposite: „SIGNAL DOES NOT WARRANT […] THAT OUR SERVICES WILL BE […] SECURE, OR SAFE”, „For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.“ and „Other instances where Signal may need to share your data
To meet any applicable law, regulation, legal process or enforceable governmental request.“
Yes, the government can force them to give them encrypted garbage, and they will comply. They will also give the metadata with it, but there are multiple mechanisms in the APP (client-side) to make sure that the server can’t even access most of the metadata, because it’s either not sent or encrypted.
You’ll see that the only info they can provide is:
The day you signed up
The last day one of your clients pinged their servers (this is needed to purge abandoned clients)
So what their ToS means is pretty much that they will operate within the realm of reality. Who out there IS providing a warranty of security/safety? And if they fail to ensure your safety/security, how do you go about “redeeming” your warranty? I think you’re reading too much into it.
Thanks for the nice article!
No probs!
Also a few interesting things: I saw a lot of people saying that Signal isn’t keeping metadata, and a few articles from4 years ago claiming that. I took a look at the signal ToS and Privacy Policy which states quite the opposite: „SIGNAL DOES NOT WARRANT […] THAT OUR SERVICES WILL BE […] SECURE, OR SAFE”, „For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.“ and „Other instances where Signal may need to share your data
To meet any applicable law, regulation, legal process or enforceable governmental request.“
Yes, the government can force them to give them encrypted garbage, and they will comply. They will also give the metadata with it, but there are multiple mechanisms in the APP (client-side) to make sure that the server can’t even access most of the metadata, because it’s either not sent or encrypted.
Lets look at how they’ve behaved when forced to comply with the law - https://signal.org/bigbrother/central-california-grand-jury/
You’ll see that the only info they can provide is:
So what their ToS means is pretty much that they will operate within the realm of reality. Who out there IS providing a warranty of security/safety? And if they fail to ensure your safety/security, how do you go about “redeeming” your warranty? I think you’re reading too much into it.