Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Adapt videos to articles
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Consumer_Action_Taskforce
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Talk:Signal Data Collection
Add topic
Page
Discussion
English
Read
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit source
Add topic
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Notices== added several notices on this article [[User:InTransparencyWeTrust|InTransparencyWeTrust]] ([[User talk:InTransparencyWeTrust|talk]]) 18:30, 6 March 2025 (UTC) :[[User:InTransparencyWeTrust|@InTransparencyWeTrust]]! Thank you for highlighting exactly the problem with Signal's misleading and unclear communication. :There is no question that Signal stores data in the cloud. Please review references for more information. If you are in a hurry, here's Signal's handy animation https://signal.org/blog/images/secure-value-recovery-animation.gif taken from https://signal.org/blog/secure-value-recovery/ explicitly illustrating how requests are sent to and handled by their cloud servers :The data being stored in the cloud (which includes the user's name, photo, phone number, and a list of every contact) is an entirely different thing from private contact discovery. The data collection is not related in any way to private contact discovery (although both use SGX for protection). This data collection is only for SVR/Storage Service. You may find this FAQ helpful. This is the archived version as it was removed and replaced with links to a bunch of far less helpful blog posts: https://web.archive.org/web/20230101032155/https://community.signalusers.org/t/faq-signal-pin-svr-kbs-storage-service-cloud/15690 :Also note that the feature which can migrate all Signal data without the data stored on the cloud does not in any way prevent Signal from collecting and storing that data on the cloud. It just doesn't use the data stored in the cloud to transfer settings. The data is still in the cloud though. More importantly that feature did nothing prevent the data already stored in the cloud from being vulnerable to the CacheOut attack and will not prevent any future SGX vulnerabilities or side channel attacks from allowing that data to be exposed. :As for "Tone" concerns, if somebody has a better way to say that Signal is telling people something that objectively isn't true ("Signal is designed to never collect or store any sensitive information.") without saying that they are lying, feel free to edit that language to whatever is more appropriate. I don't know what else to call a lie without sounding like weasel. [[Special:Contributions/131.93.221.242|131.93.221.242]] 01:21, 7 March 2025 (UTC) ::The animation you reference is about the consensus algorithm they use, which they operate within the constrained environment of an SGX enclave, used to store the auth key and amount of guesses, according to the blog. You mention that the alleged data collection is different, and is only for SVR/Storage Service, which you do not mention in the article. What is also missing is explaining when this Storage Service is used, opt-in/opt-out, relation to settings like setting a PIN, etc. The article also needs a fuller extend of the response to the backlash. A more recent blog post of this year (https://signal.org/blog/a-synchronized-start-for-linked-devices/) explains that "your personal devices are where your message history lives, and that means we have to transfer history between the devices themselves.", "We donβt have access to your message history (or your [https://signal.org/blog/building-faster-oram/ contacts], [https://signal.org/blog/signal-private-group-system/ groups], [https://signal.org/blog/introducing-stories/ stories], [https://signal.org/blog/signal-profiles-beta/ profile avatars], or [https://signal.org/bigbrother/ anything else])." [[User:InTransparencyWeTrust|InTransparencyWeTrust]] ([[User talk:InTransparencyWeTrust|talk]]) 09:01, 7 March 2025 (UTC)
Summary:
Please note that all contributions to Consumer_Action_Taskforce are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Action Taskforce:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
