Jump to content

Talk:Signal Data Collection

From Consumer_Action_Taskforce
Revision as of 08:50, 7 March 2025 by Kostas (talk | contribs) (indent reply)

Latest comment: 7 March by 131.93.221.242 in topic Notices

Notices

Latest comment: 7 March2 comments2 people in discussion

added several notices on this article InTransparencyWeTrust (talk) 18:30, 6 March 2025 (UTC)Reply

@InTransparencyWeTrust! Thank you for highlighting exactly the problem with Signal's misleading and unclear communication.
There is no question that Signal stores data in the cloud. Please review references for more information. If you are in a hurry, here's Signal's handy animation https://signal.org/blog/images/secure-value-recovery-animation.gif taken from https://signal.org/blog/secure-value-recovery/ explicitly illustrating how requests are sent to and handled by their cloud servers
The data being stored in the cloud (which includes the user's name, photo, phone number, and a list of every contact) is an entirely different thing from private contact discovery. The data collection is not related in any way to private contact discovery (although both use SGX for protection). This data collection is only for SVR/Storage Service. You may find this FAQ helpful. This is the archived version as it was removed and replaced with links to a bunch of far less helpful blog posts: https://web.archive.org/web/20230101032155/https://community.signalusers.org/t/faq-signal-pin-svr-kbs-storage-service-cloud/15690
Also note that the feature which can migrate all Signal data without the data stored on the cloud does not in any way prevent Signal from collecting and storing that data on the cloud. It just doesn't use the data stored in the cloud to transfer settings. The data is still in the cloud though. More importantly that feature did nothing prevent the data already stored in the cloud from being vulnerable to the CacheOut attack and will not prevent any future SGX vulnerabilities or side channel attacks from allowing that data to be exposed.
As for "Tone" concerns, if somebody has a better way to say that Signal is telling people something that objectively isn't true ("Signal is designed to never collect or store any sensitive information.") without saying that they are lying, feel free to edit that language to whatever is more appropriate. I don't know what else to call a lie without sounding like weasel. 131.93.221.242 01:21, 7 March 2025 (UTC)Reply
Retrieved from "https://consumerrights.wiki/index.php?title=Talk:Signal_Data_Collection&oldid=11375"