Jump to content

Signal data collection

From Consumer Rights Wiki
Revision as of 10:16, 19 August 2025 by 146.70.171.126 (talk) (Fixed autocorrect typo)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Article Status Notice: Unacceptable Tone/Word Usage

This article needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Specifically it uses wording throughout that is non-compliant with the Editorial guidelines of this wiki.

Learn more ▼

Signal is an open source encrypted messaging service that is frequently recommended to users who rely on data security, such as human rights activists, whistleblowers, and journalists whose lives and/or freedom can depend on their ability to maintain private and secure communication.

In 2020, Signal has been accused of quietly collecting and storing sensitive user data on their cloud database without obtaining user consent.  

Background[edit | edit source]

Over the years Signal has curated a reputation that they do not collect or keep data on their users.

Signal has publicly disclosed that they have received legal requests for subscriber's names, telephone numbers, histories, and contacts and Signal has said that they were unable to supply that information because it was never collected by Signal in the first place. These incidents have been reported in the media.[1]

Signal's website states:[2]

"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.

Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."

Incident[edit | edit source]

In 2019, Signal previewed a feature called "secure value recovery".[3] This feature would allow users installing signal on a new device to pull down the user's encrypted data from cloud servers.[4]

This new feature has been accused of being a breach of privacy, with claims that Signal would start collecting the same kinds of information that Signal had been getting legal requests to turn over, and that Signal would keep that data in the cloud. As discussed later on, whilst the data is stored in the cloud, it is stored in a securely encrypted manner.[5]

The data being collected and stored in the cloud includes the user's name, photo, phone number, and a list of every Signal user they have contacted.[6][disputed contact discovery on Signal is private and does not share the phone number as explained later in the cited sources - discuss] Messages are not saved, however.

This was a highly controversial change, and some Signal users objected on philosophical grounds,[7][8][9][10] requesting that Signal instead provide a means to export encrypted backups that could be imported locally eliminating any need to upload data to the cloud. Signal users also raised technical concerns about the security of the system and doubts that it would protect their data.[11] Some of these concerns were also shared by cybersecurity experts[12][13][14] and security researchers demonstrated that the system was vulnerable to attacks which allowed them to access the user data being stored.[15][disputed "In recent weeks, Signal has introduced more features that make it more user friendly to people who may not have extremely paranoid threat models. For example, it’s now possible to migrate all Signal data, including message history, from one phone to another, using a feature that does not rely on cloud servers and is also encrypted, according to Signal. " - discuss]

There were also complaints specific to the implementation of the new pin feature[16][17], for example how often it required users to re-enter their PIN, or how it would make it harder to convince friends and family to use the app, but this was not a major issue. The main problem was that Signal's new data collection practices introduced new risks for Signal users that didn't exist before.[11][12][13][14]

Those who to read Signal's privacy policy looking for clarification can still be left confused and unaware of the change in data collection practices due to the organization's neglect in updating relevant language to reflect these changes.

Signal's response[edit | edit source]

Signal did not choose to reverse their decision on this data collection, and they began to roll out the change in 2020 without clear communication with the public or app users about the new feature.[17][18][19] Signal users queried the need for the PIN, and communication from the team suggested it was to ensure messages were not missed or lost, by keeping messages logged in a cloud format.[20] A more detailed response from Signal, following user backlash, explains that cloud backups were encrypted in the same way as messages, and were safe; however, this response was not published prior to the initial rollout.[5]

It resulted in a lot of confusion for users, many of whom only learned about this feature when they were prompted to create a PIN. There were many social media posts expressing confusion over what the feature was and what it was doing.[21][22] [19] Even years after the change was made, some Signal users were/are still unsure about what data Signal collects or were/are convinced that Signal doesn't collect any data at all.[23][24]

Some users are still confused by the situation regarding data collection, as Signal's own website to date states that they do not collect the message information they are collecting. The first line of their "Terms & Privacy Policy" page reads: "Signal is designed to never collect or store any sensitive information". This statement highlights the discrepancy between Signal's communicated mission and their exhibited data practices. This may be confusing to some users because relevant evidence currently contradicts the platform's otherwise clear data collection policies. [25]

This message is repeated on their support page under the heading: How do I know my communication is private?[26] This may confuse some people into believing that their messages and data have no backups on external servers.

There is no indication on Signal's older pages, which claim they don't collect this information, that the data collection policy discussed on those pages is now outdated. Examples include:

"Signal is designed to never collect or store any sensitive information. " - https://support.signal.org/hc/en-us/articles/360007059412-Signal-and-the-General-Data-Protection-Regulation-GDPR

"The Signal service does not have any knowledge of your contacts. Data is all owned by your phone." - https://support.signal.org/hc/en-us/articles/360007061452-Does-Signal-send-my-number-to-my-contacts

"In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars." - https://signal.org/blog/sealed-sender/

"Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with." - https://signal.org/bigbrother/eastern-virginia-grand-jury/

"Because we’ve built Signal to completely avoid storing any sensitive information...." - https://signal.org/blog/looking-back-as-the-world-moves-forward/

Requests have been made for Signal to update their policy following the change in data collection.[27][28]


Workarounds

While some social media posts and articles suggested that opting out of setting a pin would prevent a user's data from being uploaded to the cloud, this is not the case. [29] When a Signal user sets a pin, their data is uploaded to the cloud and secured using SVR, however when a user chooses to "opt-out", a pin is automatically created for them instead, their data is encrypted and then uploaded to Signal's Storage Service. User who "opt-out" won't know the pin that was created for them, will not be able to use SVR to recover their profile and contact info on a new device, but the data is uploaded to the cloud regardless. There is currently no way for a Signal user to prevent their data from being uploaded and stored in the cloud.[5]


References[edit | edit source]

  1. "FBI demands Signal user data, but there's not much to hand over". Archived from the original on 1 Apr 2024. Retrieved 6 Mar 2025.
  2. "Grand jury subpoena for Signal user data, Eastern District of Virginia". Archived from the original on 2 Mar 2025. Retrieved 6 Mar 2025.
  3. "Technology Preview for secure value recovery". Archived from the original on 28 Dec 2024. Retrieved 6 Mar 2025.
  4. "Technology Preview for secure value recovery". Archived from the original on 28 Dec 2024. Retrieved 6 Mar 2025.
  5. 5.0 5.1 5.2 "PSA: Disabling PINs will now upload nothing to the server". Archived from the original on 16 Jun 2023. Retrieved 6 Mar 2025.
  6. "What contact info does the Signal PIN functionality actually save". Retrieved 6 Mar 2025.
  7. "Don't want PIN, don't want anything stored in cloud". Archived from the original on 1 Mar 2024. Retrieved 6 Mar 2025.
  8. "PIN, cloud storage are showstoppers".
  9. "Forced PIN, bite it Signal".
  10. "Welcome to the cloud Signal users!".
  11. 11.0 11.1 "Proper secure value security: PINs are too easy to brute force, SGX is not reliable enough". Archived from the original on 1 Mar 2024. Retrieved 6 Mar 2025.
  12. 12.0 12.1 "Signal's New PIN Feature Worries Cybersecurity Experts". Archived from the original on 17 Jan 2025. Retrieved 6 Mar 2025.
  13. 13.0 13.1 "Signal Going to Cloud? A Discussion with Sean O'Brien".
  14. 14.0 14.1 "Does Signal's "secure value recovery" really work?".
  15. "SGX CacheOut SGAxe attack. Signal's cloud storage and contact discovery vulnerable". Archived from the original on 19 May 2023. Retrieved 6 Mar 2025.
  16. "An terrible experience with Signal PIN".
  17. 17.0 17.1 "Can someone explain this new PIN system?".
  18. "Mandatory PIN without clear explanation within the app might cause significant number of users to quit using Signal".
  19. 19.0 19.1 "What exactly is Signal protecting with the mandatory PIN?".
  20. "I don't understand what the new PIN requirement is for".
  21. "What contact info does the Signal PIN functionality actually save?".
  22. "Following user backlash, Signal lowers one of its drastic PIN measures".
  23. "What info does Signal store about it's user?". Archived from the original on 11 Oct 2021. Retrieved 6 Mar 2025.
  24. "About data collection and data delivery". Archived from the original on 1 Feb 2025. Retrieved 6 Mar 2025.
  25. "Signal Terms & Privacy Policy". Archived from the original on 2 Mar 2025. Retrieved 6 Mar 2025.
  26. "How do I know my communication is private?". Archived from the original on 14 Feb 2025. Retrieved 6 Mar 2025.
  27. "Can Signal please update its Privacy Policy". Archived from the original on 19 May 2023. Retrieved 6 Mar 2025.
  28. "Signal's Terms of Use and Privacy Policy are not very user friendly". Archived from the original on 6 Mar 2025. Retrieved 6 Mar 2025.
  29. "A few thoughts about Signal's Secure Value Recovery".
Retrieved from "https://consumerrights.wiki/index.php?title=Signal_data_collection&oldid=20874"