[autoexec]

> You should assume every bit of information sent on the internet is archived in a massive warehouse somewhere, because it is.

Leaving aside the whataboutism here, you shouldn't assume that when you're using a secure messaging app that claims to be designed to never collect or store user data. Signal makes that claim at the start of their privacy policy and it is a lie. It started out true, but they begain colleting data and they refuse to update their policy.

> Thus, we have to trust the cryptography itself.

No one is suggesting we can't trust cryptography. The fact is that doesn't matter how strong your algprythm is when you're encrypting that data with a 4 digit number. You can 100% "trust the cryptography" and still acknollege that it won't take very long for someone to brute-force your pin and get your data plain text.

> Sending an encrypted message to a peer is no different from sending an encrypted message to yourself... (and it's even opt in AFAIU).

This has nothing to do with "sending data to yourself" and everything to do with Singal collecting data from you and storing it for itself. There is a massive difference between encrypting something yourself and sending that data to yourself and someone else copying data from you, encryping it, and saving it for themselves.

This data collection is also not opt in. At all. You can opt out of setting a pin, but if you do one will be automatically generated for you and your data still gets silently uploaded to Singal servers to be stored. The community spent months begging for Signal to add a way to opt out of this data collection, but they were ignored.

See:

https://community.signalusers.org/t/dont-want-pin-dont-want-...

https://community.signalusers.org/t/mandatory-pin-without-cl...

> Pretty simply, if you don't trust the crypto then you have a very different threat model

"The crypto" isn't the problem here. The problem is Signal collecting sensitive user data and permanently storing it on their servers in a manner that could allow it to be accessed by third parties and then not clearly disclosing that to their users and refusing to update their privacy policy to reflect the change.

[dcow]

Signal can't possibly read the data. How is that for itself? Only you can decrypt it! Signal doesn't have your data. They have garbage bits of effectively random noise.

You can prove it to yourself. Go take one of Signal's servers and try to find someone else's data there. You won't.

Why would Signal update their privacy policy to reflect the desire of misguided fear mongers? I certainly wouldn't do that if I were them.

[autoexec]

> Signal can't possibly read the data.

They literally can. If you can brute force a 4 digit pin, you can access any of the data protected by a 4 digit pin. Some pins are longer, but it's notable that even after a lot of backlash they continue to push for "pins" and not "passwords" knowing that many will continue to use a simple four digit number.

> You can prove it to yourself. Go take one of Signal's servers and try to find someone else's data there. You won't.

um... what?

> Why would Signal update their privacy policy

To accurately reflect the data they collect and how it is used? So that they don't lie to their users by making claims that are demonstrably false? To notify whistleblowers and activists that their information and the information of those who they are in contact with could be discovered by state actors who can force Signal to give them access? There's three good reasons right there.

I'm sorry you're so upset by this. I know the reality is uncomfortable but that doesn't make it "fear mongering". I honestly wish it wasn't true. I wish they weren't collecting user data, I wish they were doing more to secure what they do collect, and most of all I wish they were honest and forthcoming about what they are doing, but wishes can't change what is. I hope that regardless of if you use Signal or not, you'll try to accept facts even when they aren't easy to accept.

[dcow]

Let me make this clear: if the data is stored in a way that Signal's service cannot decipher it, then it's not collected by any reasonable definition of collected". In order for Signal to collect it they would have to obtain it, which they don't, and can't, do.

This term isn't just some loose word to be thrown around and abused on message boards. If we take your definition of collected where handling encrypted data is collecting it, then "the internet" collects all data. Uh oh.

What signal does is route encrypted messages between principals in a system. That's all they do. They don't collect personal information. Read their subpoena responses, they publish all of them.

[autoexec]

> Let me make this clear: if the data is stored in a way that Signal's service cannot decipher it, then it's not collected by any reasonable definition of collected".

I think this is misguided, and confuses the truth. Data collected and stored remotely is being "collected and stored remotely" regardless of how well protected it is.

I will however concede that it is possible to design a system where data is encrypted on a device and then uploaded to the cloud in such a way that simply having that encrypted data on a remote server doesn't put that data at risk. Signal did not design their system in that way.

> If we take your definition of collected where handling encrypted data is collecting it, then "the internet" collects all data. Uh oh.

Again, this isn't about handling encrypted data - it's about the long term storage of highly sensitive but encrypted data - and as I said above, even that is fine if it's done correctly. Signal has done a poor job of designing their system which leaves user's data at risk.

> What signal does is route encrypted messages between principals in a system. That's all they do.

That used to be "all they do". Then, about two years ago they decided they wanted everyone to have profiles which would be kept on the cloud. As soon as you install the software, before you try to send any message to anyone you're asked to provide a pin to secure you data. Once you set one (or opt out of setting it yourself) it collects a bunch of data from your device (not needed for routing anything - remember you've just installed the app and are not trying to send or receive any message at this time) and having collected that data it encrypts it on your device using the pin, then it uploads that data to their cloud. That data can be recovered by you (or anyone else for that matter) by providing the pin that you set. The data they just collected and stored is not used to transmit, route, or delver messages. This data collection takes place in addition to any information needed temporarily to transmit, route, or delver messages.

> Read their subpoena responses, they publish all of them.

That's incorrect. They publish the ones they are allowed to publish under the law (look up "national security letters" for more info) and their refusal to provide one agency with data says nothing about the requests they are forced to comply with. Their favorite examples involve cases where Signal was unable to hand over the data because they didn't collect it in the first place. Today, because of changes in their data collection practices, they now collect exactly the kinds of data they were not collecting before and were therefore unable to provide.

It's unlikely that Signal would be compelled by a standard subpoena to brute force their users pins to access the encrypted data. It is far more likely that the data is already being collected by an agency on-site, and that the data collection is continuous and ongoing (look up "Room 641A" for an example of on-site data collection by the state).

The fact that it is unlikely that Signal would be compelled by a standard subpoena to brute force their users pins does not mean:

- Signal employees can't do it themselves any time they feel like it.

- State actors can't do it whenever they feel like it

- A hacker couldn't gain access to a server and do it

Because of the sensitive nature of the messages sent over the platform, and because they have explicitly marketed themselves to vulnerable groups like whistleblowers and activists it is critical that Signal be honest about the risks of using their software. They insist they don't collect any data, while in practice they do. They say they secure the data they have, in practice that data is exposed by way of multiple vulnerabilities that could very well endanger the freedom or even the lives of the people using Signal.

[dcow]

Can you link to the implementation? I'll agree that a 4 digit pin is rather egregious and trivially crackable. I don't know a single serious cryptographer that would allow such nonsense which is why your comment sounds so unbelievable. I thought they were blending the pin with some device-local entropy to make a reasonably strong key. I'd like to verify your claim.

[autoexec]

Basically, they planned to get around much of the problem by depending on a very insecure secure enclave to make up for a lack of basic sound security practices.

The scheme they came up with to store user data in the cloud was described here: https://signal.org/blog/secure-value-recovery/

The code is here: https://github.com/signalapp/SecureValueRecovery

This site does a pretty good job of explaining why this isn't a good design: https://palant.info/2020/06/16/does-signals-secure-value-rec...

I'm sure I've linked to it already, but please review the discussion here as well: https://community.signalusers.org/t/sgx-cacheout-sgaxe-attac...

Even more details here: https://community.signalusers.org/t/wiki-faq-signal-pin-svr-...