|
|
|
|
|
|
by hifromwork
763 days ago
|
|
|
>but not the contacts or social graph, neither many other relevant metadata [2]. Assuming you trust them (notice all your links point to signal.org own publications). Most of the privacy people are cautious/paranoid and assume that everything that can be collected is collected. Even assuming a lack of malicious intent, what's stopping NSA from hacking into Signal's infrastructure and logging who's talking to who along with timestamps? That's not to say I don't trust signal (it's the best mainstream solution right now), but it could do better to hide metadata from the protocol. |
|
|
Sealed Sender, the second link in the comment you've replied to. The indicator is off by default, but you can enable it under Settings → Privacy → Advanced. If I remember correctly, it doesn't work for the very first message you exchange with someone, but then it turns on and remains on.
In layman terms, it turns "from A; to B; content: <encrypted>" into "to B; content: <encrypted>". Their infrastructure doesn't need to know the "from" part to serve its purpose, so they strip it away.
If it was the other way around, they'd have to give that info to the (US) court. Same as any other US-based business, it's not optional, they can't ignore such requests, they can't lie, otherwise they'd be placing themselves in legal troubles for a random nobody that happens to be using their product. So, when I see this page, I fully believe them: https://signal.org/bigbrother/. If I didn't, my first step would be to look up those court cases from alternate sources.