[ale42]

As far as they say, messages are deleted once delivered, or retained up to 45 days if not:

   Devices are always retrieving messages from their mailbox when they are 
   online, and as soon as the device confirms they’ve gotten a message, it is 
   deleted from the Signal servers.

   If a device has been offline for a while, it may have a lot of messages 
   waiting in its mailbox when it returns. Today, Signal will hold a message in 
   a device’s mailbox for up to 45 days, giving an idle device a chance to wake 
   up and fetch it.

(source: https://signal.org/blog/a-synchronized-start-for-linked-devi..., dated Jan. 2025)

[pelzatessa]

It is possible for them to say that they deleted the messages without actually deleting them though. One has to trust a pretty big company in order to not worry about the messages actually not being stored anywhere.

I'm not aware of all techniques that Signal uses to somehow make the message anonymous even when if the encryption would have been broken, but sealed sender seems to be one of them:

https://signal.org/blog/sealed-sender/

So at least there's that. Unless the encrypted sealed sender messages aren't somehow being fingerprinted by the IP address of client and the timestamps of connections. Signal probably also says that they don't log these, but with self hosted mailserver I wouldn't have to trust them on that too.

[cristoperb]

> One has to trust a pretty big company...

Or a medium-sized (~50 employee) nonprofit, anyway.

[pelzatessa]

Huh, it's true. I thought an organization that needs $50M yearly to function[1] would employ more people. Still, I think it's fair to call them "pretty big" looking on how much media exposure they get or their operating costs. Perhaps a bit misleading from my part with the "company" part, as I'm not english-native, every type of firm,company,foundation in my head translates to a "company", sorry about that, will be more clear next time :)

[1] https://www.wired.com/story/signal-operating-costs/

[cristoperb]

No worries, I don't think "company" is even technically wrong. But I do think given the nonprofit structure (and Moxie Marlinspike's track record), that there are fewer incentives for Signal to lie about its privacy guarantees than a messaging app backed by a commercially-driven big company.