[csense]

This applies to any company, doesn't it?

Your home country can tell you "Give us your data" and you have to comply.

"I will never give up customer data" is a very tough promise to keep, if the government threatens you with your business license being revoked, your servers and domains being forcibly seized by the police, and you personally going to jail.

(Under the current US administration, we can add "A close examination of the immigration status of all foreign nationals employed by your company, followed by probable deportation or jail" to the list of potential consequences for resisting the government.)

[autoexec]

The trick is to collect as little data as possible and to get rid of what you need to collect as quickly as you can. This is in direct opposition to the practices of companies like Microsoft which wants to spy on their users and profit from the data they collect though.

There's also an open question of how possible it is to run a system that doesn't collect/store data in a way that makes it possible to be collected by the government. The US government can force companies to compromise their systems or shut down their services if they refuse. In the past they've even threatened that shutting down a service instead of compromising it could still get operators in legal trouble.

At this point anyone who wants to keep the US government out of their data should avoid using any US company.

[ebb_earl_co]

This is why I still prefer Signal; this practice seems to be their modus operandi even though they, too, were affected by AWS us-east-1 catastrophe

[autoexec]

Signal used to never collect data on users, but they've changed that a while ago and now they keep user's name, photo, phone number, and a list of their contacts permanently in the cloud protected from the government by nothing except by a leaky enclave and a pin (https://web.archive.org/web/20250117232443/https://www.vice....)

More recently they've started collected the contents of messages into the cloud too, yet to this very day their privacy policy opens with the lie: "Signal is designed to never collect or store any sensitive information." which hasn't been true for a very very long time. I consider their refusal to update their privacy policy to be a massive dead canary warning people that the service has already been compromised, but feel free to take your chances.

[hashiyakshmi]

You're able to disable the pin feature to prevent that data from being saved though, so it definitely isn't a requirement.

I'm also not sure where you've read that they collect the contents of messages, because as far as I'm aware they still aren't doing that and I can't find any info online that indicates that they are (other than their secure backup feature that's opt-in only I suppose)

[autoexec]

Actually you can't. If you choose not to set a pin, Signal just chooses one for you and uses that to upload all your data, only you won't be able to access it. There is no way to prevent your data from being sent to the cloud. For more info see here: https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin... and https://community.signalusers.org/t/what-contact-info-does-t...

The fact that Signal users are still unaware of where their data is going and when should tell you all you need to know about how trustworthy the service is. Not being 100% clear about the risks people take when using software which is promoted for use by people whose freedom and/or lives depend on it being secure is a very bad look for Signal.

As for message backups they are at least opt-in (for now anyway) and you can learn more about them here: https://signal.org/blog/introducing-secure-backups/

[qmr]

Well shit.

Alternatives?

Was hard enough getting my circle on signal.

[autoexec]

I don't have a good one sorry. I'm currently using silence for unsecured texting and jami for secure communication. Both are not something I'd recommend to regular people the way Signal used to be back when they let you get secure and insecure texts in one place.

[hulitu]

> This is why I still prefer Signal;

You do realize that Signal's CEO is a "former" CIA asset, don't you /s

[charles_f]

Well this is especially significant because Microsoft is currently building a sovereign datacenter in France (nicknamed "Bleu"). I'm wondering what the consequence of that testimony will be.

https://blogs.microsoft.com/on-the-issues/2025/04/30/europea...

[cesarb]

> This applies to any company, doesn't it? Your home country can tell you "Give us your data" and you have to comply.

Not all countries have an equivalent to the USA CLOUD Act.

[tharne]

> Not all countries have an equivalent to the USA CLOUD Act.

Not yet, anyway. Unfortunately, pretty much every country seems to be getting less and less open and free over time. Some are better than others, but it does feel like everyone is regrettably rowing in same direction.

[tremon]

Your home country can tell you "Give us your data" and you have to comply

Not according to both Amazon's and Microsoft's historic marketing materials. They have always claimed that data stored in your local jurisdiction is not accessible to law enforcement abroad. And the US judiciary initially agreed with that: https://petri.com/microsoft-wins-appeal-data-stored-abroad-s...

...which then led to the US CLOUD act and here we are, once again, proving that the past is alterable; just like Oceania has always been at war with Eurasia.

[satellite2]

Of course. But what if the holding lives in a country that don't enforce this (or is too weak to). Then all the subsidiaries are really sovereign from the host country perspective.

It seems the solution is ages old. Don't have the holding incorporated in an empire...

[vladvasiliu]

How would this work in practice? If the empire wants to get at your data, why do you think it would shy away from pressuring a country so weak that it can't afford to enforce this on their companies?

[stetrain]

Then the empire just says that they want the data or you won't be allowed to operate in the empire, which would be bad for profits and anger shareholders.

[throwawayffffas]

Well yes but that is all the more reason for EU entities to use EU companies for data storage.

[xorcist]

That's not so. In a democratic state of law, the police can not unilaterally decide to seize you servers, and the politicians cannot tell the police to do so. Separation of powers is a thing.

[pjmlp]

Nice theory, that even on US isn't really working nowadays.

[OKRainbowKid]

Why do you say "even" in the US?

[hulitu]

> Why do you say "even" in the US?

ROTFL

[recursive]

What would stop them from doing that?

[vmnb]

Capital flight

[recursive]

The alleged existence of this mechanism requires kind of a long feedback loop, and might not be reliable enough for some potential customers' taste.

[LarsKrimi]

> "I will never give up customer data" is a very tough promise to keep

If you don't have a spine, sure

That's what US companies are seen as from a European perspective: Spineless and untrustable

It's a great sales argument for locally grown software though, so I'm not complaining :)

[tharne]

> If you don't have a spine, sure

I've never understood this take. A lot of people were saying this sort of thing when Proton Mail turned over some user data to authorities in Europe a while back.

If you're running a tech company and run afoul of the law in some or another jurisdiction, it doesn't matter how much spine you think you have. When a group of men with guns, i.e. the police, shows up at your door and gives you the option of turning over some customer data or spending the next 10 years of your life in a steel cage, I'm betting that practically no one is going to choose the cage, spine or not.

The only way to keep user data safe is to not collect it in the first place.

[LarsKrimi]

Agreed with your last point. I'll disagree with everything else (except for the part about Proton, not really up to date on their operations)

[idkfasayer]

In theory, there is rule of law, the intention of which is to prevent government's access to your property and body without a court order and any emergency access such as use of force at crime scenes being subject to public scrutiny. I guess that was the idea when the USA was established as a country, but people forgot what their ancestors where fighting for.