“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”
This isn’t an ad, I wasn’t paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. 😀 👍
Signal stores no metadata on their servers that is accessible to them in any way. Everything is end to end encrypted, only your client(s) - which are open source and auditable - have the keys to decrypt the minimal data that is stored on Signal’s servers, like group names, members etc.
The Signal client also supports remote attestation [0] to ensure the server it is communicating with is running the same open source code that has been published - similar tech that’s used to allow your computer to play DRM encrypted videos is used now instead to your benefit vs corporate owned media. The same way they verify you’re not gonna rip the video before they send it to your computer, the Signal client verifies the server isn’t compromised before it starts sending it any data.
I’m not aware of any other messengers that do remote attestation.
[0] https://signal.org/blog/secure-value-recovery/