Need explanation about Signal

Lately Signal said to have been subpoeaned to provide all information they hold about a user, and everything they provided are the timestamp of the account creation and the last time login.
Don’t Signal servers store users contacts list ?? if not, then how can they make sure the people not in the recipient’s contact list can’t use sealed sender to send messages to the recipient? are those messages blocked only once they reach the recipients device ?
And what about the pins they have introduced ? isn’t so the servers store a copy of the user’s chat list?

The only things that Signal stores “in the cloud” are:

  • Message that haven’t been delivered yet (for 90 days max), they are encrypted with the Signal protocol, which is widely regarded as very secure, meaning that even they can’t see the contents and the sender thanks to Sealed Sender). They also delete the messages once they have been delivered (though we can’t prove that).
  • Profile and group membership information, protected via the PIN. The PIN itself is cryptographically weak, but they use secure value recovery to make it safer. It is enough for most users but I still recommend using a strong randomly generated password instead of a 4 digit pin, which is easy to do if you are already using a password manager.
  • Group administration mechanisms, protected by their private group system which means that everything about group membership, the name and picture of the group is encrypted, and they don’t have access to it.

AFAIK not much else is stored on their servers, beside what is naturally required to forward messages.

They don’t store users contact list, and use private contact discovery so that you can see who is on signal and who is not, without revealing your entire contact list.

how can they make sure the people not in the recipient’s contact list can’t use sealed sender to send messages to the recipient

I think your phone sends this setting to their severs, and it is forwarded to anyone trying to contact you, and the app only sends with sealed sender if you already have exchanged some messages. It would still be possible to build a modified version of the app that always sends with sealed sender, but I think that your phone would simply reject the message.

I don’t have any source on that last part though, it’s mainly a guess. The solution would be to look at the source code.

poVoq
5
edit-2
2M

AFAIK it is all linked to your phone’s contact list. Apparently it is optionally uploaded to the cloud encrypted via the pin, but that is a really weak pass-phrase thus I wouldn’t expect that encryption to be sufficiently strong.

Not sure how exactly the sealed sender block works, but it does seem likely to be client side.

But IMHO being subpoenaed isn’t the main thread model with Signal. US courts might not be a beacon of justice, but they still usually need a pretty good reason for requesting such data. IMHO the real issue with Signal is that their centralized servers are very likely compromised by an NSA linked insider that can access the connection metadata in real-time.

@dragonX
creator
1
edit-2
2M

If it is uploaded to the cloud, then is Signal lying about what they provided to the courts ??
Centralization is definitely a big issue. but it seems the privacy community and security experts turned a blind eye on that and gave Signal a pass to advertise themselves as the most secure and private messaging tool out there.

@ajz
32M

Signal mentioned another subpoena from a few years ago. The pin feature is relatively new, maybe a year old ? afair the pin feature can be skipped by the end users so you don’t have to use it.

bunkrra
12M

im doubting from the begging the whole “singal affair”, to good to be true story for me, i guess? cause of snowden told so? privacy should go with zero trust policy. btw im not using the app, pls dont take me as a oposittion, im happy that mentioned affair opened the data privacy topic to the wider public.

bunkrra
32M

do we know kind of sw is running the servers? do we know their whole infrastructure? as has been already mentioned, centralization is a problem, it doesnt matter if signal is crypted, triple hashed, lol, or whatever. They are operating with your data, everything under “one” data warehouse, on the very end only couple of people have access and know the truth, so we can just talk and waste time. im not questioning the quality of the app, im questioning the fact, that you are anyway full of doubts when you are not running the system for you, by you. decentralized web.

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 71 users / day
  • 100 users / week
  • 196 users / month
  • 620 users / 6 months
  • 3093 subscribers
  • 1714 Posts
  • 7155 Comments
  • Modlog