Replying to Avatar Janneke

#Signal = #USA = NoGo

1

It supports #surveillance

https://www.counterpunch.org/2025/03/07/the-revolution-will-not-be-signaled/

2

#SignalApp is #Trump friendly

https://therecord.media/signal-no-longer-cooperating-with-ukraine

3

It collects your #Metadata like #WhatsApp

https://primal.net/e/note14hf9d3fkkhrsygkyzz8snuwyukckd4yqx0cq62z35cwp53a20a8suw457j

#UnPlugTrump #DeleteSignal better use #Threema = EU + stores 0 + anonymous

Avatar
Danie 9mo ago

The problem with all that is there is ZERO proof of that. It is all assumptions, people "close to", and associations. It is the same stuff that the US government never presented about Huawei and TikTok, which is why I don't believe that about Huawei or TikTok until we see some actual evidence from proper security audit reports.

Mentally, I just switch off from all "could be" reports. Those are the basis of conspiracy theories. I'm waiting to see proper peer reviewed reports of whether Signal has actually shared any data or not.

We all know that any company can be legally subpoenaed in any country to hand over the data they DO have in their possession. So yes Signal, WhatsApp, Telegram, and many others would have to do that. The question for me is whether Signal would be willingly sharing such data with any 3rd parties - for that, we have no evidence at all.

That type of behaviour has been proven from Facebook for example with their Cambridge Analytica scandal as one example. WhatsApp we know from their T&Cs that they do share the user metadata with upstream (Facebook) and partners. Again, no evidence that Signal does this.

Yes the ideal would be to be completely log-free, phone number-free, etc like Briar, Threema, Session, SimpleX, and others. Then there would be nothing to hand over. But Signal appears to have trodden an ethical line so far, until proven otherwise.

Reply to this note

Please Login to reply.

Discussion

Avatar
Janneke 9mo ago

This has all been known for many years!

Search for “Signal Google Amazon Microsoft Cloudflare” yourself

https://www.ecosia.org/search?tt=e8eb07a6&addon=brave&q=Signal+Google+Amazon+Microsoft+Cloudflare

You will then find numerous subdomains via which the traffic goes.

Make a traceroute on it and then you'll see for yourself.

The rest is in the US Cloud Act

https://en.wikipedia.org/wiki/CLOUD_Act

Avatar
Danie 9mo ago

Signalk is E2EE for sure so it does not matter where it goes through. The risk is on the end devices, and that risk is the same for Threema, Briar, and others.

I was referring though to no evidence of Signal selling data. Yes, metadata does have to be handed over if there is a legal process from government, and that goes for any government and country, and is also where the US CLOUD Act comes in. Other governments have similar provisions.

The fact remains though that my comparison was between Signal and WhatsApp. Signal has minimal metadata and does not willingly share or onsell that data, whilst WhatsApp actively collects metadata and does willingly share it with others (as their T&Cs state). That is the big difference.

Between the two, for mainstream non-tech users, I'd rather see them using Signal than WhatsApp. Such users are very rarely going to find their way on properly secure and private messengers.

Avatar
Janneke 9mo ago

https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

Avatar
Danie 9mo ago

OK but that is a Cloudflare vulnerability actually? Signal is still more private than WhatsApp?

Avatar
Janneke 8mo ago

No its not - Signal collects your Metadata and WhatsApp collects your metadata!

No difference!

Reading above educates!

Avatar
Danie 8mo ago

There is a big difference that I pointed out - WhatsApp T&Cs specifically state upstream sharing of metadata to Facebook and their partners. You can also be very sure that WhatsApp sees a lot more metadata than Signal, as in lots. That's the big difference for me and why I deleted WhatsApp.

Avatar
Janneke 8mo ago

Reading educates....

https://primal.net/e/nevent1qqs2m5jkc5mtt3czytzpprcf78zwtvtx6jqr8uqd9pg6v8q6g7487ncvxdtw9

Avatar
Danie 8mo ago

Saying something also helps a lot - for E2EE the middle means nothing at all. The risk is on the end device and the metadata collection. How would cloud affect E2EE? Even Cloudflare only breaks SSL - if the content is encrypted on device, it stays that way to the other side.

Avatar
Janneke 8mo ago

If you dont understand a text, that you read, I cant help you anymore!

Avatar
Danie 8mo ago

No I think you need to read a bit wider than one report. If you read wider, would not have to keep trying to explain it. Just read WhatsApp's T&Cs here at https://www.whatsapp.com/legal/terms-of-service under Affiliated Companies and sharing of information (that is metadata). This is active sharing.

Then you can read Signal's policy at https://signal.org/legal/ and you'll see "Signal does not sell, rent or monetise your personal data or content in any way – ever".

As I said it is chalk and cheese here on data sharing. The one actively shares and monetises metadata, the other explicitly does not do so.

That is why I replied to you and said yes there is a very big difference between WhatsApp and Signal, and you cannot just lump them under the same privacy levels.

If you'd done the reading on the T&C's like you expected me to do the reading, you would have seen this quite clearly.

If you read up on proper E2EE that is initiated at the end user device, you'll see too the whole point of that is that the message content is not seen or decrypted in any way by any cloud service, so what cloud service is used is irrelevant. The only exception is a service hosted with its SSL via Cloudflare, then Cloudflare does break that SSL encryption in the middle. But that is not how WhatsApp or Signal work, as they both use the Signal protocol.

Both Signal and WhatsApp have been independently audited (by the EFF for WhatsApp, and Signal by independent auditors from Germany, Switzerland, the USA and Canada). Those all confirmed the content of messages are secure irrespective of the clouds they use.

The difference comes in the metadata side, which I explained earlier from both their written T&Cs. The metadata is also what is available, and what can legally be subpoenaed to be handed over to a country's law enforcement so how much is stored, is also important, but in the case of WhatsApp they actively share that anyway to partners (you can read about how that happened via Facebook and the Cambridge Analytica scandal). Facebook was of course now the Meta that WhatsApp refers to in their T&C's and was one reason why they switched the name of the holding company away from Facebook. But that is another whole story.

Avatar
Janneke 8mo ago

If you dont understand a text, that you read, I cant help you anymore!

Avatar
Danie 8mo ago

Why don't you just READ what I actually posted — reading educates, and maybe you'll learn something

Avatar
Janneke 8mo ago

If you dont understand a text, that you read, I cant help you anymore!