A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.34K Posts
- 110K Comments
- Modlog
Be specific: what does Signal divilge about me to outsiders besides “I have used Signal”?
Who you are specifically (name etc) and the same amount of information on everyone you have talked to on signal and when you talked. Basically everything except for the actual content of the messages.
This is vastly different from every other piece of information I’ve read about Signal. Please link me to a source for your claims.
If it is tied to a phone number then any information connected to the phone account will be connected to the signal account identity. And any identifying information attached to the method used to pay for the phone account will be attached to the phone account and consequently the signal account.
Typically people pay using credit or debit cards, so the identifying information of those bank accounts become attached to your signal account.
So Signal doesn’t provide anonymity. Is that all you’re saying?
Yes… and if it needs to be said, I am also directly implying that anonymity is a large and crucial part of privacy.
It needs to be said. Because anonymity is only one part of privacy.
Security is another part - in messaging, this means that the message cannot be spied on in transit, and cannot be altered in transit.
Authenticity is another part - you need to know that the message came from who it claims to have come from, and not elsewhere.
Signal does not provide anonymity, basically. But it guarantees security and authenticity beyond doubt. And this is useful - you can exchange secure information with people using Signal, knowing that it’s not being spied on or altered, knowing that only the person you intend to see the data can see it, and knowing that they know that you sent it.
But yeah, if you want to send messages anonymously, other services are necessary.
Everyone you talk to and when you talked to them, with their real identities via phone numbers. Because signal is hosted in the US and subject to national security letters, you should assume the worst.
Are you talking about the client app, or about the service?
Much of what you said doesn’t apply to the service, which stores hashed phone numbers and first access / last access times and nothing else.
And the client does store these things, but also lets users delete messages and contacts. Your message deletions can propagate as well.
Even if this weren’t false (otherwise they wouldn’t be able to connect to your existing contacts), that’s a “just trust us” claim. You give them your phone number, you should assume they have it and not “trust them” to hash it like its a password.
Not that its that important, but its yet another just trust us claim.
You literally don’t understand how hashing works, got it. Please educate yourself on this topic. In short, “connecting your existing contacts” is ENTIRELY possible with hashed phone numbers; it’s not even complicated or tricky. To claim otherwise, as you just did, is nothing but trumpeting your own ignorance.
As for deleting (and propagating deletion of) messages, this is most definitely NOT a matter of “just trust us”. The client is open-source! We KNOW how it works. We KNOW that deletion propagates across devices when you tell it to. We KNOW that the service cannot see your unencrypted messages, and that the encrypted messages are made with AES so even quantum computers in the future can’t decrypt them. This is incredibly far from “just trust us”.
removed by mod
The leak from the administration was because Pete Hegseth included a journalist in a discussion about sensitive war plans. Trying to blame that on Signal is deceptive on your part.
If you are saying that Signal does not offer anonymity then you are right. Anyone I message on there knows it’s me. But Signal is still keeping my messages safe from monitoring and third-party surveillance, to the best of my knowledge.
This is the core of the issue, and it’s wild how many people don’t get it.
Your phone number is metadata. And people who think metadata is “just” data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.
By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand.
So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that it operates using a centralized server located in the US should worry people far more than it seems to.
The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal’s intentions are pure, we’d never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.