this post was submitted on 11 Jan 2025
183 points (98.4% liked)
Privacy
32740 readers
2584 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is false. They cannot turn over any type of data that is encrypted. Metadata or otherwise. That's the point of encryption.
Except that most of the metadata isn't encrypted anywhere and usually also can't be encrypted as otherwise the service wouldn't be able to function.
Plenty of services encrypt metadata. You need to do more research.
You seem to be highly misinformed what metadata is. A server for example will always have access to unencrypted IP addresses from the clients connecting to it, this is impossible to avoid unless you use a service like Tor that relays internet traffic, but that has very little to do with "encryption".
And even with Tor, if the person didn't compartmentalize their conversations into different identities, they'd have the pseudonymous graph.
Another thing a server can easily access is the timestamp of messages. Even if that is somehow stored encrypted in the server, messages are sent in real time and the server can easily log those, so an e2e encryption chat service will at the very least have logs with IP and timestamps. This can't really be avoided.
According to signal facts all the have is your phone number and and the date you signed up for the service and the last day you connected to the server. IP address are not logged or stored the do t have access to it and signal has said this everytime the get a warrent for user data. So yes it is possible to have a secure service that doesn't collect IP addresses but yes the do have some limited data so you are correct.
That is all they claim to store for later retrival*, which is not the same as what they would be able to capture in real-time and hand over to law-enforcement if forced to by a court (and they wouldn't be able to tell you about it because of a gag-order).
*However this claim is contradicted by the source-code of their server (which they sometimes publish) which seems to store significantly more and of course this is assuming the code is indeed the same as the one they run on their servers, which is unclear.
Edit: and their servers run on AWS, so even if Signal itself doesn't store the IP addresses, Amazon certainly could.
Very good and true point well said I agree with you on that good thing I am not important enough for it to be a issue lol or do anything illegal.
Passive data collection is an issue for me even though I am also not important. I do use Signal, but only with my true identity and with a few people I know from real life. When it comes to purely online communities, I compartmentalize my identities.
Same here hence my username on here its the same on all platforms