I have a ton of concerns with Signal. They started collecting and storing user data in the cloud while being deceptive/unclear about it in their communications leading to a ton of confusion with users. In fact they're now storing exactly the same data that they've bragged about not being able to turn over since at that time they weren't keeping it. Pretty much as soon as it was clear Signal was going to start keeping user data, users started with objections and asking for a way to opt out of the data collection and bringing up security concerns but those objections were ignored.
To this day they're violating their own privacy policy because after they started storing user data in the cloud they never bothered to update the policy.
Currently it states: "Signal is designed to never collect or store any sensitive information." while in practice they store your name, your photo, your phone number, and a list of everyone you're in contact with which is pretty damn sensitive, especially if you're an activist or a whistleblower.
I've stopped using/recommending it. To this day I run into posts where people think Signal isn't collecting any user data. I hope every user who has to learn what signal is really collecting from some random internet comment thinks long and hard about what that says about how transparent and trustworthy signal is.
I'll give Session a look! Right now I'm using silence for unsecured texting and Jami for secure communication, but both lack polish and going from signal to silence was rough. It really needs a search function.
Anyone not following all the drama at the time wouldn't have a clue, and a bunch of people who did still came away with incorrect information anyway because Signal didn't make it clear at all what they were doing and they've gone out of their way to avoid answering direct questions in a clear way ever since, instead keeping the myth that they don't collect user data alive.
There's no reason they couldn't have provided a simple opt out for the data collection and avoided the issue entirely and the fact that they wouldn't do that was red flag enough, but the mess of confusion their communications caused and their refusal to update their privacy policy should be all the evidence we need that they're not to be trusted. To be fair to the folks at Signal, they may actually be trying to communicate that very message to their users as loudly as they're legally able to.
The whole cloud data collection, and the fact that their privacy policy is now veritably incorrect for over 2 years now certainly makes it plausible there's more they're keeping away from us.
To this day they're violating their own privacy policy because after they started storing user data in the cloud they never bothered to update the policy.
Currently it states: "Signal is designed to never collect or store any sensitive information." while in practice they store your name, your photo, your phone number, and a list of everyone you're in contact with which is pretty damn sensitive, especially if you're an activist or a whistleblower.
I've stopped using/recommending it. To this day I run into posts where people think Signal isn't collecting any user data. I hope every user who has to learn what signal is really collecting from some random internet comment thinks long and hard about what that says about how transparent and trustworthy signal is.