While Signal messages might be e2e encrypted, people tend to forget that the platform collects phone numbers of its users, which can be used to identify people.
This makes Signal an effective metadata collection tool that resides on a central server in the US.
By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people's connections and affiliations.
@yogthos Just to play Devil's advocate:
What are the alternatives?
XMPP might be, but they haven't been able to get their shit together for a decade and a half regarding... well, everything. Jabber is in shambles, especially regarding E2EE:
https://soatok.blog/2024/08/04/against-xmppomemo/
Matrix just has awful protocol design that crumbles under its own weight. Don't believe me? Try visiting #matrix:matrix.org.
So... We're kinda screwed, aren't we.
@krom @drq I have bad news, Matrix also appears to be a metadata harvesting bananza
https://web.archive.org/web/20210804205638/https://serpentsec.1337.cx/matrix
https://hackea.org/notas/matrix.html
https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md
@yogthos @krom @drq don't believe everything you find in the internet about matrix, at least verify it.
Information on these sites is partly outdated, wrong or misrepresented.
Anyways, it's true Matrix servers usually store your (encrypted) messages with their meta data, and so does the Matrix server of your communication partner.
@yogthos @krom @drq nothing specifically, because I don't have the time to explain everything every time someone throws links to these known webpages on the internet.
Maybe I should set up one myself for that.
Regarding the last one, which is referenced front he second one, I would like to point to https://news.ycombinator.com/item?id=20179982 (discussion and statements from Matthew - today's CEO of element)
Linked comments document:
https://matrix.org/~matthew/Response_to_-_Notes_on_privacy_and_data_collection_of_Matrix.pdf
Addressing some of the real issues:
https://matrix.org/blog/2019/09/27/privacy-improvements-in-synapse-1-4-and-riot-1-4/
Note everything is 5 years old, thus some of it might and probably is outdated again.
The first link is pretty accurate though