scifibestfi

> By using end-to-end encryption, user messages are stored only on their devices, not on Signal’s servers or anywhere else.

How do we know with certainty that the messages are not stored anywhere else? Don't they go through servers to get to the end user?

kklisura

Signal received subpoena to produce all data they have on a user and they provided just two data-points: last connection date and account creation date [1][2]. So I'm pretty sure they do not store anything else.

[1] https://signal.org/bigbrother/central-california-grand-jury/

[2] https://signal.org/bigbrother/eastern-virginia-grand-jury/

coldtea

And how to we know they don't collect other data but don't advertise it?

If they have a special deal with government, the court wouldn't even know about those, or might be instructed not to ask them and not disclose anything.

kklisura
Valid question, which I don't have the answer for, but since Signal is open-source [1][2] it's open to lot of analysis. Since we haven't heard anything damaging so far, I'm guessing it's _secure enough_.

[1] https://github.com/signalapp/Signal-iOS

[2] https://github.com/signalapp/Signal-Android