Because everything in Signal is end-to-end encrypted by default, the broad set of personal information that is typically easy to retrieve in other apps simply doesn’t exist on Signal’s servers.
Well, i’m not fluent in legalese, but isn’t the search order also exclusively asking for those two datapoints and nothing more?
They’re not asking for message timestamps e.g. or other metadata.
Maybe the court already knew that Signal doesn’t have any data to hand over beyond the registration dates?
That seems likely the case based off the series of previous warrants & subpoenas where they kept having to explain that they didn’t have any of that other shit to give.
That is not what I’m trying, no. Sorry if it came across like that.
My point is, that this isn’t an effective proof of a zero knowledge approach. In their blogpost, Signal says they don’t store anything, but this specific instance of a search warrant doesn’t serve to prove that.
It is great of them that they publish when and what they are asked to disclose, that practice is definitly appreciated. I do trust Signal, it is my main messenger.
This is just not the stresstest @Fuzzy_Red_Panda@lemm.ee makes it out to be in the top comment, imo.
Thanks for the additonal link. It’s interesting that Signal didn’t provide the last time the user connected to Signal here, as that was information which was requested and information that they have…
Nope. The search order asked for all the usual telecom info (see Attachment A), but Signal doesn’t retain most of that data, so all they were able to provide were registration date and last seen date.
Well, i’m not fluent in legalese, but isn’t the search order also exclusively asking for those two datapoints and nothing more? They’re not asking for message timestamps e.g. or other metadata.
Good catch. It does look like that. Maybe the court already knew that Signal doesn’t have any data to hand over beyond the registration dates?
That seems likely the case based off the series of previous warrants & subpoenas where they kept having to explain that they didn’t have any of that other shit to give.
Are you trying to turn this into “So, they got exactly what they wanted! Signal cooperated and are thus not secure!”?
That is not what I’m trying, no. Sorry if it came across like that.
My point is, that this isn’t an effective proof of a zero knowledge approach. In their blogpost, Signal says they don’t store anything, but this specific instance of a search warrant doesn’t serve to prove that.
It is great of them that they publish when and what they are asked to disclose, that practice is definitly appreciated. I do trust Signal, it is my main messenger.
This is just not the stresstest @Fuzzy_Red_Panda@lemm.ee makes it out to be in the top comment, imo.
Here ya go:
https://signal.org/bigbrother/northern-california-order/
Thanks for the additonal link. It’s interesting that Signal didn’t provide the last time the user connected to Signal here, as that was information which was requested and information that they have…
Nope. The search order asked for all the usual telecom info (see Attachment A), but Signal doesn’t retain most of that data, so all they were able to provide were registration date and last seen date.