SpywareWatchdog/wip/signal.html

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.w3.org/MarkUp/SCHEMA/xhtml11.xsd" xml:lang="en">
  <head>
    <title>Signal</title>
    <link rel="stylesheet" type="text/css" href="../style.css"/>
  </head>
  <body>

    <h1 >Signal</h1>
    <p><img src="../images/Signal-logo.png" /></p>
    <p>Signal is a "private" instant messenger.</p>
    <h2 >Spyware level: <font style="color:yellow;">MEDIUM</font></h2>
    <h2 >You need to give Signal your phone number to work</h1>
    <p>You cannot create an account in Signal without giving it your phone number.</p>
    <h3 >Signal is not completly Peer-To-Peer</h1>
    <p>Signal claims to be a Peer-To-Peer messenger. But this is not true because Signal stores <strong>your phone number</strong> in the servers.<a href="#fn1" class="footnote-ref" ><sup>1</sup></a></p>
    <h1>Signal has the decryption keys of their messages</h1>
    <p>
      The Signal legal terms<sup>3</sup> claims they have the
      decryption keys:<br/>
      <i>
	"Additional technical information is stored on our servers,
	including randomly generated authentication tokens, keys, push
	tokens, and other material that is necessary to establish
	calls and transmit messages. Signal limits this additional
	technical information to the minimum required to operate the
	Services."
      </i>
      <br/>
      It also says it would give info to the government and law
      enforcement agencies:<br/>
    <i>
      Third Parties. We work with third parties to provide some of our
      Services. For example, our Third-Party Providers send a
      verification code to your phone number when you register for our
      Services. These providers are bound by their Privacy Policies to
      safeguard that information. If you use other Third-Party
      Services like YouTube, Spotify, Giphy, etc. in connection with
      our Services, their Terms and Privacy Policies govern your use
      of those services.
    </i>
    <br/>
    Please note the "Services like youtube, spotify, giphy". Those
    sites are in the Signal source code<sup>4</sup>, so they can spy
    on you.

    Then, we have this:<br/>
    <i>
      Other instances where Signal may need to share your data

    To meet any applicable law, regulation, legal process or enforceable governmental request.
    To enforce applicable Terms, including investigation of potential violations.
    To detect, prevent, or otherwise address fraud, security, or technical issues.
    To protect against harm to the rights, property, or safety of Signal, our users, or the public as required or permitted by law.
    </i>
    <br/>
    </p>
    <h3 >Further reading</h1>
    <p><a href="https://kill-9.xyz/harmful/software/signal">Signal considered harmful</a></p>
    <h1 >References</h1>
    <section class="footnotes" role="doc-endnotes">
      <p>1: <a href="https://blog.0day.rocks/a-look-into-signals-encrypted-profiles-5491908186c1">A Look Into Signal’s Encrypted Profiles</a></p>
      <p>2: <a href="https://github.com/signalapp/Signal-Android/issues/127">Request: Google Play signed download alternative</a></p>
      <p>3: <a href="https://signal.org/legal/">https://signal.org/legal/</a></p>
      <p>4: <a href="https://signal.org/blog/signal-and-giphy-update/">https://signal.org/blog/signal-and-giphy-update/</a></p>
    </section>
  </body>
</html>