SpywareWatchdog/wip/signal.html

67 lines
3.4 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.w3.org/MarkUp/SCHEMA/xhtml11.xsd" xml:lang="en">
<head>
<title>Signal</title>
<link rel="stylesheet" type="text/css" href="../style.css"/>
</head>
<body>
<h1 >Signal</h1>
<p><img src="../images/Signal-logo.png" /></p>
<p>Signal is a "private" instant messenger.</p>
<h2 >Spyware level: <font style="color:yellow;">MEDIUM</font></h2>
<h2 >You need to give Signal your phone number to work</h1>
<p>You cannot create an account in Signal without giving it your phone number.</p>
<h3 >Signal is not completly Peer-To-Peer</h1>
<p>Signal claims to be a Peer-To-Peer messenger. But this is not true because Signal stores <strong>your phone number</strong> in the servers.<a href="#fn1" class="footnote-ref" ><sup>1</sup></a></p>
<h1>Signal has the decryption keys of their messages</h1>
<p>
The Signal legal terms<sup>3</sup> claims they have the
decryption keys:
<i>
"Additional technical information is stored on our servers,
including randomly generated authentication tokens, keys, push
tokens, and other material that is necessary to establish
calls and transmit messages. Signal limits this additional
technical information to the minimum required to operate the
Services."
</i>
It also says it would give info to the government and law
enforcement agencies:
<i>
Third Parties. We work with third parties to provide some of our
Services. For example, our Third-Party Providers send a
verification code to your phone number when you register for our
Services. These providers are bound by their Privacy Policies to
safeguard that information. If you use other Third-Party
Services like YouTube, Spotify, Giphy, etc. in connection with
our Services, their Terms and Privacy Policies govern your use
of those services.
</i>
Please note the "Services like youtube, spotify, giphy". Those
sites are in the Signal source code<sup>4</sup>, so they can spy
on you.
Then, we have this:
<i>
Other instances where Signal may need to share your data
To meet any applicable law, regulation, legal process or enforceable governmental request.
To enforce applicable Terms, including investigation of potential violations.
To detect, prevent, or otherwise address fraud, security, or technical issues.
To protect against harm to the rights, property, or safety of Signal, our users, or the public as required or permitted by law.
</i>
<h3 >Further reading</h1>
<p><a href="https://kill-9.xyz/harmful/software/signal">Signal considered harmful</a></p>
<h1 >References</h1>
<section class="footnotes" role="doc-endnotes">
<p>1: <a href="https://blog.0day.rocks/a-look-into-signals-encrypted-profiles-5491908186c1">A Look Into Signals Encrypted Profiles</a></p>
<p>2: <a href="https://github.com/signalapp/Signal-Android/issues/127">Request: Google Play signed download alternative</a></p>
<p>3: <a href="https://signal.org/legal/">https://signal.org/legal/</a></p>
<p>4: <a href="https://signal.org/blog/signal-and-giphy-update/">https://signal.org/blog/signal-and-giphy-update/</a></p>
</section>
</body>
</html>