67 lines
3.4 KiB
HTML
67 lines
3.4 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
||
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
xsi:schemaLocation="http://www.w3.org/MarkUp/SCHEMA/xhtml11.xsd" xml:lang="en">
|
||
<head>
|
||
<title>Signal</title>
|
||
<link rel="stylesheet" type="text/css" href="../style.css"/>
|
||
</head>
|
||
<body>
|
||
|
||
<h1 >Signal</h1>
|
||
<p><img src="../images/Signal-logo.png" /></p>
|
||
<p>Signal is a "private" instant messenger.</p>
|
||
<h2 >Spyware level: <font style="color:yellow;">MEDIUM</font></h2>
|
||
<h2 >You need to give Signal your phone number to work</h1>
|
||
<p>You cannot create an account in Signal without giving it your phone number.</p>
|
||
<h3 >Signal is not completly Peer-To-Peer</h1>
|
||
<p>Signal claims to be a Peer-To-Peer messenger. But this is not true because Signal stores <strong>your phone number</strong> in the servers.<a href="#fn1" class="footnote-ref" ><sup>1</sup></a></p>
|
||
<h1>Signal has the decryption keys of their messages</h1>
|
||
<p>
|
||
The Signal legal terms<sup>3</sup> claims they have the
|
||
decryption keys:
|
||
<i>
|
||
"Additional technical information is stored on our servers,
|
||
including randomly generated authentication tokens, keys, push
|
||
tokens, and other material that is necessary to establish
|
||
calls and transmit messages. Signal limits this additional
|
||
technical information to the minimum required to operate the
|
||
Services."
|
||
</i>
|
||
It also says it would give info to the government and law
|
||
enforcement agencies:
|
||
<i>
|
||
Third Parties. We work with third parties to provide some of our
|
||
Services. For example, our Third-Party Providers send a
|
||
verification code to your phone number when you register for our
|
||
Services. These providers are bound by their Privacy Policies to
|
||
safeguard that information. If you use other Third-Party
|
||
Services like YouTube, Spotify, Giphy, etc. in connection with
|
||
our Services, their Terms and Privacy Policies govern your use
|
||
of those services.
|
||
</i>
|
||
Please note the "Services like youtube, spotify, giphy". Those
|
||
sites are in the Signal source code<sup>4</sup>, so they can spy
|
||
on you.
|
||
|
||
Then, we have this:
|
||
<i>
|
||
Other instances where Signal may need to share your data
|
||
|
||
To meet any applicable law, regulation, legal process or enforceable governmental request.
|
||
To enforce applicable Terms, including investigation of potential violations.
|
||
To detect, prevent, or otherwise address fraud, security, or technical issues.
|
||
To protect against harm to the rights, property, or safety of Signal, our users, or the public as required or permitted by law.
|
||
</i>
|
||
<h3 >Further reading</h1>
|
||
<p><a href="https://kill-9.xyz/harmful/software/signal">Signal considered harmful</a></p>
|
||
<h1 >References</h1>
|
||
<section class="footnotes" role="doc-endnotes">
|
||
<p>1: <a href="https://blog.0day.rocks/a-look-into-signals-encrypted-profiles-5491908186c1">A Look Into Signal’s Encrypted Profiles</a></p>
|
||
<p>2: <a href="https://github.com/signalapp/Signal-Android/issues/127">Request: Google Play signed download alternative</a></p>
|
||
<p>3: <a href="https://signal.org/legal/">https://signal.org/legal/</a></p>
|
||
<p>4: <a href="https://signal.org/blog/signal-and-giphy-update/">https://signal.org/blog/signal-and-giphy-update/</a></p>
|
||
</section>
|
||
</body>
|
||
</html>
|