Signal Messengers Scams: Does Signal Private and Secure?
In most cases, users who are worried about whether Signal Messenger is safe have two questions:
- Is there a chance that my personal data will be accessed by third parties (including employees of the developer company)?
- In what cases can the service provide information about me to third parties?
Today we’re going to talk about Signal Messenger scams.
A faithful comparison of Signal Messenger with other tools is here.
Signal’s security system
According to the information on the developer’s website, Signal Messenger provides security, among other things, through the use of end-to-end encryption, namely “Signal Protocol.” This algorithm eliminates the possibility of leakage of information exchanged by users to third parties. It works according to the following principle:
- The sender types a text/attaches a photo or picture and clicks on “Send.” At the same moment, all the content is encrypted and sent to the intermediary point — the messenger server.
- The encrypted message gets to the server, from there it is sent to the address specified by the sender, and after receiving it by the addressee, it is immediately deleted (from the server), as required in Signal security. If the recipient is offline, the message is stored on the server for some time.
- After receiving the message, it is decrypted using a key that is on the recipient’s side and turns into text (video, photo, text file, etc.).
Your profile in the Signal is visible in the following cases:
- The interlocutor has been added to your contact list.
- You initiated the communication with the user or in the group yourself.
- The interlocutor with whom you once shared your profile has added you to the group (i.e. your data will be visible to all participants).
When you receive a request for communication from a new interlocutor, you can:
- Accept the request. A person will be able to write and call you, he will have access to information about your profile in this messenger. It will also be automatically added to your contacts list.
- Reject the request. The sender will not get access to the profile information, his message will be deleted. However, later he will be able to send you a communication request again.
- Block. This person will no longer be able to write to you in order to initiate communication, information about your profile will not be available to him. At the same time, he will not receive any notifications about blocking.
Also, each chat has its own security code. This code can only change (as a rule) when one of the participants reinstalls the messenger Signal or changes the smartphone. Each time you change the code, you will receive a corresponding notification.
Please note: if the codes are changed frequently, this may indicate that a third party has gained access to the interlocutor’s account. In this case, we recommend contacting the profile owner through other channels and clarifying whether everything is in order.
Signal messenger scams: Is the Signal so safe?
Above, we have provided general information about the principle by which the security of the Signal messenger is ensured. Next, let’s talk about storing user information and who and under what circumstances it can be transferred.
Now let’s move on to the question of Signal — is it safe in terms of storing personal data? As we have already said, all messages are deleted from the servers immediately after delivery to the addressee. The maximum storage period of such data has not been declared by the developer, but it definitely exists — and then irrevocable deletion occurs. But still, we leave some traces. The following data is stored:
- The fact of sending a message + to + time and date + information about delivery/non-delivery.
- The fact of making an outgoing call + to + time and date + information about its acceptance/non-acceptance by the second party.
- The fact of accepting an incoming call/missed call + from whom + time and date.
Also, a certain amount of technical information remains on the servers — push tokens, authentication tokens, etc. The amount of such data is strictly limited to the minimum necessary for the stable operation of the service.
*Note: All this is standard practice for any messengers, so there is no point in judging based on this information whether the Signal application is safe. It is important to whom and under what circumstances the specified data can be provided. We will talk about this below.
To whom and under what conditions are user data provided?
There is a special section on this on the developer’s website. It states that the information mentioned above, and your personal data may be provided:
- Within the framework of a government request and in the presence of a judicial process, a regulatory act or a law is applicable in this case.
- As part of the investigation of alleged violations.
- As part of the work on preventing acts of fraud, and security threats and eliminating technical problems.
- As part of protecting the security of other Signal users, as well as preventing damage to the property and rights of the messenger itself.
In principle, everything is standard here too. But in the same section, there is a clarification that makes you think about the Signal application, and whether it is safe to the extent that it is stated on the developer’s official website.
Despite all the security of the messenger, do not forget that all your data is somehow stored by the developers. Therefore, they can be transferred to third parties at any time.
Don’t want that to happen? Use Utopia P2P messenger — a part of the Utopia P2P ecosystem that ensures users’ privacy and online security. Registration and use are anonymous without personal data. So, nobody knows your real name and address. Moreover, even developers don’t know anything about you. Your private data is security hidden from prying eyes.
Read more about Utopia P2P Messenger here.