Tag Archives: google

A minor privacy thought about Signal usage

Privacy, , , , ,

Now that Meta (Zuck in Texas) has gone berserk like ex-Twitter did in 2022 several people on Mastodon are suggesting to use Signal to people asking how to quit Meta products.

<Intermezzo Matrix>

And then some people start to comment to the suggestions that people really should use Matrix. Well, I thought it was a bit too tiring to read into all the comments. I do have some doubts about Matrix (for some purposes and in certain setups) and I’d like to write a blog post about that one day.

Perhaps it is interesting from encryption point of view to read what experienced encryption person Soatok (Search with a search engine for “soatok blog” with Mojeek, DDG and you’ll find it. Has at least one blog entry about Matrix) has to say about Matrix.

</Intermezzo Matrix>

In this post I’d like to share the following :

In the past Signal was using Amazon services for their hosting, and Signal was blackmailed more or less into making changes because Amazon could not read enough meta-data. Anyway, currently Signal is apparently using Google servers (e.g. check : storage.signal.org which iirc stores your avatar – block this one and you can’t change your avatar) and CloudFlare (e.g. check cdn2 dot signal dot org) services and maybe more from others.

Why am I saying this ? Just for one reason : It is all USA based.

The thing I’d like to share here is something else. If you are in a Signal chat group with

let’s say twenty people, twenty activists, and you share one web link of an article, and all of the users do have the default web link preview on, then it seems to me the activity of the group could be tracked. This is maybe not very likely, but you can be sure that “control-freaks” country USA will track Internet traffic, and if the web link you share is a little obscure, let’s say you post a link from a Lemmy, Mbin or PieFed post posted in a new and small community about guerilla gardening (just an example, can’t think of a more obscure but important thing right now! :)) then all the link preview traffic could reveal a thing or two especially if the website in question is also hosted in the US of A or within the 5 eyes or 8 eyes or 14 eyes countries and so on.

So, take off your tin foiled hat for a moment and consider turning off link previews in Signal so you have some more control about when and where you will “leak” meta data from your chat group.

/Happy chatting 🙂

Part of letter from Amazon to Signal, 2018