The article states that they are only saving a hashed copy of the currently set username, if any. While they might in theory keep more than that on hand, their policy has always been to minimize accessible data, and have responded in kind whenever subpoenaed, which is at least a very strong evidence.
The code is also fully open source for both server and client, so you could independently validate it yourself.
The article states that they are only saving a hashed copy of the currently set username, if any. While they might in theory keep more than that on hand, their policy has always been to minimize accessible data, and have responded in kind whenever subpoenaed, which is at least a very strong evidence.
The code is also fully open source for both server and client, so you could independently validate it yourself.
Are you sure code for server is open source? I thought only the client was.
https://github.com/signalapp/Signal-Server
Everything is completely open under AGPL 3.0, really neat.
Worth pointing out that a git repo doesn’t mean that’s what they’re running on the server
I’m not saying don’t trust Signal, but it’s worth remembering that you are trusting them
I think you are confused between telegram and signal.