No doubt, events demonstrate that Signal is the most secure messaging app

Why Signal is considered the most secure instant messaging app?
It stores only a few information about its users, and the events demonstrate it.

The Intercept received the document, titled “iMessage FAQ for Law Enforcement,” as part of a cache originating from within the Florida Department of Law Enforcement’s Electronic Surveillance Support Team.

The log includes the date and time of the conversation and the user’s IP address, information that could allow identifying the user’s location.

Signal stores only a few information about its users and the events demonstrate it.

According to Open Whisper Systems who developed the Signal app, earlier this year an FBI subpoena and gag order demanded a wide range of information on two specific Signal users. Unfortunately for the FBI, the Bureau did not receive any precious information.

“In the “first half of 2016″ (the most specific we’re permitted to be), we received a subpoena from the Eastern District of Virginia. The subpoena required us to provide information about two Signal users for a federal grand jury investigation.” states a blog post published by Open Whisper Systems.

“We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.”

The FBI demanded the following data on the two suspects, seeking a subpoena:

• Subscriber name
• Payment information
• Associated IP addresses
• Email addresses
• History logs
• Browser cookie data
• Other information associated with two phone numbers

But Open Whisper Systems provided only a few information that was not useful for the investigation, as you can see in the following image.

It is important to highlight that the OWS did not refuse to comply with the government’s subpoena, it simply had no data to share with the FBI.

“As the documents show, the government’s effort did not amount to much—not because OWS refused to comply with the government’s subpoena (it complied), but because the company simply does not keep the kinds of information about their customers that the government sought (and that too many technology companies continue to amass),” states a post published by ACLU. “All OWS was able to provide were the dates and times for when the account was created and when it last connected to Signal’s servers.”

At the time I was writing some information about the subpoena is still secret.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –Signal , metadata )