Signal is centralized, hosted on AWS, and through a mixture of legal procedures codified by US law and their bundled gag orders (PR/TT order, SCA warrant, FISA 702, and usage of NSLs) that can be extended for significant lengths of time and, occasionally, in de facto perpetuity, all metadata (who is talking to who, when, from where) can be monitored in real-time without Signal ever being informed. Combined with existing legal procedures for telecoms and VOIP providers for real-time + retrospective location tracking by phone number/associated IMEI/IP address by way of tower connectivity (this framework is required by law [specifically, CALEA] to be implemented by default for all users, not after the fact nor on-request), that's enough data to escalate to standard law enforcement procedures if an incriminating link is found, whereby the phone's internal message history can be dumped either through private (ex.: Cellebrite) or functionally coercive legal means (refusing to decrypt data can get you jail time if you are the subject of an investigation, and deletion of data such as via duress pins etc can get you a destruction of evidence charge), at which point all of your messages can be dumped.
And this all ignores the fact that firmware for basebands and cryptoprocessors (and most other hardware components in all devices) is closed-source, proprietary code, and that Signal piggybacks off of device encryption for at-rest message data instead of reimplementing it in userland. (This feature used to exist and was removed, but can be re-added through the Molly fork.)
I've also known protesters who have also had Signal geoblocked at the site of a protest the moment it was slated to start, forcing members of said protest to fall back to unencrypted methods at crucial times. Being centralized and using US-based cloud infra does a lot to compromise anonymity and security, even if message content isn't immediately readable.
Luckily, Signal is not vulnerable to push notification interception, but if you want a great real-world example of how gag-ordered dragnet metadata surveillance visible to both domestic and foreign governments (by way of international intelligence agreements) can look for massive corporations rendered helpless by this legal framework, that's a great case study to look into. https://www.reuters.com/technology/cybersecurity/governments...
Throwing out the accusation of apps being "backdoored" just obscures the real, de facto "backdoors" that are US law.
Signal is centralized, hosted on AWS, and through a mixture of legal procedures codified by US law and their bundled gag orders (PR/TT order, SCA warrant, FISA 702, and usage of NSLs) that can be extended for significant lengths of time and, occasionally, in de facto perpetuity, all metadata (who is talking to who, when, from where) can be monitored in real-time without Signal ever being informed. Combined with existing legal procedures for telecoms and VOIP providers for real-time + retrospective location tracking by phone number/associated IMEI/IP address by way of tower connectivity (this framework is required by law [specifically, CALEA] to be implemented by default for all users, not after the fact nor on-request), that's enough data to escalate to standard law enforcement procedures if an incriminating link is found, whereby the phone's internal message history can be dumped either through private (ex.: Cellebrite) or functionally coercive legal means (refusing to decrypt data can get you jail time if you are the subject of an investigation, and deletion of data such as via duress pins etc can get you a destruction of evidence charge), at which point all of your messages can be dumped.
And this all ignores the fact that firmware for basebands and cryptoprocessors (and most other hardware components in all devices) is closed-source, proprietary code, and that Signal piggybacks off of device encryption for at-rest message data instead of reimplementing it in userland. (This feature used to exist and was removed, but can be re-added through the Molly fork.)
I've also known protesters who have also had Signal geoblocked at the site of a protest the moment it was slated to start, forcing members of said protest to fall back to unencrypted methods at crucial times. Being centralized and using US-based cloud infra does a lot to compromise anonymity and security, even if message content isn't immediately readable.
Luckily, Signal is not vulnerable to push notification interception, but if you want a great real-world example of how gag-ordered dragnet metadata surveillance visible to both domestic and foreign governments (by way of international intelligence agreements) can look for massive corporations rendered helpless by this legal framework, that's a great case study to look into. https://www.reuters.com/technology/cybersecurity/governments...
Throwing out the accusation of apps being "backdoored" just obscures the real, de facto "backdoors" that are US law.