“The joke is that, ‘If you store it, they will come,’” says Yael Grauer, a program manager at CR specializing in cybersecurity. “Meaning, if you store customer data anywhere, then it’s vulnerable.”
Other apps with encrypted messaging often store large amounts of metadata, such as call logs and contact lists, that are not end-to-end encrypted. That data can be shared with third parties, including advertisers, developers, and data brokers.
Metadata can reveal plenty about your identity and activities, including who you regularly talk to and when. It could then be used, say, by someone conducting surveillance or building a profile on you, even if they can’t see the content of your messages.
Metadata is vulnerable to hackers and subject to court orders, just like other data. But because Signal doesn’t store the data in the first place, it has almost nothing to provide. On multiple occasions, Signal has been ordered to hand over data on its users but could provide only timestamps showing when a Signal account was created and the date of the user’s last connection to Signal’s servers.
Stored data may be even more of a concern in the AI era. Rapidly developing AI tools are capable of scanning vast quantities of data quickly and identifying patterns, and those tools will continue to develop in ways we can’t yet predict. By using a platform that stores little metadata, you can help safeguard against current and future uses of your data that you may not agree with.
