2. The privacy terms themselves were updated 7 years ago, which is impossible for any company operating on the internet.
It's just impossible to claim to be famous for privacy and occasionally forget to update how you handle privacy for 7 years.
2. It is possible, and you better believe it. They haven’t updated it, because there is no need for it.
Signal is simply not interested in your messages. It’s also not interested in your metadata, because it’s not an ad platform or a SIGINT front masquerading as a free messaging service.
If all this sounds hard to believe, you should donate.
(I’m not affiliated)
It's true that having to disclose your phone number to the service and especially to other users is now a significant drawback compared to internet-first services like WhatsApp that use entirely separate identifiers. Many people have raised this objection, and to their credit they've at last rearchitected to allow exchanging messages using user names and without your phone number being disclosed to the other party.
They still have the phone number at the core of account registration, I suspect for similar reasons to the use of a (one-time sign up) captcha: because they raise the cost to create spam accounts. I'd understand if that's not acceptable to you, but I don't think "unacceptably poor" is a reasonable assessment of their handling of user privacy.
Another example of their approach to privacy: they went to great lengths to design their Giphy search to avoid revealing your search terms to them or your IP address to Giphy: https://signal.org/blog/giphy-experiment/
In the case of GIPHY that you mentioned, they are sending IP addresses, which is considered PII (according to GDPR), and this should be outlined in the terms and agreed to by the user prior to sending the data.
Signal's privacy terms were last updated in 2018. We are in 2025 now. It is unimaginable for any operational organization not to update their terms for 7 years.
All together, this is what I call "unacceptably poor" in terms of handling users' privacy.
As a privacy-concious user, I always get suspicious abouy privacy policy changes. They always become more loose instead of doing anything to my advantage. Typically because company has found a new way to use my data to make money and their lawyers realized that this requires relaxing the privacy policy. It's a good thing Signal is not playing that game.
I get far less spam messages on Signal than on telegram and discord, for example. There's a cost associated with setting up additional Signal accounts at the very least.
Okay, so they are not sharing data and your whole premise was wrong. That happens. But now how do you change your mind?
Google captcha sends your data to Google? Come on. Not even remotely in the same ballpark.
I've been really hesitant to view Signal as a privacy friendly alternative to WhatsApp, because they still don't offer any way to make an account without a phone number, while a phone number is definitely not required to run a chat service.
Also the fact that servers are run by just one organization is very troubling to me. It's just not the right direction.
I'm still waiting for the "other issues" to be explained that Signal supposedly has. I'm ok with my contacts knowing my phone number, and I opened the Signal account ages ago. Anything else to be concerned about?
However currently there are already better alternatives than Signal, so in my personal opinion I feel like that saying does not apply.
It's very fine if you (and most people) are OK with sharing some personal information with a United States organization. That does not mean that everybody is fine with that, or that it's a very good solution to a chat service problem. I'm glad that Signal is a good match for your needs. But there are those of us who would rather see a decentralized service with which no personal information has to be shared.
In these kinds of discussions, I often find it a little strange when others decide that a certain solution or product must be good for everyone only because they are fine with it themselves.
Interesting to see this debate evolve.
Seems that phrase “perfect is the enemy of the good” is a relativistic argument. But the title’s frame is “ethics”, which one definition describes as “what is good in and of itself”. In that frame, perfection is the point, no? Though, I imagine you argue in this framework by elevating some aspects to that high standard, and work to convince other aspects are secondary. Otherwise, result is a preference argument where the trade offs you made are silent or obscured behind the practicality of your choices.
“Privacy of user data. Signal does not sell, rent or monetize your personal data or content in any way – ever.
Please read our Privacy Policy to understand how we safeguard the information you provide when using our Services.”
I clicked Privacy Policy and there is whole page explaining whats happening with your data.
Your comments seem a bit biased?
You can visit their donation page [1] that contains ad pixels from LinkedIn, Google Tag Manager and Reddit. Again, no details in the privacy terms [2] about sharing visitor data to those companies.
[1] https://signal.org/donate/
[2] https://support.signal.org/hc/en-us/articles/360032293251-Do...
But you are implying that this makes the app itself broken. I don't think this is proof that the app itself is not respecting privacy like their legal documents say.
I won't fight for them. I've never even been on their website. But this is classic situation where someone else is in charge of website and marketing. I wouldn't be surprised if slapping google analytics on a website was standard for every other "privacy focused" marketing product.
I'm not saying that the app is broken, I said that it handles user privacy unacceptably poorly.
There is no acceptable reason for an online service to demand your phone number IMO. There are a lot of other issues with signal though.
Unless they allow you to bring your own client E2EE is a no-op.
Signal might be good at message encryption, but let's not forget that it handles user privacy unacceptably poorly.
[0] https://github.com/signalapp/Signal-Desktop/issues/6002
[1] https://signal.org/legal/