This is exactly why I moved away from signal. A combination of ignoring user's concerns and confusing/inaccurate communication about the security and the privacy of their users. That's absolutely not what you want to have for a service people depend on for privacy.
If you're promoting your service to people who risk their lives and freedom by using it you need to make it 100% clear to them what their risks are. Today I still run into people who have no idea that Signal is storing their profile information and their contacts on signal's servers, and that opting out of setting a pin will not prevent that, and Signal still haven't updated their privacy policy to reflect it either (it still states "Signal is designed to never collect or store any sensitive information.")
> Signal still haven't updated their privacy policy to reflect it either (it still states "Signal is designed to never collect or store any sensitive information.")
They don't need to update their privacy policy because they never have access to the profil information.
Technically, the encrypted profile information and your messages (when they are in transit to your contacts) are being stored on their servers in the exact same way. The only difference is that messages are deleted afterwards whereas your profile is stored permanently until you decide to change it. That doesn't make the profile information any less secure, though. Yes, maybe in 20 years someone will be able to break AES-256 (or whatever symmetric encryption algorithm they use) and then the stored cyphertext version of your profile information might be valuable. Personally, I doubt it. But even if I turn out to be wrong: The possible attack vector against your profile information is the same as for messages: After all, tomorrow Signal could get convinced by an intelligence agency to permanently store all your encrypted messages from now on and then the exact same risks of AES-256 getting broken would apply.
Conclusion: When Signal says they're not collecting any sensitive information, they mean that they themselves don't have access to any such information because it gets encrypted. This is the promise of end-to-end encryption. They're not promising anything beyond that.
In particular, they can't promise that the encryption will never get broken. No one knows. And no one in their right mind would promise anything like that. But at least they do everything to mitigate that risk by openly publishing all their cryptography algorithms for peer review and actively participating in scientific research surrounding that topic.
> I still run into people who have no idea that Signal is storing their profile information and their contacts on signal's servers
The precise meaning of the phrase "Signal is storing their profile information on [their] servers" vs. what the average person will actually understand here, are two entirely different things here: Most people will think that Signal stores that profile information in cleartext on their servers – because that is the current status quo with almost all popular online platforms – when in reality this is not the case.
Normally, I would be saying at this point: Please stop spreading FUD. But I do agree with your statement that
> If you're promoting your service to people who risk their lives and freedom by using it you need to make it 100% clear to them what their risks are.
Signal could indeed do a better job here. In view of the above, however, I'm having the feeling the risks weren't really clear to you, either? (No offense)
>> They don't need to update their privacy policy because they never have access to the profil information.
irrelevant. Their policy states that their software is "designed to never collect or store any sensitive information." when in fact, it does. Where and how they store the sensitive information they are collecting is entirely beside the point. Assumptions about what people may or may not think that means don't really matter. As written it's a very straightforward and 100% false statement.
> The only difference is that messages are deleted afterwards whereas your profile is stored permanently until you decide to change it. That doesn't make the profile information any less secure, though.
> After all, tomorrow Signal could get convinced by an intelligence agency to permanently store all your encrypted messages from now on and then the exact same risks of AES-256 getting broken would apply.
Funny you should mention that because it turns out the Signal was handed a subpoena back in 2016 demanding that they hand over subscriber's names, phone numbers, and contacts. At the time, they were very proud to say they told them "Too bad, we don't have any of that data". In their own words:
"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service."
"Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."
Today, they are collecting and storing exactly that data. User's names, photos, numbers, and contacts. Yes, it's encrypted, but that's when they pull out something like this: https://community.signalusers.org/t/sgx-cacheout-sgaxe-attac... assuming they haven't forced Intel to leave a backdoor for them already or they don't want to take the time to brute force a pin.
I see where you're coming from. Ultimately, it comes down to a question of terminology. You say that a service storing the ciphertext of sensitive information is "collecting" this information. I, in turn, maintain it's at least not that clear, given that "collecting personal information" has a completely different meaning in the context of online platforms that don't offer end-to-end encryption.
This is why I think that your original statement that
> Today I still run into people who have no idea that Signal is storing their profile information and their contacts on signal's servers
is at least highly misleading and you're doing those people a disfavor by being similarly vague as the Signal website (albeit in the opposite way).
In any case, I agree that the statement you're quoting from their website,
> Signal is designed to never collect or store any sensitive information.
should be worded much more carefully (as should a lot more information on their website). Nevertheless, it should be noted that that particular statement is not part of their ToS / Privacy Policy and rather just an introductory statement.
> Regardless of the fact that [the profile information is] encrypted, it isn't as secure as you might think. See this thread for details: […]
Like you, I've been very concerned about Signal relying on SGX enclaves and I'm still extremely disappointed by the way they have been handling this topic. In fact, I've sent them multiple messages over the past year, asking them how come they trust SGX so much and what they've taken away from the Signal PIN UI/UX debacle. (I still think it's very poor UX to name a passphrase which should be as long as possible a "PIN".) Unfortunately, time and again they chose not to respond.
Nevertheless, the questionable security of SGX enclaves only comes into play if you choose to activate the Signal PIN feature and choose an insecure PIN. Obviously, this is still a huge red flag as the majority of users will do just that. But at least if you don't use Signal PINs you're good – in the sense that the app chooses a random lengthy passphrase for you. So yes, the encrypted profile still gets stored on their servers but, again, the attack vector is the same as in the case of messages getting stored during transmission.
Overall, you might think I'm contradicting myself – arguing both in favor and against Signal at the same time. And you would be right. Unfortunately, Signal is still by far the best tool we have for secure communication these days. (Where "best" is defined as "striking the best balance of versatility, mainstream acceptance and security".)
If you're promoting your service to people who risk their lives and freedom by using it you need to make it 100% clear to them what their risks are. Today I still run into people who have no idea that Signal is storing their profile information and their contacts on signal's servers, and that opting out of setting a pin will not prevent that, and Signal still haven't updated their privacy policy to reflect it either (it still states "Signal is designed to never collect or store any sensitive information.")