"Under FISA order, signal would provide logs."
How would Signal do this? Logs of what?
Corresponding parties? Messages? They don't have them.
They'd have to rewrite their backend code to obtain them, and changes would also need to be made to the Signal client apps.
It would not matter if the FISA Court ordered that logs be produced in secret by Signal. Any such logs could not be obtained without significant changes to the way Signal works. Users would know.
Yes, Signal does have some shortcomings, but these are acceptable in most 'use cases' for most threat models.
Signal is best used as a private, E2EE alternative to SMS. Only a fool would use it for the *most sensitive* of communications. (Like, you know, discussing an impending military strike...)
We all know of the alternatives, including (but not limited to) SimpleX, Session, Briar, Element etc.
@Vanilla_PuddinFudge
Yes...
... but that's OK.
Lemme explain...
A Signal user will commonly have the client app installed on their mobile device.
They may also have a second client on a laptop that syncs the same data.
If the user goes on holiday for a week but leaves their laptop behind, it won't be synced to the laptop.
On return from holiday, the laptop client uses its decryption keys to retrieve the last week's worth of messages.
I *think* Signal can do this (retrieve cached messages from the Signal servers) for up to 14 days.
That said, the entire Signal cache is encrypted on their servers, and one's messages are fully E2EE and retrievable only by the user.
(However, one weakness of Signal is that a desktop or laptop client's cache is stored unencrypted. To secure these, one needs to use full disk encryption at the OS level or higher.)
@DarkCloud