Jurisdiction is not that important. Even if it was in Switzerland it’d have to comply with international law enforcement and warrants. The key is that sure Signal is obliged to give out whatever data it has, but the point is that it doesn’t have much useful data to give. It’s the same as Mullvad, and a far smarter approach than “lol we just gonna ignore the warrant huhuhu look at us we host somewhere in Shitzerfuck” (oh btw “We are in X country which is not in N eyes” is just marketing).
Oh and btw the same goes for instances of the fediverse (which are ran by volunteers you need to trust), and if they don’t comply and the US government really wants to break into them they probably will find a way. Doesn’t even need some complicated backdoors or anything it just needs to find an OPSEC slip-up, do some social engineering, arrest someone or at worst find a bug to exploit, and I can guarantee that unless you have some serious security wizards running your instance you’re not beating the FBI there and if the FBI is really persistent and focused on you for some reason then the wizards won’t be enough you need state actors.
If your threat model actually includes the US government (aka you’re actually in danger and not some paranoia or just-in-case situation, be realistic with yourself) and there’s credible threats you may be targeted by it or other governments then you’re probably going to be using tor, briar, all that jazz, and wouldn’t be on lemmy. If you’re just some guy who just needs to message your family and shit Signal is perfectly fine, I can tell you that unless you’re a serious threat to the government they won’t waste resources cracking down ways to capture you via signal or whatever you use that is even somewhat secure (so no telegram, no WhatsApp, no messenger, etc), even if you’re a minority or activist, if not because you’re not important enough then because they have other easier ways to do it.
Edit: oh and btw Signal was banned in Ruzzia (a country way more authoritarian than the US currently is) because the FSB couldn’t crack it so that goes to show it is pretty secure.
There’s data-sharing agreements with more than just the N eyes countries
If there’s an international warrant for that data the company is obliged to comply regardless
The only countries in which n° 2 doesn’t apply for the US are countries you really don’t want your data in either.
In short, however: if a government really wants your data it will find a way to get it no matter where you store that data, so the best thing is to simply not store that data at all, Mullvad and Signal don’t do that.
Jurisdiction is not that important. Even if it was in Switzerland it’d have to comply with international law enforcement and warrants. The key is that sure Signal is obliged to give out whatever data it has, but the point is that it doesn’t have much useful data to give. It’s the same as Mullvad, and a far smarter approach than “lol we just gonna ignore the warrant huhuhu look at us we host somewhere in Shitzerfuck” (oh btw “We are in X country which is not in N eyes” is just marketing).
Oh and btw the same goes for instances of the fediverse (which are ran by volunteers you need to trust), and if they don’t comply and the US government really wants to break into them they probably will find a way. Doesn’t even need some complicated backdoors or anything it just needs to find an OPSEC slip-up, do some social engineering, arrest someone or at worst find a bug to exploit, and I can guarantee that unless you have some serious security wizards running your instance you’re not beating the FBI there and if the FBI is really persistent and focused on you for some reason then the wizards won’t be enough you need state actors.
If your threat model actually includes the US government (aka you’re actually in danger and not some paranoia or just-in-case situation, be realistic with yourself) and there’s credible threats you may be targeted by it or other governments then you’re probably going to be using tor, briar, all that jazz, and wouldn’t be on lemmy. If you’re just some guy who just needs to message your family and shit Signal is perfectly fine, I can tell you that unless you’re a serious threat to the government they won’t waste resources cracking down ways to capture you via signal or whatever you use that is even somewhat secure (so no telegram, no WhatsApp, no messenger, etc), even if you’re a minority or activist, if not because you’re not important enough then because they have other easier ways to do it.
Edit: oh and btw Signal was banned in Ruzzia (a country way more authoritarian than the US currently is) because the FSB couldn’t crack it so that goes to show it is pretty secure.
Why do you say this? There are real data-sharing agreements between the Eyes.
This already happened with kolektiva, unfortunately, but from what I hear they’ve since strengthened their security.
The only countries in which n° 2 doesn’t apply for the US are countries you really don’t want your data in either.
In short, however: if a government really wants your data it will find a way to get it no matter where you store that data, so the best thing is to simply not store that data at all, Mullvad and Signal don’t do that.