search

signalapp / Signal-Android

A private messenger for Android.
https://signal.org
GNU Affero General Public License v3.0
25.61k stars 6.15k forks source link

export personal data without user explicit consent is a breach againts GDPR #9828

Open HvB opened 4 years ago

HvB commented 4 years ago

Let's begin with a checklist: Replace the empty checkboxes [ ] below with checked ones [x] accordingly. -->

Bug description

GDPR prohibits collection of personal data without the full, explicit and informed consent of users.

If informed consent is used as the lawful basis for processing, consent must have been explicit for data collected and each purpose data is used for (Article 7; defined in Article 4). Consent must be a specific, freely-given, plainly-worded, and unambiguous affirmation given by the data subject; an online form which has consent options structured as an opt-out selected by default is a violation of the GDPR, as the consent is not unambiguously affirmed by the user. In addition, multiple types of processing may not be "bundled" together into a single affirmation prompt, as this is not specific to each use of data, and the individual permissions are not freely-given. (Recital 32)

Data subjects must be allowed to withdraw this consent at any time, and the process of doing so must not be harder than it was to opt in. (Article 7(3)) A data controller may not refuse service to users who decline consent to processing that is not strictly necessary in order to use the service. (Article 7(4)) Consent for children, defined in the regulation as being less than 16 years old (although with the option for member states to individually make it as low as 13 years old (Article 8(1)),[10] must be given by the child's parent or custodian, and verifiable (Article 8).

The GDPR states also that the data collected is subjected to a right of portability (Article 20). So a data subject must be able to transfer personal data from one electronic processing system to and into another, without being prevented from doing so by the data controller.

As some of your users are european citizen, you have to comply with the GDPR

Actual result: Describe here what happens after you run the steps above (i.e. the buggy behaviour)

Now user are forced to define a PIN code and personal data is then uploaded to signal server without user's consent.
The user is not able to opt-out this personal data collection made by signal.
The user can't access to its data (conversation history, etc.) without defining a PIN code. So the personal data of the user is therefore withdrawn from the user until it has given implicit consent to personal data collection (by entering a PIN code).

This is clearly a violation of the GDPR.

The user don't has either the possibility to easily export his data (conversation history, etc.) to another provider.
It's also a breach of the GDPR.

Expected result:

Signal app and server should comply with the GDPR and thus obtain proper explicit and informed consent of their european users before collecting their personal data. The users must have the possibility to opt-out data collection if they do not consent.

The data collected should also be transferable from signal to another electronic message provider.

Device info

all devices and os

this seem also related to bug #9812 which has not been given proper attention

bitcores commented 4 years ago

I am in agreement with this issue. I, myself, am now in a situation where I cannot access the messages stored within Signal due to the mandatory PIN creation. Worse, as I see it, someone who has Signal set as the default SMS client and has not, and does not, want to set a PIN could have important messages collected by Signal and access to them withheld until a PIN is created. However important the PIN feature is to the future plans of the Signal operators, it has been poorly thought out, implemented, and, dare I say it, draconian. Existing users need to be able to, at the very least, migrate all their data out of Signal and unregister from Signal without creating a PIN. Until you add such a feature you're holding my data hostage on my device.

ghost commented 4 years ago

Signal should have an option to enable/disable cloud storage and it should be disabled by default, if you want to me GDPR compliant.

Recently, there was a change in leadership, at the fund at owns (pays?) for Signal, maybe the new leadership does not want Signal to be as private as it is right now?

If Signal continues like this, maybe a fork is imminent...

stale[bot] commented 2 years ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

HvB commented 2 years ago

yes, it is still relevant, as

But Signal still claims it is compliant with GDPR:
https://support.signal.org/hc/en-us/articles/360007059412-Signal-and-the-General-Data-Protection-Regulation-GDPR-

cody-signal commented 2 years ago

Thanks for your concern. We use GitHub issues for tracking bugs specific to the Android App. This is a policy complaint and should be brought to the attention of that team. Please email your concerns to privacy@signal.org as they'll be better able to answer your questions. Trust me, the android devs are not the ones you want to be talking to.

Uj947nXmRqV2nRaWshKtHzTvckUUpD commented 2 years ago

what if i tell you that devs can reject adding bullshit code into an opensource privacy-oriented app.. choices have been made

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Uj947nXmRqV2nRaWshKtHzTvckUUpD commented 2 years ago

keep alive