1. It's not stolen. It's used. It may not be used efficiently (or, if you're correct, used sensibly at all) but it's not stolen.
2. If deleted data not being purged from your iOS device is a "significant security flaw" then you shouldn't be using a device from Apple or Google; your threat model is way beyond the two big players.
3. Hyperbolic comments[1] don't help issues being re-opened. Helpful comments, preferably with steps to reproduce, and a polite note that the issue is still current, will get the issue re-opened in my experience. Getting on your high horse and making silly claims would get you put to the bottom of the pile if it were my job.
The most prominent red flag about Signal is that, for all its purported commitment to "developing open source privacy technology", a real, working open-source app is not on F-Droid.
I don't think availability via any particular distribution mechanism is a reasonable litmus test for "open sourcedness." Such a test would have excluded Linux for most of its development history, prior to migration to git.
I agree it can be frustrating; the bot does seem to need tweaking.
The first issue was only closed two days ago and presumably it'll be reopened since it's effectively by design. The second issue you linked was not closed at all, and in fact looks to be been acknowledged. I don't like to nit pick but this just proves that the statement is indeed hyperbole: the Signal devs are paying attention, tickets aren't always closed and when they are closed I almost always see them re-opened.
> Getting on your high horse and making silly claims would get you put to the bottom of the pile if it were my job.
I disagree strongly. It’s not up to us — as designers and developers and maintainers of software — to decide how users engage with us. If they engage at all they are doing us a favor.
Tone-policing user bug reports is a nasty anti-pattern, a predictable way to make your software more user-hostile. Unless they degenerate into outright abuse, which is obviously unacceptable (and this does not), we should separate tone from content and see if the content is useful. A substantive response to the content, ignoring the tone, is usually the best practice.
I understand the issues you have with the claims, but I would argue that this is still a security flaw, given that Signal and other encrypted chat apps are often used by journalists and activists that may have openly hostile governments. If I were choosing an app to message about something sensitive like protests, etc., I would be pretty uncomfy with the idea that deletion doesn't actually mean deletion, even if it's only local. Especially given recent news about Russian police (reportedly) demanding to search random citizens' phones on the street[1].
It's unfair to target individuals in this manner. If it were to me, I'd judge your comment as "borderline trolling". The OP has mentioned something specific and brought it to the notice of a larger audience.
2. If deleted data not being purged from your iOS device is a "significant security flaw" then you shouldn't be using a device from Apple or Google; your threat model is way beyond the two big players.
3. Hyperbolic comments[1] don't help issues being re-opened. Helpful comments, preferably with steps to reproduce, and a polite note that the issue is still current, will get the issue re-opened in my experience. Getting on your high horse and making silly claims would get you put to the bottom of the pile if it were my job.
[1] https://github.com/signalapp/Signal-iOS/issues/4916#issuecom...