“Use Tor. Use Signal,” has become a joke in the infosec community. It’s the canned response to questions from non-tech experts about how to protect their privacy in the digital age. But it’s the canned response for good reason. Signal, an encrypted messaging and voice call app for Android and iPhone, and Tor, an anonymizing web browser, give users with limited to no technical knowledge the best available protection from dragnet spying. And now we know that the company that developed and maintains the Signal app has been telling the truth when it’s said it doesn’t store logs of its users’ information.

The documents come, recently unsealed, from a case in the Eastern District of Virginia, where federal prosecutors demanded lots of information from Signal about two people under investigation.

Just one of those people was actually a Signal user, and Open Whisper Systems—the app’s developer—didn’t have much in the way of responsive records about them. The only information the company retained on that one user was the following: the date and time the person created a Signal account, and the date and time the person last used the app. The company possessed no other records, because as it’s long promised, it doesn’t log them. 

Concerned about your privacy? Use Tor. Use Signal.