1. Default Privacy Posture (Default A)
The Signal Network is private by default.
All proofs, proof trails, vault contents, and node activity are non-public unless explicitly enabled by the user.
No proof content is publicly visible without affirmative, intentional opt-in by the Node.
Privacy is the baseline state. Visibility is an exception.
This policy governs all constructs described elsewhere in the system.
2. Proof Visibility
2.1 Private by Default
- Proof content is visible only to the Node who created it
- Proof titles, metadata, or existence markers are not discoverable by other users or the public by default
- Proofs are not indexed by search engines, crawlers, or third-party AI systems
2.2 User-Controlled Disclosure
A Node may choose to:
- Share a specific proof
- Share a subset of proofs (by category or marker)
- Share an entire proof trail
All sharing actions must be:
- Explicit
- Reversible
- Scoped (what is shared, with whom, and for how long)
No proof becomes visible by implication or default behavior.
3. Discovery & "Public" Constructs
Any construct described in the system as "public," "explorer," "registry," "profile," "dashboard," or similar is governed by this rule:
Such constructs are non-public unless explicitly enabled by user opt-in and constrained by this policy.
Examples include, but are not limited to:
- Node Registry
- Signal Explorer
- Proof Passport
- Public Signal Claim Statements
- Signal Score or dashboards
If a Node does not opt in, these constructs either:
- Do not appear at all, or
- Appear only in a redacted, non-identifying, metadata-only form, if required for network integrity
4. Search Engines, Crawlers, and External AI
- All Signal-hosted sites are non-indexable by default
- Robots.txt, noindex headers, and equivalent controls are enforced at the infrastructure level
- No proof content is exposed to search engines, web crawlers, or external AI training pipelines
- Opt-in visibility does not imply search indexing unless explicitly enabled as a separate action
5. Network Metadata & Cryptographic Records
5.1 What the Network Stores
The Signal Network may store:
- Cryptographic hashes or attestations that a proof exists
- Timestamps
- Non-readable identifiers
- Fragmented metadata required for trust, thresholding, and integrity
5.2 What the Network Does Not Store
The Signal Network does not centrally store:
- Full proof content
- Human-readable proof bodies
- Private vault contents
Central records are proof-of-existence, not proof content.
6. Fragmentation & Breach Resistance
- Network-level records are cryptographically fragmented
- No single system breach reveals readable proof trails or complete user histories
- Fragments are non-reconstructable without proper authorization and context
- This design intentionally limits the value of exfiltrated data
7. Consent, Revocation, and Control
- Consent is granular, explicit, and revocable
- A Node may withdraw consent at any time
- Revocation removes visibility going forward; historical cryptographic attestations may remain for integrity but are non-readable
- No consent is permanent unless explicitly locked by the Node
8. Internal Access & Trust Operations
Signal Network operators may access metadata only for:
- Trust thresholds
- Abuse prevention
- Network integrity
Content access requires:
- User authorization, or
- A formally governed process defined elsewhere (e.g., lawful process handling)
Operational access does not equal publication.
9. Policy Supremacy
This policy supersedes:
- UI labels
- Marketing language
- Feature names
- Informal interpretations of "public"
If a conflict exists, this policy controls behavior.
10. Policy Evolution
- This policy may be versioned
- Changes must preserve Default A unless explicitly overridden through governance
- No retroactive expansion of visibility is permitted without renewed user consent
Canonical Summary
- Private by default
- Opt-in only
- Proof content stays with the user
- The network indexes existence, not thoughts
- Discovery happens by trust, not search