(signal.org)

988 points keyboardJones | 1 comments | 08 Sep 25 16:43 UTC | HN request time: 0s | source

Show context

IshKebab ◴[08 Sep 25 18:24 UTC] No.45171913[source]▶

> Losing it means losing access to your backup permanently, and Signal cannot help you recover it.

Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."

Not the right security trade-off for most people.

replies(7): >>45171934 #>>45171967 #>>45171974 #>>45172013 #>>45172031 #>>45173040 #>>45174666 #

1. tgsovlerkhgsel ◴[08 Sep 25 18:34 UTC] No.45172031[source]▶

>>45171913 #

Absolutely the right security trade-off for Signal users. Anything else would devalue the entire product.

Whatsapp chose a different approach (which is reasonable for their user base) but that means that there is an escrow key. Regardless of your choices, messages that you sent may end up "end to end encrypted" but in reality stored in the cloud with a key escrowed to Meta...

The backup feature seems to be opt-in, i.e. the requirement to write the key down won't be too surprising.

↑

Signal Secure Backups