(signal.org)

988 points keyboardJones | 1 comments | 08 Sep 25 16:43 UTC | HN request time: 0s | source

Show context

IshKebab ◴[08 Sep 25 18:24 UTC] No.45171913[source]▶

> Losing it means losing access to your backup permanently, and Signal cannot help you recover it.

Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."

Not the right security trade-off for most people.

replies(7): >>45171934 #>>45171967 #>>45171974 #>>45172013 #>>45172031 #>>45173040 #>>45174666 #

elvisloops ◴[08 Sep 25 18:29 UTC] No.45171974[source]▶

>>45171913 #

The implementation feels uncharacteristically crude for Signal. Instead of seamless protections, you just get handed 64 characters you’re told to “store securely.” That’s not realistic: most people will screenshot it, and those screenshots will end up in unencrypted cloud backups.

replies(1): >>45176335 #

1. fastest963 ◴[09 Sep 25 01:28 UTC] No.45176335[source]▶

>>45171974 #

Sure but the key is still in a separate location from the backup. Signal can't decrypt the backup and if Signal is hacked someone would still need to get your screenshot to decrypt the backup. Not perfect but far better than an unencrypted backup.

↑

Signal Secure Backups