Signal already had an encrypted backup feature with a strong key. It could be made more usable by using a seed phrase instead of presenting the user with a bunch of numbers. Having users select credentials, especially when they're encouraged to use a weak PIN is much worse.
Conversation
They're presenting this as something they have to do to support usernames. It's not true. My question at twitter.com/DanielMicay/st was left unanswered. If they had modern storage support, users could also choose to store their encrypted backups via the sync service of their choice.
Quote Tweet
Replying to @moxie @RichFelker and 2 others
What's wrong with having it locally in the Signal app and relying on the same encrypted backup / restore feature as everything else? System contacts are also local data with the option to do backup / restore.
2
2
11
It was inaccurately claimed that the ability to do local backups is going away. That couldn't be further from the truth. I responded to that at twitter.com/DanielMicay/st. Again no response, but they continue to make these kinds of false claims despite it clearly not being accurate.
Quote Tweet
Replying to @moxie @RichFelker and 2 others
Backing up locally via SAF works fine. No need for the deprecated Storage permission. The app can request persistent access to a directory for backups and the user just chooses the backup directory via SAF and the app. Can't something similar be done on iOS via their equivalent?
2
2
10
Replying to
OK, I understand. I think I agree.
Just to clarify...Do not store any personal info a private server, regardless of level of encryption.
Correct?
Encrochaf type of mistake?
1
Replying to
No, that's not what I said. Signal encourages using a weak PIN and uses it to store data (contacts, profiles, etc.) on their server. SGX doesn't provide strong security. Signal's PIN feature only provides strong encryption if you set a strong passphrase, and we know users won't.
1
Especially since it ENCOURAGES using a weak PIN and they have posts making it seem that it's secure despite it relying on SGX. The UX is designed in a way that most people aren't even going to notice that they can set a passphrase, and a user-selected passphrase is problematic.
1
Replying to
I get it.
Should he encourage use of a 2nd party to set a random passphrase? Or abandon the effort all together?
I realize a 2nd party is more likely to be not be as secure as they state...
1
Replying to
No, that's not what I said at all. I don't think Signal shouldn't be using a user-generated credential for doing encrypted backups, especially remote backups. Encouraging setting a weak PIN in the UI instead of a strong passphrase and their hand waving with SGX makes it worse.
2
Replying to
The previous encrypted backup feature was well designed but could be made more usable.
Encouraging a weak PIN, not conveying what the feature does to users properly and pushing SGX as a way to work around the limitations is all problematic. More options doesn't resolve it.
1
The added toggle for the PIN feature doesn't resolve this, and neither would more options like having the app generate and use a strong encryption key. Defaults matter. The way the app is intended and encouraged to be user matters. Niche options for power users doesn't do much.