Jump to content

Signal cloud backups: Difference between revisions

From Consumer Rights Wiki
← Older edit
VisualWikitext
added more refs
removed tone warning
 
(22 intermediate revisions by 11 users not shown)
Line 1: Line 1:
{{ToneWarning}}
Signal is a privacy-focused, open source encrypted messaging service. In 2020, the company was accused of collecting and storing sensitive user data on their cloud database without user consent.  
 
Signal is an open source encrypted messaging service that is frequently recommended to highly vulnerable users such as human rights activists, whistleblowers, and journalists whose lives and/or freedom can depend on their ability to maintain private and secure communication.  
 
Since 2020 Signal has been collecting and keeping sensitive user data in the cloud while lying to their users about their data collection practices.{{DisputedInline|Tone is inappropriate|reason=tone}} Users and potential users of Signal have a right to know what data is being collected and how it is being stored and secured so that they make informed choices about the risks they are taking when using Signal.  


==Background==
==Background==
Over the years Signal has curated a reputation that they do not collect or keep data on their users.
Signal states on their website that they can't "read your messages or listen to your calls, and no one else can either."<ref>{{Cite web |title=Signal |url=https://signal.org/}}</ref><blockquote>"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.
 
Signal has publicly disclosed that they have received legal requests for subscriber's names, telephone numbers, histories, and contacts and Signal has said that they were unable to supply that information because it was never collected by Signal in the first place. These incidents have been reported in the media.<ref>{{Cite web |title=FBI demands Signal user data, but there’s not much to hand over |url=https://arstechnica.com/tech-policy/2016/10/fbi-demands-signal-user-data-but-theres-not-much-to-hand-over/ |archive-url=https://web.archive.org/web/20240401002649/https://arstechnica.com/tech-policy/2016/10/fbi-demands-signal-user-data-but-theres-not-much-to-hand-over/ |archive-date=1 Apr 2024 |access-date=6 Mar 2025}}</ref>
 
Signal's website states:<ref name=":0">{{Cite web |title=Grand jury subpoena for Signal user data, Eastern District of Virginia |url=https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-url=https://web.archive.org/web/20250302042109/https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-date=2 Mar 2025 |access-date=6 Mar 2025}}</ref>
 
''"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.''
 
''Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."''
 
==Data collection begins==
{{DisputedInline|reason=see further notices in this section, section title is misleading|Misleading section title}}
 
Signal's data collection practices changed in 2019 when Signal previewed a feature they called "secure value recovery".<ref>{{Cite web |title=Technology Preview for secure value recovery |url=https://signal.org/blog/secure-value-recovery/ |archive-url=https://web.archive.org/web/20241228040757/https://signal.org/blog/secure-value-recovery/ |archive-date=28 Dec 2024 |access-date=6 Mar 2025}}</ref>
 
This new feature meant that Signal would start collecting the same kinds of information that Signal had been getting legal requests to turn over, and that Signal would permanently keep that data in the cloud.{{DisputedInline|reason=feature does not store user data in the cloud like other messaging apps|Misrepresents the new feature as storing user's data to cloud servers}} Their stated reason for doing this was so that if a Signal user got a new device they could install the app, enter a pin, and the app would pull down the user's data from cloud servers.
 
The data being collecting and stored in could includes: The user's name, photo, phone number, and a list of every Signal user they have contacted.<ref>{{Cite web |title=What contact info does the Signal PIN functionality actually save |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |access-date=6 Mar 2025}}</ref>{{DisputedInline|reason=contact discovery on Signal is private and does not share the phone number as explained later in the cited sources|Cited source is heavily cherry picked}}
 
This was a highly controversial change, and some Signal users objected on philosophical grounds<ref>{{Cite web |title=Don’t want PIN, don’t want anything stored in cloud |url=https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-url=https://web.archive.org/web/20240301015109/https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-date=1 Mar 2024 |access-date=6 Mar 2025}}</ref>, requesting that Signal instead provide a means to export encrypted backups that could be imported locally eliminating any need to upload data to the cloud. Signal users also raised technical concerns about the security of the system and doubts that it would protect their data.<ref>{{Cite web |title=Proper secure value security: PINs are too easy to brute force, SGX is not reliable enough |url=https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-url=https://web.archive.org/web/20240301015110/https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-date=1 Mar 2024 |access-date=6 Mar 2025}}</ref> Some of these concerns were also shared by cybersecurity-experts<ref>{{Cite web |title=Signal’s New PIN Feature Worries Cybersecurity Experts |url=https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-url=https://web.archive.org/web/20250117232443/https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-date=17 Jan 2025 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=Signal Going to Cloud? A Discussion with Sean O'Brien |url=https://www.youtube.com/watch?v=PFi-VI7_T3o}}</ref><ref>{{Cite web |title=Does Signal’s “secure value recovery” really work? |url=https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/}}</ref> and security researchers demonstrated that the system was vulnerable to attacks which allowed them to access the user data being stored.<ref>{{Cite web |title=SGX CacheOut SGAxe attack. Signal’s cloud storage and contact discovery vulnerable |url=https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-url=https://web.archive.org/web/20230519115856/https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-date=19 May 2023 |access-date=6 Mar 2025}}</ref>{{DisputedInline|reason="In recent weeks, Signal has introduced more features that make it more user friendly to people who may not have extremely paranoid threat models. For example, it’s now possible to migrate all Signal data, including message history, from one phone to another, using a feature that does not rely on cloud servers and is also encrypted, according to Signal. "|Cited vice article explains more nuance}}
 
===Signal's response===
 
Signal was not convinced to abandon this data collection and they began to roll out the change in 2020 without clear communication about the new feature.{{DisputedInline|reason=tone|Tone is inappropriate}}{{DisputedInline|Misrepresents PIN feature as it is optional and not properly explained|reason=include the response to the hysteria and a proper explanation of the feature}} It resulted in a lot of confusion for users, many of whom only learned about this feature when they were prompted to create a PIN. There were many social media posts expressing confusion over what the feature was and what it was doing.<ref>{{Cite web |title=What contact info does the Signal PIN functionality actually save? |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854}}</ref><ref>{{Cite web |title=Following user backlash, Signal lowers one of its drastic PIN measures |url=https://www.androidpolice.com/2020/05/29/many-signal-users-arent-happy-with-new-pin-requirements/}}</ref> <ref>{{Cite web |title=What exactly is Signal protecting with the mandatory PIN? |url=https://old.reddit.com/r/signal/comments/hymlfd/what_exactly_is_signal_protecting_with_the/}}</ref>Even years after the change was made some Signal users were/are still unsure about what data Signal collects or were/are convinced that Signal doesn't collect any data at all<ref>{{Cite web |title=What info does Signal store about it's user? |url=https://old.reddit.com/r/signal/comments/q5tlg1/what_info_does_signal_store_about_its_user/ |archive-url=https://web.archive.org/web/20211011111619/https://old.reddit.com/r/signal/comments/q5tlg1/what_info_does_signal_store_about_its_user/ |archive-date=11 Oct 2021 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=About data collection and data delivery |url=https://old.reddit.com/r/signal/comments/1id3xu8/about_data_collection_and_data_delivery/ |archive-url=https://web.archive.org/web/20250201072439/https://old.reddit.com/r/signal/comments/1id3xu8/about_data_collection_and_data_delivery/?ref=readnext |archive-date=1 Feb 2025 |access-date=6 Mar 2025}}</ref>
 
This confusion is understandable{{DisputedInline|reason=tone|Tone is inappropriate}}, since Signal's own website continues to state that they do not collect the information they are collecting. The first line of their "Terms & Privacy Policy" page reads: "Signal is designed to never collect or store any sensitive information."<ref>{{Cite web |title=Signal Terms & Privacy Policy |url=https://signal.org/legal/ |archive-url=https://web.archive.org/web/20250302122622/https://signal.org/legal/ |archive-date=2 Mar 2025 |access-date=6 Mar 2025}}</ref>
 
This lie{{DisputedInline|reason=tone|Tone is inappropriate}} is also repeated on their support page under the heading: How do I know my communication is private<ref>{{Cite web |title=How do I know my communication is private? |url=https://support.signal.org/hc/en-us/articles/360007318911-How-do-I-know-my-communication-is-private |archive-url=https://web.archive.org/web/20250214030028/https://support.signal.org/hc/en-us/articles/360007318911-How-do-I-know-my-communication-is-private |archive-date=14 Feb 2025 |access-date=6 Mar 2025}}</ref>
 
There is no indication on Signal's older pages, which claim they don't collect this information, that the data collection policy discussed on those pages is now outdated either.{{Citation needed}}
 
Requests have been made for Signal to update their policy following the change in data collection.<ref>{{Cite web |title=Can Signal please update its Privacy Policy |url=https://community.signalusers.org/t/can-signal-please-update-its-privacy-policy/15323 |archive-url=https://web.archive.org/web/20230519120053/https://community.signalusers.org/t/can-signal-please-update-its-privacy-policy/15323 |archive-date=19 May 2023 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=Signal’s Terms of Use and Privacy Policy are not very user friendly |url=https://community.signalusers.org/t/signals-terms-of-use-and-privacy-policy-are-not-very-user-friendly/11047 |archive-url=https://web.archive.org/web/20250306164621/https://community.signalusers.org/t/signals-terms-of-use-and-privacy-policy-are-not-very-user-friendly/11047 |archive-date=6 Mar 2025 |access-date=6 Mar 2025}}</ref>


Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."<ref name=":0">{{Cite web |title=Grand jury subpoena for Signal user data, Eastern District of Virginia |url=https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-url=https://web.archive.org/web/20250302042109/https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-date=2 Mar 2025 |access-date=6 Mar 2025}}</ref></blockquote>


'''Workarounds'''
==Incident==
In 2019, Signal previewed a feature called "secure value recovery" which would allow users installing the app on a new device to retrieve data from cloud servers.<ref>{{Cite web |title=Technology Preview for secure value recovery |url=https://signal.org/blog/secure-value-recovery/ |archive-url=https://web.archive.org/web/20241228040757/https://signal.org/blog/secure-value-recovery/ |archive-date=28 Dec 2024 |access-date=6 Mar 2025}}</ref> While the data is stored in Signal's cloud, it is stored in a securely encrypted manner.<ref name=":7">{{Cite web |title=PSA: Disabling PINs will now upload nothing to the server |url=https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-url=https://web.archive.org/web/20230616082821/https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-date=16 Jun 2023 |access-date=6 Mar 2025}}</ref> The data collected and stored includes the user's name, photo, phone number, and a list of each Signal user that had been contacted.<ref>{{Cite web |title=What contact info does the Signal PIN functionality actually save |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |access-date=6 Mar 2025}}</ref>{{DisputedInline|Cited source is heavily cherry picked|reason=contact discovery on Signal is private and does not share the phone number as explained later in the cited sources}} Messages are not saved.


While some social media posts and articles suggested that opting out of setting a pin would prevent a user's data from being uploaded to the cloud, this is not the case.{{Citation needed}} There is currently no way for a Signal user to prevent their data from being uploaded and stored in the cloud.<ref>{{Cite web |title=PSA: Disabling PINs will now upload nothing to the server |url=https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-url=https://web.archive.org/web/20230616082821/https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-date=16 Jun 2023 |access-date=6 Mar 2025}}</ref>
Users objected,<ref>{{Cite web |title=Don’t want PIN, don’t want anything stored in cloud |url=https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-url=https://web.archive.org/web/20240301015109/https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-date=1 Mar 2024 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=PIN, cloud storage are showstoppers |url=https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/}}</ref><ref>{{Cite web |title=Forced PIN, bite it Signal |url=https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/}}</ref><ref>{{Cite web |title=Welcome to the cloud Signal users! |url=https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/}}</ref> requesting that Signal instead provide a means to export encrypted backups that could be imported locally, which would eliminate dependence on cloud-based servers. Some users also raised technical concerns about the security of the system and doubted that it could sufficiently protect their data.<ref name=":1">{{Cite web |title=Proper secure value security: PINs are too easy to brute force, SGX is not reliable enough |url=https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-url=https://web.archive.org/web/20240301015110/https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-date=1 Mar 2024 |access-date=6 Mar 2025}}</ref> These concerns were shared by cybersecurity experts,<ref name=":2">{{Cite web |title=Signal’s New PIN Feature Worries Cybersecurity Experts |url=https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-url=https://web.archive.org/web/20250117232443/https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-date=17 Jan 2025 |access-date=6 Mar 2025}}</ref><ref name=":3">{{Cite web |title=Signal Going to Cloud? A Discussion with Sean O'Brien |url=https://www.youtube.com/watch?v=PFi-VI7_T3o}}</ref><ref name=":4">{{Cite web |title=Does Signal’s “secure value recovery” really work? |url=https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/}}</ref> and security researchers demonstrated that the system was vulnerable to attacks, which allowed them to access the user data being stored.<ref>{{Cite web |title=SGX CacheOut SGAxe attack. Signal’s cloud storage and contact discovery vulnerable |url=https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-url=https://web.archive.org/web/20230519115856/https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-date=19 May 2023 |access-date=6 Mar 2025}}</ref>{{DisputedInline|reason="In recent weeks, Signal has introduced more features that make it more user friendly to people who may not have extremely paranoid threat models. For example, it’s now possible to migrate all Signal data, including message history, from one phone to another, using a feature that does not rely on cloud servers and is also encrypted, according to Signal. "|Cited vice article explains more nuance}}


Signal began to roll out the cloud-based recovery feature in 2020. without clear communication with the public or app users about the new feature.<ref name=":5">{{Cite web |title=Can someone explain this new PIN system? |url=https://old.reddit.com/r/signal/comments/ggty6n/can_someone_explain_this_new_pin_system/}}</ref><ref>{{Cite web |title=Mandatory PIN without clear explanation within the app might cause significant number of users to quit using Signal |url=https://community.signalusers.org/t/mandatory-pin-without-clear-explanation-within-the-app-might-cause-significant-number-of-users-to-quit-using-signal/11597}}</ref><ref name=":6">{{Cite web |title=What exactly is Signal protecting with the mandatory PIN? |url=https://old.reddit.com/r/signal/comments/hymlfd/what_exactly_is_signal_protecting_with_the/}}</ref><ref>{{Cite web |title=What contact info does the Signal PIN functionality actually save? |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854}}</ref><ref>{{Cite web |title=Following user backlash, Signal lowers one of its drastic PIN measures |url=https://www.androidpolice.com/2020/05/29/many-signal-users-arent-happy-with-new-pin-requirements/}}</ref><ref>{{Cite web |title=What info does Signal store about it's user? |url=https://old.reddit.com/r/signal/comments/q5tlg1/what_info_does_signal_store_about_its_user/ |archive-url=https://web.archive.org/web/20211011111619/https://old.reddit.com/r/signal/comments/q5tlg1/what_info_does_signal_store_about_its_user/ |archive-date=11 Oct 2021 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=About data collection and data delivery |url=https://old.reddit.com/r/signal/comments/1id3xu8/about_data_collection_and_data_delivery/ |archive-url=https://web.archive.org/web/20250201072439/https://old.reddit.com/r/signal/comments/1id3xu8/about_data_collection_and_data_delivery/?ref=readnext |archive-date=1 Feb 2025 |access-date=6 Mar 2025}}</ref> Signal users questioned the need for the PIN, and communication from the Signal team responded that it was to ensure messages were not missed or lost.<ref>{{Cite web |title=I don’t understand what the new PIN requirement is for |url=https://community.signalusers.org/t/i-don-t-understand-what-the-new-pin-requirement-is-for/13895}}</ref> A more detailed response from Signal following user backlash explains that cloud backups were encrypted in the same way as messages, and were safe.<ref name=":7" />


Several users requested that Signal update their privacy policy following the change in data collection.<ref>{{Cite web |title=Can Signal please update its Privacy Policy |url=https://community.signalusers.org/t/can-signal-please-update-its-privacy-policy/15323 |archive-url=https://web.archive.org/web/20230519120053/https://community.signalusers.org/t/can-signal-please-update-its-privacy-policy/15323 |archive-date=19 May 2023 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=Signal’s Terms of Use and Privacy Policy are not very user friendly |url=https://community.signalusers.org/t/signals-terms-of-use-and-privacy-policy-are-not-very-user-friendly/11047 |archive-url=https://web.archive.org/web/20250306164621/https://community.signalusers.org/t/signals-terms-of-use-and-privacy-policy-are-not-very-user-friendly/11047 |archive-date=6 Mar 2025 |access-date=6 Mar 2025}}</ref> The Signal privacy policy has not changed since 2018.
==References==
==References==
{{reflist}}
{{reflist}}
[[Category:Signal messenger]]
[[Category:Signal messenger]]

Latest revision as of 16:11, 29 August 2025

Signal is a privacy-focused, open source encrypted messaging service. In 2020, the company was accused of collecting and storing sensitive user data on their cloud database without user consent.

Background[edit | edit source]

Signal states on their website that they can't "read your messages or listen to your calls, and no one else can either."[1]

"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service. Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."[2]

Incident[edit | edit source]

In 2019, Signal previewed a feature called "secure value recovery" which would allow users installing the app on a new device to retrieve data from cloud servers.[3] While the data is stored in Signal's cloud, it is stored in a securely encrypted manner.[4] The data collected and stored includes the user's name, photo, phone number, and a list of each Signal user that had been contacted.[5][disputed contact discovery on Signal is private and does not share the phone number as explained later in the cited sources - discuss] Messages are not saved.

Users objected,[6][7][8][9] requesting that Signal instead provide a means to export encrypted backups that could be imported locally, which would eliminate dependence on cloud-based servers. Some users also raised technical concerns about the security of the system and doubted that it could sufficiently protect their data.[10] These concerns were shared by cybersecurity experts,[11][12][13] and security researchers demonstrated that the system was vulnerable to attacks, which allowed them to access the user data being stored.[14][disputed "In recent weeks, Signal has introduced more features that make it more user friendly to people who may not have extremely paranoid threat models. For example, it’s now possible to migrate all Signal data, including message history, from one phone to another, using a feature that does not rely on cloud servers and is also encrypted, according to Signal. " - discuss]

Signal began to roll out the cloud-based recovery feature in 2020. without clear communication with the public or app users about the new feature.[15][16][17][18][19][20][21] Signal users questioned the need for the PIN, and communication from the Signal team responded that it was to ensure messages were not missed or lost.[22] A more detailed response from Signal following user backlash explains that cloud backups were encrypted in the same way as messages, and were safe.[4]

Several users requested that Signal update their privacy policy following the change in data collection.[23][24] The Signal privacy policy has not changed since 2018.

References[edit | edit source]

  1. "Signal".
  2. "Grand jury subpoena for Signal user data, Eastern District of Virginia". Archived from the original on 2 Mar 2025. Retrieved 6 Mar 2025.
  3. "Technology Preview for secure value recovery". Archived from the original on 28 Dec 2024. Retrieved 6 Mar 2025.
  4. 4.0 4.1 "PSA: Disabling PINs will now upload nothing to the server". Archived from the original on 16 Jun 2023. Retrieved 6 Mar 2025.
  5. "What contact info does the Signal PIN functionality actually save". Retrieved 6 Mar 2025.
  6. "Don't want PIN, don't want anything stored in cloud". Archived from the original on 1 Mar 2024. Retrieved 6 Mar 2025.
  7. "PIN, cloud storage are showstoppers".
  8. "Forced PIN, bite it Signal".
  9. "Welcome to the cloud Signal users!".
  10. "Proper secure value security: PINs are too easy to brute force, SGX is not reliable enough". Archived from the original on 1 Mar 2024. Retrieved 6 Mar 2025.
  11. "Signal's New PIN Feature Worries Cybersecurity Experts". Archived from the original on 17 Jan 2025. Retrieved 6 Mar 2025.
  12. "Signal Going to Cloud? A Discussion with Sean O'Brien".
  13. "Does Signal's "secure value recovery" really work?".
  14. "SGX CacheOut SGAxe attack. Signal's cloud storage and contact discovery vulnerable". Archived from the original on 19 May 2023. Retrieved 6 Mar 2025.
  15. "Can someone explain this new PIN system?".
  16. "Mandatory PIN without clear explanation within the app might cause significant number of users to quit using Signal".
  17. "What exactly is Signal protecting with the mandatory PIN?".
  18. "What contact info does the Signal PIN functionality actually save?".
  19. "Following user backlash, Signal lowers one of its drastic PIN measures".
  20. "What info does Signal store about it's user?". Archived from the original on 11 Oct 2021. Retrieved 6 Mar 2025.
  21. "About data collection and data delivery". Archived from the original on 1 Feb 2025. Retrieved 6 Mar 2025.
  22. "I don't understand what the new PIN requirement is for".
  23. "Can Signal please update its Privacy Policy". Archived from the original on 19 May 2023. Retrieved 6 Mar 2025.
  24. "Signal's Terms of Use and Privacy Policy are not very user friendly". Archived from the original on 6 Mar 2025. Retrieved 6 Mar 2025.
Retrieved from "https://consumerrights.wiki/index.php?title=Signal_cloud_backups&oldid=22807"