Signal cloud backups: Difference between revisions

(3 intermediate revisions by 2 users not shown)

Line 13:

==Background==

Signal states on their website that they can't "read your messages or listen to your calls, and no one else can either."<ref>{{Cite web |title=Signal |url=https://signal.org/}}</ref><blockquote>"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.

[[Signal messenger|Signal]] states on their website that they can't "read your messages or listen to your calls, and no one else can either."<ref>{{Cite web |title=Signal |url=https://signal.org/ |url-status=live |archive-url=http://web.archive.org/web/20260222135458/https://signal.org/ |archive-date=22 Feb 2026 |website=[[Signal]]}}</ref><blockquote>"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.

Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."<ref name=":0">{{Cite web |title=Grand jury subpoena for Signal user data, Eastern District of Virginia |url=https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-url=https://web.archive.org/web/20250302042109/https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-date=2 Mar 2025 |access-date=6 Mar 2025}}</ref></blockquote>

Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."<ref name=":0">{{Cite web |date=2016-10-04 |title=Grand jury subpoena for Signal user data, Eastern District of Virginia |url=https://signal.org/bigbrother/eastern-virginia-grand-jury/ |url-status=live |archive-url=https://web.archive.org/web/20250302042109/https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-date=2 Mar 2025 |access-date=6 Mar 2025 |website=[[Signal]]}}</ref></blockquote>

==Incident==

In 2019, Signal previewed a feature called "secure value recovery" which would allow users installing the app on a new device to retrieve data from cloud servers.<ref>{{Cite web |title=Technology Preview for secure value recovery |url=https://signal.org/blog/secure-value-recovery/ |archive-url=https://web.archive.org/web/20241228040757/https://signal.org/blog/secure-value-recovery/ |archive-date=28 Dec 2024 |access-date=6 Mar 2025}}</ref> While the data is stored in Signal's cloud, it is stored in a securely encrypted manner.<ref name=":7">{{Cite web |title=PSA: Disabling PINs will now upload nothing to the server |url=https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-url=https://web.archive.org/web/20230616082821/https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-date=16 Jun 2023 |access-date=6 Mar 2025}}</ref> The data collected and stored includes the user's name, photo, phone number, and a list of each Signal user that had been contacted.<ref>{{Cite web |title=What contact info does the Signal PIN functionality actually save |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |archive-url=https://web.archive.org/web/20250601035417/https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |archive-date=1 Jun 2025 |access-date=6 Mar 2025}}</ref>{{DisputedInline|Cited source is heavily cherry picked|reason=contact discovery on Signal is private and does not share the phone number as explained later in the cited sources}} Messages are not saved.

In 2019, Signal previewed a feature called "secure value recovery" which would allow users installing the app on a new device to retrieve data from cloud servers.<ref>{{Cite web |last=@jlund |date=2019-12-19 |title=Technology Preview for secure value recovery |url=https://signal.org/blog/secure-value-recovery/ |url-status=live |archive-url=https://web.archive.org/web/20241228040757/https://signal.org/blog/secure-value-recovery/ |archive-date=28 Dec 2024 |access-date=6 Mar 2025 |website=[[Signal]]}}</ref> While the data is stored in Signal's cloud, it is stored in a securely encrypted manner.<ref name=":7">{{Cite web |last=@Man_With_Arrow |title=PSA: Disabling PINs will now upload nothing to the server |url=https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |url-status=live |archive-url=https://web.archive.org/web/20230616082821/https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-date=16 Jun 2023 |access-date=6 Mar 2025 |website=Old [[Reddit]]}}</ref> The data collected and stored includes the user's name, photo, phone number, and a list of each Signal user that had been contacted.<ref>{{Cite web |last=@awaitlink |date=Sep 2020 |title=What contact info does the Signal PIN functionality actually save |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |url-status=live |archive-url=https://web.archive.org/web/20250601035417/https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |archive-date=1 Jun 2025 |access-date=6 Mar 2025 |website=Signal Community}}</ref>{{DisputedInline|Cited source is heavily cherry picked|reason=contact discovery on Signal is private and does not share the phone number as explained later in the cited sources}} Messages are not saved.

Users objected,<ref>{{Cite web |title=Don’t want PIN, don’t want anything stored in cloud |url=https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-url=https://web.archive.org/web/20240301015109/https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-date=1 Mar 2024 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=PIN, cloud storage are showstoppers |url=https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/ |archive-url=https://web.archive.org/web/20230615212112/https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/ |archive-date=15 Jun 2023}}</ref><ref>{{Cite web |title=Forced PIN, bite it Signal |url=https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/ |archive-url=https://web.archive.org/web/20200711160148/https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/ |archive-date=11 Jul 2020}}</ref><ref>{{Cite web |title=Welcome to the cloud Signal users! |url=https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/ |archive-url=https://web.archive.org/web/20230616073034/https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/ |archive-date=16 Jun 2023}}</ref> requesting that Signal instead provide a means to export encrypted backups that could be imported locally, which would eliminate dependence on cloud-based servers. Some users also raised technical concerns about the security of the system and doubted that it could sufficiently protect their data.<ref name=":1">{{Cite web |title=Proper secure value security: PINs are too easy to brute force, SGX is not reliable enough |url=https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-url=https://web.archive.org/web/20240301015110/https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-date=1 Mar 2024 |access-date=6 Mar 2025}}</ref> These concerns were shared by cybersecurity experts,<ref name=":2">{{Cite web |title=Signal’s New PIN Feature Worries Cybersecurity Experts |url=https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-url=https://web.archive.org/web/20250117232443/https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-date=17 Jan 2025 |access-date=6 Mar 2025}}</ref><ref name=":3">{{Cite web |title=Signal Going to Cloud? A Discussion with Sean O'Brien |url=https://www.youtube.com/watch?v=PFi-VI7_T3o |archive-url=https://web.archive.org/web/20200606204527/https://www.youtube.com/watch?v=PFi-VI7_T3o |archive-date=6 Jun 2020}}</ref><ref name=":4">{{Cite web |title=Does Signal’s “secure value recovery” really work? |url=https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/ |archive-url=https://web.archive.org/web/20200623171135/https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/ |archive-date=23 Jun 2020}}</ref> and security researchers demonstrated that the system was vulnerable to attacks, which allowed them to access the user data being stored.<ref>{{Cite web |title=SGX CacheOut SGAxe attack. Signal’s cloud storage and contact discovery vulnerable |url=https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-url=https://web.archive.org/web/20230519115856/https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-date=19 May 2023 |access-date=6 Mar 2025}}</ref>{{DisputedInline|reason="In recent weeks, Signal has introduced more features that make it more user friendly to people who may not have extremely paranoid threat models. For example, it’s now possible to migrate all Signal data, including message history, from one phone to another, using a feature that does not rely on cloud servers and is also encrypted, according to Signal. "|Cited vice article explains more nuance}}

Users objected,<ref>{{Cite web |last=@PrivacyFan |date=May 2020 |title=Don’t want PIN, don’t want anything stored in cloud |url=https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |url-status=live |archive-url=https://web.archive.org/web/20240301015109/https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-date=1 Mar 2024 |access-date=6 Mar 2025 |website=Signal Community}}</ref><ref>{{Cite web |last=@peter_p_troll |title=PIN, cloud storage are showstoppers |url=https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/ |url-status=live |archive-url=https://web.archive.org/web/20230615212112/https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/ |archive-date=15 Jun 2023 |website=Old [[Reddit]]}}</ref><ref>{{Cite web |last=@crawdad101 |title=Forced PIN, bite it Signal |url=https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/ |url-status=live |archive-url=https://web.archive.org/web/20200711160148/https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/ |archive-date=11 Jul 2020 |website=Old [[Reddit]]}}</ref><ref>{{Cite web |last=@nedrydt |title=Welcome to the cloud Signal users! |url=https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/ |url-status=live |archive-url=https://web.archive.org/web/20230616073034/https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/ |archive-date=16 Jun 2023 |website=Old [[Reddit]]}}</ref> requesting that Signal instead provide a means to export encrypted backups that could be imported locally, which would eliminate dependence on cloud-based servers. Some users also raised technical concerns about the security of the system and doubted that it could sufficiently protect their data.<ref name=":1">{{Cite web |last=@Meteor0id |date=Jun 2020 |title=Proper secure value security: PINs are too easy to brute force, SGX is not reliable enough |url=https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |url-status=live |archive-url=https://web.archive.org/web/20240301015110/https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-date=1 Mar 2024 |access-date=6 Mar 2025 |website=Signal Community}}</ref> These concerns were shared by cybersecurity experts,<ref name=":2">{{Cite web |title=Signal’s New PIN Feature Worries Cybersecurity Experts |url=https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-url=https://web.archive.org/web/20250117232443/https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-date=17 Jan 2025 |access-date=6 Mar 2025}}</ref><ref name=":3">{{Cite web |title=Signal Going to Cloud? A Discussion with Sean O'Brien |url=https://www.youtube.com/watch?v=PFi-VI7_T3o |archive-url=https://web.archive.org/web/20200606204527/https://www.youtube.com/watch?v=PFi-VI7_T3o |archive-date=6 Jun 2020}}</ref><ref name=":4">{{Cite web |title=Does Signal’s “secure value recovery” really work? |url=https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/ |archive-url=https://web.archive.org/web/20200623171135/https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/ |archive-date=23 Jun 2020}}</ref> and security researchers demonstrated that the system was vulnerable to attacks, which allowed them to access the user data being stored.<ref>{{Cite web |title=SGX CacheOut SGAxe attack. Signal’s cloud storage and contact discovery vulnerable |url=https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-url=https://web.archive.org/web/20230519115856/https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-date=19 May 2023 |access-date=6 Mar 2025}}</ref>{{DisputedInline|reason="In recent weeks, Signal has introduced more features that make it more user friendly to people who may not have extremely paranoid threat models. For example, it’s now possible to migrate all Signal data, including message history, from one phone to another, using a feature that does not rely on cloud servers and is also encrypted, according to Signal. "|Cited vice article explains more nuance}}

Signal began to roll out the cloud-based recovery feature in 2020. without clear communication with the public or app users about the new feature.<ref name=":5">{{Cite web |title=Can someone explain this new PIN system? |url=https://old.reddit.com/r/signal/comments/ggty6n/can_someone_explain_this_new_pin_system/ |archive-url=https://web.archive.org/web/20230615184050/https://old.reddit.com/r/signal/comments/ggty6n/can_someone_explain_this_new_pin_system/ |archive-date=15 Jun 2023}}</ref><ref>{{Cite web |title=Mandatory PIN without clear explanation within the app might cause significant number of users to quit using Signal |url=https://community.signalusers.org/t/mandatory-pin-without-clear-explanation-within-the-app-might-cause-significant-number-of-users-to-quit-using-signal/11597 |archive-url=https://web.archive.org/web/20200521073518/https://community.signalusers.org/t/mandatory-pin-without-clear-explanation-within-the-app-might-cause-significant-number-of-users-to-quit-using-signal/11597 |archive-date=21 May 2020}}</ref><ref name=":6">{{Cite web |title=What exactly is Signal protecting with the mandatory PIN? |url=https://old.reddit.com/r/signal/comments/hymlfd/what_exactly_is_signal_protecting_with_the/ |archive-url=https://web.archive.org/web/20230616052149/https://old.reddit.com/r/signal/comments/hymlfd/what_exactly_is_signal_protecting_with_the/ |archive-date=16 Jun 2023}}</ref><ref>{{Cite web |title=What contact info does the Signal PIN functionality actually save? |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854 |archive-url=https://web.archive.org/web/20250605155719/https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854 |archive-date=5 Jun 2025}}</ref><ref>{{Cite web |title=Following user backlash, Signal lowers one of its drastic PIN measures |url=https://www.androidpolice.com/2020/05/29/many-signal-users-arent-happy-with-new-pin-requirements/ |archive-url=https://web.archive.org/web/20200606100450/https://www.androidpolice.com/2020/05/29/many-signal-users-arent-happy-with-new-pin-requirements/ |archive-date=6 Jun 2020}}</ref><ref>{{Cite web |title=What info does Signal store about it's user? |url=https://old.reddit.com/r/signal/comments/q5tlg1/what_info_does_signal_store_about_its_user/ |archive-url=https://web.archive.org/web/20211011111619/https://old.reddit.com/r/signal/comments/q5tlg1/what_info_does_signal_store_about_its_user/ |archive-date=11 Oct 2021 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=About data collection and data delivery |url=https://old.reddit.com/r/signal/comments/1id3xu8/about_data_collection_and_data_delivery/ |archive-url=https://web.archive.org/web/20250201072439/https://old.reddit.com/r/signal/comments/1id3xu8/about_data_collection_and_data_delivery/?ref=readnext |archive-date=1 Feb 2025 |access-date=6 Mar 2025}}</ref> Signal users questioned the need for the PIN, and communication from the Signal team responded that it was to ensure messages were not missed or lost.<ref>{{Cite web |title=I don’t understand what the new PIN requirement is for |url=https://community.signalusers.org/t/i-don-t-understand-what-the-new-pin-requirement-is-for/13895 |archive-url=https://web.archive.org/web/20250601035417/https://community.signalusers.org/t/i-don-t-understand-what-the-new-pin-requirement-is-for/13895 |archive-date=1 Jun 2025}}</ref> A more detailed response from Signal following user backlash explains that cloud backups were encrypted in the same way as messages, and were safe.<ref name=":7" />

@@ Line 13: / Line 13: @@
 ==Background==
-Signal states on their website that they can't "read your messages or listen to your calls, and no one else can either."<ref>{{Cite web |title=Signal |url=https://signal.org/}}</ref><blockquote>"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.
+[[Signal messenger|Signal]] states on their website that they can't "read your messages or listen to your calls, and no one else can either."<ref>{{Cite web |title=Signal |url=https://signal.org/ |url-status=live |archive-url=http://web.archive.org/web/20260222135458/https://signal.org/ |archive-date=22 Feb 2026 |website=[[Signal]]}}</ref><blockquote>"We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.
-Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."<ref name=":0">{{Cite web |title=Grand jury subpoena for Signal user data, Eastern District of Virginia |url=https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-url=https://web.archive.org/web/20250302042109/https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-date=2 Mar 2025 |access-date=6 Mar 2025}}</ref></blockquote>
+Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with."<ref name=":0">{{Cite web |date=2016-10-04 |title=Grand jury subpoena for Signal user data, Eastern District of Virginia |url=https://signal.org/bigbrother/eastern-virginia-grand-jury/ |url-status=live |archive-url=https://web.archive.org/web/20250302042109/https://signal.org/bigbrother/eastern-virginia-grand-jury/ |archive-date=2 Mar 2025 |access-date=6 Mar 2025 |website=[[Signal]]}}</ref></blockquote>
 ==Incident==
-In 2019, Signal previewed a feature called "secure value recovery" which would allow users installing the app on a new device to retrieve data from cloud servers.<ref>{{Cite web |title=Technology Preview for secure value recovery |url=https://signal.org/blog/secure-value-recovery/ |archive-url=https://web.archive.org/web/20241228040757/https://signal.org/blog/secure-value-recovery/ |archive-date=28 Dec 2024 |access-date=6 Mar 2025}}</ref> While the data is stored in Signal's cloud, it is stored in a securely encrypted manner.<ref name=":7">{{Cite web |title=PSA: Disabling PINs will now upload nothing to the server |url=https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-url=https://web.archive.org/web/20230616082821/https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-date=16 Jun 2023 |access-date=6 Mar 2025}}</ref> The data collected and stored includes the user's name, photo, phone number, and a list of each Signal user that had been contacted.<ref>{{Cite web |title=What contact info does the Signal PIN functionality actually save |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |archive-url=https://web.archive.org/web/20250601035417/https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |archive-date=1 Jun 2025 |access-date=6 Mar 2025}}</ref>{{DisputedInline|Cited source is heavily cherry picked|reason=contact discovery on Signal is private and does not share the phone number as explained later in the cited sources}} Messages are not saved.
+In 2019, Signal previewed a feature called "secure value recovery" which would allow users installing the app on a new device to retrieve data from cloud servers.<ref>{{Cite web |last=@jlund |date=2019-12-19 |title=Technology Preview for secure value recovery |url=https://signal.org/blog/secure-value-recovery/ |url-status=live |archive-url=https://web.archive.org/web/20241228040757/https://signal.org/blog/secure-value-recovery/ |archive-date=28 Dec 2024 |access-date=6 Mar 2025 |website=[[Signal]]}}</ref> While the data is stored in Signal's cloud, it is stored in a securely encrypted manner.<ref name=":7">{{Cite web |last=@Man_With_Arrow |title=PSA: Disabling PINs will now upload nothing to the server |url=https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |url-status=live |archive-url=https://web.archive.org/web/20230616082821/https://old.reddit.com/r/signal/comments/htmzrr/psa_disabling_pins_will_now_upload_nothing_to_the/ |archive-date=16 Jun 2023 |access-date=6 Mar 2025 |website=Old [[Reddit]]}}</ref> The data collected and stored includes the user's name, photo, phone number, and a list of each Signal user that had been contacted.<ref>{{Cite web |last=@awaitlink |date=Sep 2020 |title=What contact info does the Signal PIN functionality actually save |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |url-status=live |archive-url=https://web.archive.org/web/20250601035417/https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854/4 |archive-date=1 Jun 2025 |access-date=6 Mar 2025 |website=Signal Community}}</ref>{{DisputedInline|Cited source is heavily cherry picked|reason=contact discovery on Signal is private and does not share the phone number as explained later in the cited sources}} Messages are not saved.
-Users objected,<ref>{{Cite web |title=Don’t want PIN, don’t want anything stored in cloud |url=https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-url=https://web.archive.org/web/20240301015109/https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-date=1 Mar 2024 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=PIN, cloud storage are showstoppers |url=https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/ |archive-url=https://web.archive.org/web/20230615212112/https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/ |archive-date=15 Jun 2023}}</ref><ref>{{Cite web |title=Forced PIN, bite it Signal |url=https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/ |archive-url=https://web.archive.org/web/20200711160148/https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/ |archive-date=11 Jul 2020}}</ref><ref>{{Cite web |title=Welcome to the cloud Signal users! |url=https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/ |archive-url=https://web.archive.org/web/20230616073034/https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/ |archive-date=16 Jun 2023}}</ref> requesting that Signal instead provide a means to export encrypted backups that could be imported locally, which would eliminate dependence on cloud-based servers. Some users also raised technical concerns about the security of the system and doubted that it could sufficiently protect their data.<ref name=":1">{{Cite web |title=Proper secure value security: PINs are too easy to brute force, SGX is not reliable enough |url=https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-url=https://web.archive.org/web/20240301015110/https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-date=1 Mar 2024 |access-date=6 Mar 2025}}</ref> These concerns were shared by cybersecurity experts,<ref name=":2">{{Cite web |title=Signal’s New PIN Feature Worries Cybersecurity Experts |url=https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-url=https://web.archive.org/web/20250117232443/https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-date=17 Jan 2025 |access-date=6 Mar 2025}}</ref><ref name=":3">{{Cite web |title=Signal Going to Cloud? A Discussion with Sean O'Brien |url=https://www.youtube.com/watch?v=PFi-VI7_T3o |archive-url=https://web.archive.org/web/20200606204527/https://www.youtube.com/watch?v=PFi-VI7_T3o |archive-date=6 Jun 2020}}</ref><ref name=":4">{{Cite web |title=Does Signal’s “secure value recovery” really work? |url=https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/ |archive-url=https://web.archive.org/web/20200623171135/https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/ |archive-date=23 Jun 2020}}</ref> and security researchers demonstrated that the system was vulnerable to attacks, which allowed them to access the user data being stored.<ref>{{Cite web |title=SGX CacheOut SGAxe attack. Signal’s cloud storage and contact discovery vulnerable |url=https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-url=https://web.archive.org/web/20230519115856/https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-date=19 May 2023 |access-date=6 Mar 2025}}</ref>{{DisputedInline|reason="In recent weeks, Signal has introduced more features that make it more user friendly to people who may not have extremely paranoid threat models. For example, it’s now possible to migrate all Signal data, including message history, from one phone to another, using a feature that does not rely on cloud servers and is also encrypted, according to Signal. "|Cited vice article explains more nuance}}
+Users objected,<ref>{{Cite web |last=@PrivacyFan |date=May 2020 |title=Don’t want PIN, don’t want anything stored in cloud |url=https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |url-status=live |archive-url=https://web.archive.org/web/20240301015109/https://community.signalusers.org/t/dont-want-pin-dont-want-anything-stored-in-cloud/14057 |archive-date=1 Mar 2024 |access-date=6 Mar 2025 |website=Signal Community}}</ref><ref>{{Cite web |last=@peter_p_troll |title=PIN, cloud storage are showstoppers |url=https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/ |url-status=live |archive-url=https://web.archive.org/web/20230615212112/https://old.reddit.com/r/signal/comments/ghsj5b/pin_cloud_storage_are_showstoppers/ |archive-date=15 Jun 2023 |website=Old [[Reddit]]}}</ref><ref>{{Cite web |last=@crawdad101 |title=Forced PIN, bite it Signal |url=https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/ |url-status=live |archive-url=https://web.archive.org/web/20200711160148/https://old.reddit.com/r/signal/comments/hkle3d/forced_pin_bite_it_signal/ |archive-date=11 Jul 2020 |website=Old [[Reddit]]}}</ref><ref>{{Cite web |last=@nedrydt |title=Welcome to the cloud Signal users! |url=https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/ |url-status=live |archive-url=https://web.archive.org/web/20230616073034/https://old.reddit.com/r/signal/comments/hkl914/welcome_to_the_cloud_signal_users/ |archive-date=16 Jun 2023 |website=Old [[Reddit]]}}</ref> requesting that Signal instead provide a means to export encrypted backups that could be imported locally, which would eliminate dependence on cloud-based servers. Some users also raised technical concerns about the security of the system and doubted that it could sufficiently protect their data.<ref name=":1">{{Cite web |last=@Meteor0id |date=Jun 2020 |title=Proper secure value security: PINs are too easy to brute force, SGX is not reliable enough |url=https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |url-status=live |archive-url=https://web.archive.org/web/20240301015110/https://community.signalusers.org/t/proper-secure-value-security-pins-are-too-easy-to-brute-force-sgx-is-not-reliable-enough/15096 |archive-date=1 Mar 2024 |access-date=6 Mar 2025 |website=Signal Community}}</ref> These concerns were shared by cybersecurity experts,<ref name=":2">{{Cite web |title=Signal’s New PIN Feature Worries Cybersecurity Experts |url=https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-url=https://web.archive.org/web/20250117232443/https://www.vice.com/en/article/signal-new-pin-feature-worries-cybersecurity-experts/ |archive-date=17 Jan 2025 |access-date=6 Mar 2025}}</ref><ref name=":3">{{Cite web |title=Signal Going to Cloud? A Discussion with Sean O'Brien |url=https://www.youtube.com/watch?v=PFi-VI7_T3o |archive-url=https://web.archive.org/web/20200606204527/https://www.youtube.com/watch?v=PFi-VI7_T3o |archive-date=6 Jun 2020}}</ref><ref name=":4">{{Cite web |title=Does Signal’s “secure value recovery” really work? |url=https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/ |archive-url=https://web.archive.org/web/20200623171135/https://palant.info/2020/06/16/does-signals-secure-value-recovery-really-work/ |archive-date=23 Jun 2020}}</ref> and security researchers demonstrated that the system was vulnerable to attacks, which allowed them to access the user data being stored.<ref>{{Cite web |title=SGX CacheOut SGAxe attack. Signal’s cloud storage and contact discovery vulnerable |url=https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-url=https://web.archive.org/web/20230519115856/https://community.signalusers.org/t/sgx-cacheout-sgaxe-attack-signals-cloud-storage-and-contact-discovery-vulnerable/14892 |archive-date=19 May 2023 |access-date=6 Mar 2025}}</ref>{{DisputedInline|reason="In recent weeks, Signal has introduced more features that make it more user friendly to people who may not have extremely paranoid threat models. For example, it’s now possible to migrate all Signal data, including message history, from one phone to another, using a feature that does not rely on cloud servers and is also encrypted, according to Signal. "|Cited vice article explains more nuance}}
 Signal began to roll out the cloud-based recovery feature in 2020. without clear communication with the public or app users about the new feature.<ref name=":5">{{Cite web |title=Can someone explain this new PIN system? |url=https://old.reddit.com/r/signal/comments/ggty6n/can_someone_explain_this_new_pin_system/ |archive-url=https://web.archive.org/web/20230615184050/https://old.reddit.com/r/signal/comments/ggty6n/can_someone_explain_this_new_pin_system/ |archive-date=15 Jun 2023}}</ref><ref>{{Cite web |title=Mandatory PIN without clear explanation within the app might cause significant number of users to quit using Signal |url=https://community.signalusers.org/t/mandatory-pin-without-clear-explanation-within-the-app-might-cause-significant-number-of-users-to-quit-using-signal/11597 |archive-url=https://web.archive.org/web/20200521073518/https://community.signalusers.org/t/mandatory-pin-without-clear-explanation-within-the-app-might-cause-significant-number-of-users-to-quit-using-signal/11597 |archive-date=21 May 2020}}</ref><ref name=":6">{{Cite web |title=What exactly is Signal protecting with the mandatory PIN? |url=https://old.reddit.com/r/signal/comments/hymlfd/what_exactly_is_signal_protecting_with_the/ |archive-url=https://web.archive.org/web/20230616052149/https://old.reddit.com/r/signal/comments/hymlfd/what_exactly_is_signal_protecting_with_the/ |archive-date=16 Jun 2023}}</ref><ref>{{Cite web |title=What contact info does the Signal PIN functionality actually save? |url=https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854 |archive-url=https://web.archive.org/web/20250605155719/https://community.signalusers.org/t/what-contact-info-does-the-signal-pin-functionality-actually-save/16854 |archive-date=5 Jun 2025}}</ref><ref>{{Cite web |title=Following user backlash, Signal lowers one of its drastic PIN measures |url=https://www.androidpolice.com/2020/05/29/many-signal-users-arent-happy-with-new-pin-requirements/ |archive-url=https://web.archive.org/web/20200606100450/https://www.androidpolice.com/2020/05/29/many-signal-users-arent-happy-with-new-pin-requirements/ |archive-date=6 Jun 2020}}</ref><ref>{{Cite web |title=What info does Signal store about it's user? |url=https://old.reddit.com/r/signal/comments/q5tlg1/what_info_does_signal_store_about_its_user/ |archive-url=https://web.archive.org/web/20211011111619/https://old.reddit.com/r/signal/comments/q5tlg1/what_info_does_signal_store_about_its_user/ |archive-date=11 Oct 2021 |access-date=6 Mar 2025}}</ref><ref>{{Cite web |title=About data collection and data delivery |url=https://old.reddit.com/r/signal/comments/1id3xu8/about_data_collection_and_data_delivery/ |archive-url=https://web.archive.org/web/20250201072439/https://old.reddit.com/r/signal/comments/1id3xu8/about_data_collection_and_data_delivery/?ref=readnext |archive-date=1 Feb 2025 |access-date=6 Mar 2025}}</ref> Signal users questioned the need for the PIN, and communication from the Signal team responded that it was to ensure messages were not missed or lost.<ref>{{Cite web |title=I don’t understand what the new PIN requirement is for |url=https://community.signalusers.org/t/i-don-t-understand-what-the-new-pin-requirement-is-for/13895 |archive-url=https://web.archive.org/web/20250601035417/https://community.signalusers.org/t/i-don-t-understand-what-the-new-pin-requirement-is-for/13895 |archive-date=1 Jun 2025}}</ref> A more detailed response from Signal following user backlash explains that cloud backups were encrypted in the same way as messages, and were safe.<ref name=":7" />