Are Signal Secure Backups secure?

user63455

Why do they put „secure“ in the name?

The-Man

user63455 Why do they put „secure“ in the name?

Encourage the unwitting to store their secrets on someone else's hardware, when in reality you should store them yourself on your own removable HDD/USB stick, etc.

Convenience wins again over sensible OpSec...

Tandara

Because they are secure? :)
https://support.signal.org/hc/en-us/articles/9708267671322-Signal-Secure-Backups

Novalissoide

The-Man should store them yourself on your own removable HDD/USB stick, etc

Do you encrypt your files stored this way?

EverettHitch

Novalissoide local backups are already encrypted

https://support.signal.org/hc/en-us/articles/10066926526362-Android-On-Device-Backups

Novalissoide

EverettHitch Got it, read too fast and missed what the actual backup was.🙂‍↕️

ClickClickDrone

Well, why would they be insecure?

If the backup system were intentionally insecure, the whole of Signal would likely also be insecure.

While local backups in theory can be more secure, they require more effort by the end-user, and worse yet, the user might make mistakes which jeopardises security. Such issues are mitigated by this.