Comment by elvisloops 19 hours ago
Strange that they are posting about the "signal ratchet" when they just removed it by launching cloud backups that use a static key? Since those cloud backups include disappearing messages, that feature completely undoes all of the forward secrecy in this protocol.
Yes, but you don't need a complicated ratcheting protocol if you've eliminated forward secrecy in other ways. This post is about "post compromise security," but there is already no post-compromise security after the cloud backups feature
Do you also think it's "strange" that they're introducing that (optional!) feature while also storing all the messages on your device? The cloud backup is strictly more secure than that on-device database. Their blog post on the subject also explicitly says it won't include disappearing messages that disappear within 24 hours.
It's not optional because you don't know whether the people you are communicating with have it enabled. One person in a group chat with the feature enabled undoes the forward secrecy for everyone in the group chat.
A cloud backup eliminates any forward secrecy. It used to be that in Signal, when you have a message on your device and it is deleted (or a disappearing message disappears), then it is truly gone and can never be recovered. Now with backups, since the key that was used to encrypt it to the cloud remains on your device, it can be recovered even after the message is deleted or disappears.
The only way to "truly" opt-out is to, as you say, set a disappearing message timer for <24 hours.
Signal can't protect you against the other party you are communicating with. They can backup the conversation, or screenshot it, or take a photo of the screen with another camera. They could also retell in their words what you sent.
That backup system presumably uses symmetric encryption, which is not nearly as vulnerable to quantum-accelerated attacks.