When Signal was originally being pushed in tech circles, I saw that they first identified you by phone number which struck me as odd for a privacy messenger. Was it always a honeypot? Sam Bent’s investigation into the guy responsible for this new centralized backup feature to their servers gives a tie in with a lot of other big tech companies during times when they had spying controversies, e.g. Twitter, Microsoft, Facebook… And the part where if they get your device and retrieve your keys, they can access the app’s database kind of tells the tale. I wouldn’t be surprised if the government has a zero-day vulnerability they’re holding to decode messages without phone possession. What’s interesting with the centralized backup option that is encrypted, it’s kind of like having a hot wallet with Bitcoin or other cryptocurrency. If the device is compromised, the key can be taken, and they can steal all of your crypto, or in this case all of your “private” conversations. And we know the government pays for zero-day vulnerabilities it doesn’t disclose unless they become more susceptible to third parties because of it. So I wouldn’t trust Signal if you value privacy, and perhaps look into SimpleX or use GPG with anonymous e-mail accounts…