The fact that they store encryption keys on their servers in the cloud, relying on SGX lock boxes to prevent trivial exploitation of those keys.

In information security, as with intelligence work, it’s about capabilities not intent.

Signal has the capability, to brute force the SGX enclosures, or even use trivial code signed by Intel to simply export the keys from SGX enclosures, which means all of the encryption keys stored in signals cloud, which is all of them, could be compromised. That is a capability they have.

SGX has had multiple exploits, especially side channel attacks through timing, and other metadata in the CPU. Intel is a US corporation, and their subject to national security letters, so they could be compelled to release their SGX signing keys…

All the Lego pieces are there for signal to have a back door. It’s about capabilities. I’m not saying they have a back door, but the pieces are there for one.

If you recall a few years ago, there’s a big hullabaloo about signal storing encryption keys in the cloud behind four digit pins… this is why people are so angry about it. It means we have to trust the central servers, which is antithetical to the capability model that we talked about.

That being said we are reasonably sure the signal client code is secure. So if you disable pin codes and signal, your encryption key is still sent to signal cloud, but it is signed with a cryptographically secure 128-bit something code. So that’s fine. But if everybody you’re talking to hasn’t disabled the pin, then the other side of your conversation is still exploitable.

TLDR: signals great if your threat model does not include five eyes intelligence services, and if your threat model does include five eyes intelligence services you should use something else. Not by intent, but by capabilities.