If one reads the entire article, it mentions some of the usual points of computer encryption/security.
Whether it is more important to have ‘ease of use’ versus more difficult to use with better security.
I suspect ‘ease of use’ versus ‘best security implementation/practice’ is an issue Pure Developers are always contending with.
In the instance of Signal, if we lose the device which has Signal on it, or decide to replace the device with a newer model (Phone for instance) then we lose our phone number book, and who they are. Plus all of our previous messages. Signal now wants to store some of that information in the cloud.
The originator of Signal surely understands our concerns, and I suspect has a good grasp on the consequences of what he is changing Signal into. While I have concerns about those consequences might be, I will listen carefully to his what he eventually tells us, he has earned a bit of credibility.
One of the issues we, are forced to take for granted, is that someone who has earned our trust, is acting freely of his own best judgement and accord. Surely not a problem in this case, but in some countries, the government might apply some physical means to coerce an individual or group to act differently.
I think of the police tactics of flipping drug dealers to turn on suppliers and buyers.
That is also a classic problem, an individual, the well tuned in Security/Encryption people have learned to trust, is making changing changes we have feelings of mistrust about.
The originator of Signal is using a clever trick built into hardware as part of the security, in the latest ‘in the cloud’ version of Signal. I am not feeling very trusting in some part of the Intel system, but I can not suggest a more trustworthy way to achieve what he is trying to achieve.
In a vein not connected with this. Perhaps some of you have a view of “Warrant Canaries.” If I were a government like China, Russia, running an Operation against an Encryption software. My initial operational objective would be to take physical control of Servers related to the company, and the connection immediately upstream to those servers, and to the usual places the target, individuals writing and maintaining software has been taken into custody. If the government is involved is like some governments, compelling the behavior of the software maintainers is not about trading Court Orders.