Why does any additional encryption need to be broken? Signal dark patterns users into using insecure few digit 'pins' to protect their data, then waves some SGX hokum around that as an argument as to why very short pins have acceptable security. Of course, no one with physical access / state level resources is meaningfully impaired by SGX, so the security is just a trivial pin crackable by a speak and spell.
Concerns that were all dismissed when the insecure pin system was introduced because only contacts and settings were hosted, not content. ...
It's already known that users can't choose secure passwords even without UI that tries hard to encourage an insecure choice and that the rare ones that are secure are the ones that also get lost/forgotten. As a cryptosystem "user chooses and remembers a key" is known to be broken. So backup to the cloud really just means "hand to NSA with already known broken encryption".
Concerns that were all dismissed when the insecure pin system was introduced because only contacts and settings were hosted, not content. ...
It's already known that users can't choose secure passwords even without UI that tries hard to encourage an insecure choice and that the rare ones that are secure are the ones that also get lost/forgotten. As a cryptosystem "user chooses and remembers a key" is known to be broken. So backup to the cloud really just means "hand to NSA with already known broken encryption".