Privacy

In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet messages, important documents, or anything else you don’t want to lose forever. This explains why the most common feature request has been backups; a way for people to get Signal messages back even if their phone is lost or damaged.

After careful design and development, we are now starting to roll out secure backups, an opt-in feature. This first phase is available in the latest beta release for Android. This will let us further test this feature in a limited setting, before it rolls out to iOS and Desktop in the near future.

Here, we’ll outline the basics of secure backups and provide a high-level overview about how they work and how we built a system that allows you to recover your Signal conversations while maintaining the highest bar for privacy and security.

Secure Backups 101

Secure backups let you save an archive of your Signal conversations in a privacy-preserving form, refreshed every day; giving you the ability to restore your chats even if you lose access to your phone. Signal’s secure backups are opt-in and, of course, end-to-end encrypted. So if you don’t want to create a secure backup archive of your Signal messages and media, you never have to use the feature.

If you do decide to opt in to secure backups, you’ll be able to securely back up all of your text messages and the last 45 days’ worth of media for free.

If you want to back up your media history beyond 45 days, as well as your message history, we also offer a paid subscription plan for US$1.99 per month.

This is the first time we’ve offered a paid feature. The reason we’re doing this is simple: media requires a lot of storage, and storing and transferring large amounts of data is expensive. As a nonprofit that refuses to collect or sell your data, Signal needs to cover those costs differently than other tech organizations that offer similar products but support themselves by selling ads and monetizing data.

Anatomy of Secure Backups: Privacy First, Always

At Signal, our commitment to privacy informs which features we build and the ways that we build them.

Using the same zero-knowledge technology that enables Signal groups to work without revealing intimate metadata, backup archives are stored without a direct link to a specific backup payment or Signal user account.

At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it. You can generate a new key if you choose. We recommend storing this key securely (writing it down in a notebook or a secure password manager, for example).

These choices are part and parcel of Signal’s guiding mission to collect as close to no data as possible, and to make sure that any information that is required to make Signal robust and usable cannot be tied back to the people who depend on Signal. This is why wherever there’s a choice between security and any other objective, we’ve prioritized security.

Enabling Secure Backups

If you want to opt in to secure backups, you can do so from your Signal Settings menu. For now, only people running the latest beta version of Signal on Android will be able to opt in. But soon, we’ll be rolling this feature out across all platforms.

Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive. Only you can decrypt your backup archive, which will allow you to restore your message database (excluding view-once messages and messages scheduled to disappear within the next 24 hours). Because your secure backup archive is refreshed daily, anything you deleted in the past 24 hours, or any messages set to disappear are removed from the latest daily secure backup archive, as you intended.

Backing up, moving forward

We’re excited to introduce secure backups, making sure you can retain access to your Signal messages even when your phone is lost or destroyed. But secure backups aren’t the end of the road.

The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.

Secure backups are available in today’s Android beta release. A full public release, along with iOS and Desktop support, is coming soon.

• Turkey has been blocking access to all main social media platforms since the evening of Sunday, September 7, 2025
• X, YouTube, Instagram, Facebook, TikTok, and WhatsApp have all been impacted, according to an internet watchdog
• Proton VPN has recorded a spike of over 500% on an hourly basis on the night of Sunday

A Reddit user Reeceeboii_ highlights, any time you share a song from within Spotify, it generates a unique tracking URL linked to your account. Spotify can join the dots between the sender and receiver whenever anyone clicks on this unique URL. People have allegedly noticed that Spotify has retroactively filled out the history of song shares in the Messages feature, which is possible through these tracking URLs.

Unlike typical programs that prioritize profit over principles, Kagi Specials highlights privacy-first products that offer quality services with transparent business practices.

A few times per year, we select a limited number of services that meet our core standards: no surveillance, no ads, no selling your data, and products designed with the user in mind. If you’re building a privacy-first service, or know a company that should be featured, we’d love to hear from you. Share details or nominate a project through this quick form.

Just to be clear: there’s no money changing hands here. We’ve partnered with these companies because we believe in what they’re doing, share similar values, and think our respective communities would naturally appreciate what each other has to offer.

In today’s digital world, our personal data is being collected, stored and sold more than ever before. Every time we scroll through social media, shop online or even just browse the web, we leave behind a trail of information that companies and governments are eager to collect and use.

Data privacy has become a more serious concern than people may realize, and it’s high time we start looking into this.

Corporations like Facebook, Google and Amazon gather enormous amounts of data from us. They know our interests, habits and far more. Yet, most of us have no clue how this data is being used or who’s accessing it.

A major concern is that this data is often sold to third parties — without our informed consent — leading to the manipulation of our online experiences and even our real-world choices.

The UK government has announced plans for a digital ID wallet, enabling British citizens to store all government-issued documents on a single location on their smartphones.

However, security experts have raised significant security and privacy concerns around storing so many sensitive documents in a single location.

The new ID wallet is designed to increase the security and convenience of using identification documents for everyday purposes such as proving age and claiming benefits, according to the government.

The digital ID concept also has the potential to become an avenue for privacy abuse and government overreach, if sufficient safeguards are not put in place.

Chris Linnell, Associate Director – Data Privacy at Bridewell, noted that every use of the GOV.UK Wallet will likely leave behind a “digital trail,” with user’s metadata such as the time, location and device used logged. This would create a detailed record of an individual’s movement and activities over time.

notes : This is a serious issue that is rarely discussed. Some countries have already implemented Digital ID like Aadhar in India. Even the World Bank has encouraged other governments to implement this Digital ID. You can check out the website https://id4d.worldbank.org/

The Ministry of Communication and Information Technology of Nepal has issued an order requiring all social media platforms to be registered in Nepal.

Based on this, the Nepal Telecommunications Authority (NTA) has instructed all network service providers to deactivate 26 platforms, including Signal, Facebook, Instagram, WhatsApp, YouTube, and others.

To lift the ban and operate legally in Nepal, each platform must:

1. Register with the Ministry of Communication and Information Technology.

2. Appoint in Nepal:

   • A Point of Contact
   • A Resident Grievance Handling Officer
   • An Officer responsible for monitoring compliance with self-regulation [1]

3. Submit an application in the prescribed format along with required documents, as per the Directives on Managing the Use of Social Media Networks (2080 B.S.). [2]

Reference:

[1] Notice by the Ministry of Communication and Information Technology on Managing the Social Networking Platform Usage in Nepal

[2] Directives for Managing the Use of Social Networks, 2023

Macrodroid has been a favourite of mine for automating things on my phone. This is no longer the case.

It has been silently updated at some point to become a data mining and leaking nightmare. At the time of writing these lines, this app contains 30 trackers from various third party telemetry services according to the latest Exodus report. This is an extremely high number of trackers. Even most junk mobile games can't manage to contain this many. The owner of the app has sold out and turned it into spyware to sell your data to as many companies as possible.

This is particularly worrying considering the level of access and permissions the app requires to work. If you are using the app still, I'm urging you to reconsider.

Spread the word.

Nepal’s government has said it will shut off access to major social media platforms, including Facebook and X, after they failed to comply with authorities’ registration requirements.

The move, announced on Thursday, is part of what the government says is an effort to curb online hate, rumours and cybercrime.

The online restrictions follow a 2023 directive requiring social media platforms – which have millions of users in Nepal with accounts for entertainment, news and business – to register and establish a local presence.

Only five, including TikTok and Viber, have since formally registered, while two others are in the process.

Bhola Nath Dhungana, president of Digital Rights Nepal, said that the sudden closure shows the “controlling” approach of the government

It was recently reported by Jack Poulson on Substack that ICE has reactivated its 2 million dollar contract with Paragon Solutions, a cyber-mercenary and spyware manufacturer.

The reactivation of the contract between the Department of Homeland Security and Paragon Solutions, a known spyware vendor, is extremely troubling.

Linked the section in their terms of service that includes instructions on how to opt out. You have thirty days to do so if you are currently signed up.

A federal jury determined on Wednesday that Alphabet’

Google must pay $425 million for invading users’ privacy by continuing to collect data for millions of users who had switched off a tracking feature in their Google account.

The verdict comes after a trial in the federal court in San Francisco over allegations that Google over an eight-year period accessed users’ mobile devices to collect, save, and use their data, violating privacy assurances under its Web & App Activity setting.

The users had been seeking more than $31 billion in damages.