Signal’s incremental backups are interesting. I had assumed that they would back up in fixed-sized chunks (with padding if necessary) connected by a hash chain so that you couldn’t tamper with the older ones, and you could replay them in reverse order to restore. It appears as if media are saved in individual files, individually encrypted, which looks as if it leaks the size of media (often, due to image compression, sufficient to uniquely identify a file) and the date at which it was added. That’s quite a big side channel for a secure messenger.

Did I misunderstand how it works? If not, people who care about privacy would need to be careful. If, say, law enforcement in an oppressive regime wants to ask ‘did you receive this file that was sent to a group chat for dissidents on this date?’ this would be trivial to answer for someone with access to the encrypted backups.