> The enclave solution we use currently on our cloud servers is a technology called SGX built into Intel server processors. Intel’s SGX protects against introspection by encrypting RAM as it’s written into memory and decrypting it as it’s read out. Keys associated with this encryption never leave the underlying CPU, so they’re not accessible to the server owners or anyone else with access to server infrastructure. Someone with access to read the memory space of the program could not access the data because it’s encrypted, and they don’t have the keys to decrypt it. And in Signal’s case, we don’t have these keys either.

Reading this it seems Signal still relies on SGX not being as broken and insecure as it is. I find that quite disappointing to be honest.

Signal seems to do quite a bit of marketing by omission: "Intel’s SGX protects against introspection", "we depend on donations from our community", etc.

Perhaps they should be encouraged to flesh out the details a bit more in footnotes or something.