You were talking about adversaries discovering the backdoor. That’s something entirely different from compromised keys. So your sacrasm is quite misplaced here.
Retro computing enthusiast.
Avatar taken from: https://en.wikipedia.org/wiki/Cyrix\_Cx486#/media/File:Cyrix\_Cx486DX4.jpg
You were talking about adversaries discovering the backdoor. That’s something entirely different from compromised keys. So your sacrasm is quite misplaced here.
In order to successfully implement a backdoor, you need to ensure that you are more clever than your adversaries, because those same backdoors can be used against you.
In this instance, that’s not the case. Only those in possession of the right key can use the backdoor. Also, discovering infected systems from the outside, appears to be impossible - the backdoor simply does not do anything to reveal itself if you don’t have the key.
When it comes to privacy (and also security), using a router provided by the cable company is a concern, because that router can see and access all devices on your local network and you can’t be sure that security issues are patched in a timely fashion if ever… Using a modem provided by the cable company on the other hand is not much of an issue, because you have to trust the company anyway, when it comes to your traffic to/from the Internet. These days most of the Internet traffic is encrypted (except DNS, which is often still unencrypted), so that is not a big deal. Of course there can be other reasons to use a different modem.
In either case, it makes sense to switch to a non-ISP DNS server, preferably an encrypted one (DNS-over-TLS or DNS-over-HTTPS), so the ISP can’t see which websites you are accessing.
I’d choose LUKS over Veracrypt for simplicity. If the drive is solely for backup, depending on the backup tool you use, you might not even need encryption on the file system level. Several backup solutions support data encryption.
Any backup software that supports incremental backup should work similarly bandwitdth-wise. I like Restic. You can even do incremental backups with plain rsync, if you want. If your data does not change much, than you should be okay. For the initial backup run it would be helpful if you have physical access to the remote location so you can bring a full backup there without having to upload it through your slow uplink.
Matrix also does have a pretty big problem with meta data. By default it stores a ton of meta data (at least the reference server implementation does) and I am not sure if this is even a solvable problem without redesigning the protocol. When opting for an alternative to Signal, XMPP is probably the better choice.