Conversation

You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more

Stef

@Stef_van_Dop

Jun 29, 2020

Replying to

@hybr1z

and

@RichFelker

Ah that, yeh seen it, thx. I dont feel really qualified to judge that :) i do feel qualified enough to say that people yelling ‘uninstall x right now!’ are silly :)

Replying to

and

Yes it's the SGX PIN backdoor stuff. I'm not "yelling uninstall x right now" but it's clear that Signal needs to be treated as user-hostile and a replacement sought in the mid to long term.

Replying to

and

I assume you tried to have a conversation about this with

Replying to

and

No, maybe I should have. But the escalating pressure and finally hard refusal to run until I add a PIN is so user-hostile I'd have a hard time trusting Signal even if it's fixed.

Replying to

and

We're trying to add support for identifiers that aren't phone numbers, since that's what we've heard from users. If we do that, your signal contacts can't live in your address book anymore. Every other app just stores that in plaintext on their servers, which we don't want to do.

Replying to

and

They absolutely can if you're fine with backing them up yourself locally or not doing that and losing them all if you lose your device. That's what we want and why we chose Signal to begin with.

Replying to

and

Problem is there won't be anything to "add" to your address book anymore, which is the only non-app storage space. There's no OS concept of "back up locally" on iOS, and won't be for long on Android. And if we did it now on Android it'd require something much longer than a PIN.

Replying to

Backing up locally via SAF works fine. No need for the deprecated Storage permission. The app can request persistent access to a directory for backups and the user just chooses the backup directory via SAF and the app. Can't something similar be done on iOS via their equivalent?

Replying to

This is absolutely correct. The SAF allows the user to open or create files to the device or via a remote service WITHOUT REQUIRING ANY EXTRA PERMISSIONS. The act of picking or naming the file IS the permission grant. developer.android.com/guide/topics/p

Replying to

Yes, and the Storage permission has been deprecated. This form of bulk access to shared storage is disabled for the current API level (29) and apps have to opt into the legacy model. The next API level removes the opt in for anything but an existing app install already using it.

8:17 AM · Jun 30, 2020Twitter Web App

Replying to

For many years, it has been possible to take an approach to shared storage access respectful of user consent and control over their files. It's sad even security/privacy apps need to be forced to do better. It makes it a better feature too: they can use other storage providers.

Replying to

So, in the case of backups, the user can choose to use a directory provided by a file sync service, etc. to have encrypted cloud backups with the provider of their choice or their own self-hosted service. Apps just have to implement this via the proper API giving users a choice.

Show replies