I've been a user and supporter of Signal for years. I've disagreed with various design decisions, but there has always been sensible reasoning behind their decisions based on facts and logic. I only used to disagree on certain priorities and had faith in them. No longer the case.
Conversation
Replying to
I'm well aware of that. It doesn't address anything that I've talked about. My thread was posted with the full awareness that they are making PINs optional. I suggest reading twitter.com/DanielMicay/st, my other earlier posts and this thread.
Quote Tweet
Replying to @chrisrohlf @signalapp and @moxie
Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.
1
3
Replying to
This feature was previously only a registration lock PIN. It should be possible to set a registration lock PIN as before without it enabling remote backup / sync with it used to derive an encryption key. It also matters that users are encouraged to use a weak PIN for remote sync.
Replying to
Needing to work around dark patterns to use the app securely does not fit Signal. It's supposed to be about bringing privacy/security to the masses. Most users are going to use the app as intended. It guides people to set a weak PIN and then does remote backup / sync using it.
1
3
Replying to
Recommended steps before hitting delete on signal app would be very much appreciated.
1
Show replies
This Tweet was deleted by the Tweet author. Learn more
Replying to
As I said, the feature was previously a registration lock PIN. It was replaced with a new PIN that also enables a form of remote backup/sync for certain data with encryption based on the PIN. One of the issues is how they replaced that harmless feature with one requiring care.
1
Show replies