Daniel Micay on Twitter: "@chrisrohlf @signalapp @moxie It's also confusing to have multiple backup implementations. The existing backup implementation covers all the data stored by the app with strong encryption. Also, seems like a valid complaint that the registration lock PIN feature got gobbled up into a feature that does sync." / Twitter

This Tweet was deleted by the Tweet author. Learn more

Replying to

and

Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.

1

2

6

Replying to

twitter.com/DanielMicay/st By the way,

@moxie

blocked me for this tweet. I think that says a lot. As I feared, the toggle is for the PIN feature as a whole. It also doesn't address that they're still going to be encouraging using a weak PIN for a remote backup/sync feature.

Quote Tweet

Daniel Micay

@DanielMicay

Jul 9, 2020

Replying to @chrisrohlf @signalapp and @moxie

Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.

1

3

Replying to

At least on Android, Signal already had an encrypted backup feature using a strong key generated by the app rather than the user. This could be made more usable via a seed phrase as others have suggested rather than providing it as numbers. Not even an option for the new feature.

1

3

Replying to

It's also confusing to have multiple backup implementations. The existing backup implementation covers all the data stored by the app with strong encryption. Also, seems like a valid complaint that the registration lock PIN feature got gobbled up into a feature that does sync.

4:59 AM · Jul 10, 2020Twitter Web App

Replying to

A lot could be done to make that existing backup implementation more usable: seed phrase instead of numbers, support for easily cloning a Signal installation to another device via QR code pairing instead of manually transferring the backup and entering the backup seed on it, etc.

1

2

Replying to

It's a major usability issue with the app and remains one. People switch phones and lose message archives they want to keep along with their safety numbers changing. The existing backup implementation covers all that. It could be substantially easier to use and more flexible.

2

Conversation