I've been a user and supporter of Signal for years. I've disagreed with various design decisions, but there has always been sensible reasoning behind their decisions based on facts and logic. I only used to disagree on certain priorities and had faith in them. No longer the case.
Conversation
Replying to
I'm well aware of that. It doesn't address anything that I've talked about. My thread was posted with the full awareness that they are making PINs optional. I suggest reading twitter.com/DanielMicay/st, my other earlier posts and this thread.
Quote Tweet
Replying to @chrisrohlf @signalapp and @moxie
Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.
1
3
Replying to
This feature was previously only a registration lock PIN. It should be possible to set a registration lock PIN as before without it enabling remote backup / sync with it used to derive an encryption key. It also matters that users are encouraged to use a weak PIN for remote sync.
1
2
This Tweet was deleted by the Tweet author. Learn more
Replying to
As I said, the feature was previously a registration lock PIN. It was replaced with a new PIN that also enables a form of remote backup/sync for certain data with encryption based on the PIN. One of the issues is how they replaced that harmless feature with one requiring care.
There are existing guides suggesting setting up a registration lock PIN. They also didn't make it obvious what was changing and the implications of setting the new PIN. This was approached with dark patterns just like the kind of nonsense Facebook has become known for doing.