... seem like that's fine based on using SGX when it's an extremely problematic approach that's ultimately unworkable. The reliance on SGX is at serious odds with past design choices: end-to-end encryption, encrypted backup / restore with a strong key, etc. Also again, my main...
Conversation
... issue is not these recent design decisions but rather how they've handled the response to it including valid criticism. Repeatedly making false claims, misrepresenting criticism/suggestions and responding with a holier-than-thou attitude, platitudes and fallacies. Bad look.
1
2
12
It's possible to set a strong passphrase as this PIN and avoid depending on SGX security. The issue is how they've converted an existing feature, the lack of a proper explanation for users, their dismissive response to valid criticisms about it and inaccurate/misleading claims.
1
1
11
The experience of the registration lock PIN being converted to this resembles dark patterns used by Facebook. It wasn't clear even to highly technical people what was happening and what the new PIN they were creating was doing. It is STILL a problem with them adding an opt-out.
1
2
10
They did such a good job designing features like link previews and profiles in a privacy-preserving way. Don't understand how they go from that to this. Bonus of a response resembling a cover-up hand waving away the criticism + blocking people with legitimate questions/concerns.
1
3
12
A weak PIN was fine for the registration lock feature, but it doesn't work well as a way of deriving a meaningful encryption key. Adding a way to opt-out doesn't change that they encourage doing this and it looks like you won't be able to just set a registration lock like before.
2
1
11
Replying to
It's flawed by design. If the UX generated a strong passphrase (seed phrase) and gave you it to deal with that would be fine, and they wouldn't have a use for SGX since it would be strong encryption. Perhaps just share the existing backup key which is already designed that way...
1
It's not a security bug. They intend it to be this way. I don't see a reason to contact them. It's clear from being blocked by for this tweet twitter.com/DanielMicay/st that my carefully considered thoughts on it aren't welcome. I'm not going to contact them about anything.
Quote Tweet
Replying to @chrisrohlf @signalapp and @moxie
Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.
1
1
I didn't even add to that tweet. I was replying to and just didn't remove what Twitter had added based on who had been previously mentioned. It wasn't supposed to be a message to them.
1
1
In fact it seems rude to remove someone from a thread who is mentioned when it involves their work. I'd look on that suspiciously since it would feel like trying to stop them from seeing the conversation so they can't counter what I'm saying if they actually disagree with it.