I've been a user and supporter of Signal for years. I've disagreed with various design decisions, but there has always been sensible reasoning behind their decisions based on facts and logic. I only used to disagree on certain priorities and had faith in them. No longer the case.
Conversation
The recent controversy over the replacement of the registration lock PIN with a mandatory sync feature is a symptom of broader issues. The main issue I have with it is not their design decision but rather how they've presented it and responded to valid criticism and questions.
1
2
19
Signal already had an encrypted backup feature with a strong key. It could be made more usable by using a seed phrase instead of presenting the user with a bunch of numbers. Having users select credentials, especially when they're encouraged to use a weak PIN is much worse.
1
4
18
This Tweet was deleted by the Tweet author. Learn more
Replying to
No, I'm talking about the existing full encrypted backup feature which uses a strong app-generated key and presents it as a string of numbers. New PIN-based sync is currently only used for a few things like contacts, profiles & settings. Full encrypted backup support predates it.
They could make the full encrypted backup feature more usable by presenting the key as a seed phrase instead of a string of numbers.
BIP39 seed phrase is an example: 12 words for an 128-bit strength key and power users can set a passphrase in addition to the written seed phrase.
1
If they used the modern approach for storage access on Android instead of the deprecated approach, users could also choose to store the backups on the sync service of their choice. That's what this thread is about:
Quote Tweet
Replying to @moxie @RichFelker and 2 others
Backing up locally via SAF works fine. No need for the deprecated Storage permission. The app can request persistent access to a directory for backups and the user just chooses the backup directory via SAF and the app. Can't something similar be done on iOS via their equivalent?
1
Show replies