Signal already had an encrypted backup feature with a strong key. It could be made more usable by using a seed phrase instead of presenting the user with a bunch of numbers. Having users select credentials, especially when they're encouraged to use a weak PIN is much worse.
Conversation
This Tweet was deleted by the Tweet author. Learn more
Replying to
No, I'm talking about the existing full encrypted backup feature which uses a strong app-generated key and presents it as a string of numbers. New PIN-based sync is currently only used for a few things like contacts, profiles & settings. Full encrypted backup support predates it.
1
They could make the full encrypted backup feature more usable by presenting the key as a seed phrase instead of a string of numbers.
BIP39 seed phrase is an example: 12 words for an 128-bit strength key and power users can set a passphrase in addition to the written seed phrase.
1
If they used the modern approach for storage access on Android instead of the deprecated approach, users could also choose to store the backups on the sync service of their choice. That's what this thread is about:
Quote Tweet
Replying to @moxie @RichFelker and 2 others
Backing up locally via SAF works fine. No need for the deprecated Storage permission. The app can request persistent access to a directory for backups and the user just chooses the backup directory via SAF and the app. Can't something similar be done on iOS via their equivalent?
1
The tweet from that I'm replying to there is strange. He's a very experienced Android developer. I'm also sure he knows Signal on Android has full local encrypted backup support via a strong app generated key. He must know Signal could ask the user for a backup directory.
1
SAF will open up the system file manager and have the user choose a directory for backups. They can choose to use an app-based storage provider like a sync service. That is absolutely not going away. What's deprecated is the Storage permission for requesting bulk home dir access.
1
This Tweet was deleted by the Tweet author. Learn more
Problem is I feel I was engaging in a polite and constructive way and got blocked by for this tweet: twitter.com/DanielMicay/st. I don't consider a weak PIN + SGX secure. UX encourages weak PIN. We all users don't choose good passphrases.
Quote Tweet
Replying to @chrisrohlf @signalapp and @moxie
Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.
1
This Tweet was deleted by the Tweet author. Learn more
Well, I'm confused, because he was actively responding to people who seemed to just want to dunk on Signal with weak criticisms but he doesn't acknowledge my questions / concerns. I use it, consider it the best (least bad?) option available and have promoted it to our community.
Didn't seem to want to acknowledge my questions / concerns though and ended up just blocking me. I wasn't even trying to message him in that thread, he was just tagged in it like this one unintentionally because the person I responded to did a mention. Don't really get it.
1
This Tweet was deleted by the Tweet author. Learn more
Show replies