Amazing what a difference it makes when says it- suddenly it becomes completely reasonable and people start having conversations about mitigation:
reddit.com/r/privacytools
Literally, a year wasted and countless people put at risk for the sake of 's bloated ego.
Conversation
Respectfully, had anyone submitted a PR to the open-source Android app (github.com/signalapp/Sign) in that last year? I can find one from 5 days ago, but haven't found any PRs before that. No team is infinitely resourced and has to prioritize what they address and when. PRs help.
6
9
Greatly generalizing here, but while PRs may help, they can't be required before reporting vulns.
Also, I often won't submit a PR to open source projs because I fear it to be waste for them (I don't know their culture well enough to create one that passes social rules, &c)
3
3
I tweeted- I was blocked, others directed me to the Signal forum, I went to the forum- my posts were deleted- at that point you stop chasing people who have made it clear they won't listen.
2
8
My experience matches yours. I was blocked for engaging in constructive discussion where I questioned the reasoning and provided justifications for a few of the design decisions.
Quote Tweet
Replying to @moxie @RichFelker and 2 others
What's wrong with having it locally in the Signal app and relying on the same encrypted backup / restore feature as everything else? System contacts are also local data with the option to do backup / restore.
1
5
Quote Tweet
Replying to @moxie @RichFelker and 2 others
Backing up locally via SAF works fine. No need for the deprecated Storage permission. The app can request persistent access to a directory for backups and the user just chooses the backup directory via SAF and the app. Can't something similar be done on iOS via their equivalent?
Quote Tweet
Replying to @chrisrohlf @signalapp and @moxie
Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.
1
2
Those 3 tweets led to being blocked. I was disappointed in their response to this controversy as a whole. They responded to legitimate criticism and questions from the community with justifications that didn't hold up to scrutiny. They blamed their design choices on iOS/Android.
2
3
Show replies



