Amazing what a difference it makes when says it- suddenly it becomes completely reasonable and people start having conversations about mitigation:
reddit.com/r/privacytools
Literally, a year wasted and countless people put at risk for the sake of 's bloated ego.
Conversation
Respectfully, had anyone submitted a PR to the open-source Android app (github.com/signalapp/Sign) in that last year? I can find one from 5 days ago, but haven't found any PRs before that. No team is infinitely resourced and has to prioritize what they address and when. PRs help.
6
9
Greatly generalizing here, but while PRs may help, they can't be required before reporting vulns.
Also, I often won't submit a PR to open source projs because I fear it to be waste for them (I don't know their culture well enough to create one that passes social rules, &c)
3
3
I tweeted- I was blocked, others directed me to the Signal forum, I went to the forum- my posts were deleted- at that point you stop chasing people who have made it clear they won't listen.
2
8
My experience matches yours. I was blocked for engaging in constructive discussion where I questioned the reasoning and provided justifications for a few of the design decisions.
Quote Tweet
Replying to @moxie @RichFelker and 2 others
What's wrong with having it locally in the Signal app and relying on the same encrypted backup / restore feature as everything else? System contacts are also local data with the option to do backup / restore.
1
5
Quote Tweet
Replying to @moxie @RichFelker and 2 others
Backing up locally via SAF works fine. No need for the deprecated Storage permission. The app can request persistent access to a directory for backups and the user just chooses the backup directory via SAF and the app. Can't something similar be done on iOS via their equivalent?
1
2
Quote Tweet
Replying to @chrisrohlf @signalapp and @moxie
Hopefully as a toggle so that it's still possible to have a registration lock PIN without contact syncing, as it was before this was introduced. Most people are going to use the defaults so that's what really matters, and a user-generated PIN + SGX is not a secure approach.
1
2
Those 3 tweets led to being blocked. I was disappointed in their response to this controversy as a whole. They responded to legitimate criticism and questions from the community with justifications that didn't hold up to scrutiny. They blamed their design choices on iOS/Android.
2
3
I wrote twitter.com/DanielMicay/st as an overall summary of it after being blocked. Before then, I'd simply left a few replies deep in a thread.
Overall, my impression is that they aren't willing to stand behind these design decisions and resort to inaccurate claims + misdirection.
Quote Tweet
I've been a user and supporter of Signal for years. I've disagreed with various design decisions, but there has always been sensible reasoning behind their decisions based on facts and logic. I only used to disagree on certain priorities and had faith in them. No longer the case.
Show this thread
Such as blaming it on Android or iOS in a way that users without deep platform knowledge won't know any better.
I was already pretty put off by their response to these things before I was blocked for a couple inconvenient, legitimate questions.
I still recommend using Signal...
1
3
All I want is for them to stand behind design decisions. It's fine if they disagree with me about the best way to do it. I don't expect them to change it or debate it.
I don't think it's fine for them to tell people the OS prevents them from doing something that it doesn't.
1
2
Show replies