Credential minimization is desirable and good security practice, otherwise users just write them down. Sure, if you *really* want an app-level PIN every time you switch to an app you can implement that with crypto, but *nobody* wants that for a messaging app.
-
My point is that you don't know people's use cases and threats. I don't have Signal on my desktop computer. If I had a girlfriend it would be completely unreasonable to close youtube and log out to go to the kitchen so that she could log into her account and play another video.
You should try modern operating systems, they let you log in as two different users at the same time. What *is* completely unreasonable is for every app to implement invariably broken, half-assed lockouts in case someone wants to stop their girlfriend from using that app.
-
-
Anyway, I'm tired of arguing here. The OP implying Signal is doing something wrong by not sprinkling extra encryption on local storage on a desktop OS is dumb. If you want shitty broken "protections", find someone who *isn't* well versed in solid security to write them for you.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Signal is marketing itself as a secure messenger, it's not too musk to ask that it doesn't log every conversation in plaintext. I don't want to log in as two users at the same time, I want things to be easy and secure enough.
-
You need to accept the fact that what you're asking for just isn't possible on a desktop OS, while keeping usability and real security, without user separation.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.