[moxie]

> Still stupid, shouldn't they ask if I want that functionality?

It's kind of a difficult thing to ask. "Do you want this app to work like every other app in the world in the ways you've come to expect?" If people were to simply reinstall Signal and find that all of their contacts were gone, all of their groups were gone, all of their block lists were gone, etc... they'd almost certainly be surprised. It's not a behavior anyone expects.

Every other consumer messaging app in the world solves this by storing all of that information in plaintext on their servers. We're trying to do something privacy preserving instead, and have done a fair amount of engineering work to try to make it as frictionless as we possibly can.

If you have ideas for how we can achieve the same ends with less friction, we're definitely interested in the feedback.

> Not like it's going to be hard to brute force a user's PIN.

Check out this blog post for more information about the technology:

https://signal.org/blog/secure-value-recovery/

[fao_]

> "It's kind of a difficult thing to ask. "Do you want this app to work like every other app in the world in the ways you've come to expect?" If people were to simply reinstall Signal and find that all of their contacts were gone, all of their groups were gone, all of their block lists were gone, etc... they'd almost certainly be surprised. It's not a behavior anyone expects."

You could say:

"Hi there! Do you want to keep a backup of your conversation metadata locally, or via the cloud? The latter requires you to be badgered for a pin every day and lose all your data, even the information that the pin doesn't protect, if you lose it. The former allows you to backup to a file you can save on your computer, and store a password in your password manager!"

[stock_toaster]

I think calling it a PIN and asking for it so frequently is part of the problem. It certainly induces me to use a shorter one than I would otherwise like (since I keep having to enter it so often _right_ at the time I am trying to use the app).

Asking for it once at the time of a new registration, install, or a restore/reinstall would be far more preferable to me. Treating it more like a "filevault" key or an "encryption phrase/password", would certainly encourage me to use a much longer key and just put it into a password manager (and/or write it down and put it somewhere physically safe).

[joecool1029]

>It's kind of a difficult thing to ask. "Do you want this app to work like every other app in the world in the ways you've come to expect?" If people were to simply reinstall Signal and find that all of their contacts were gone, all of their groups were gone, all of their block lists were gone, etc... they'd almost certainly be surprised. It's not a behavior anyone expects.

I see a lame excuse.

Lets be real: Groups have never worked very well in Signal, so people use alternatives. It's been my experience that at some point it screws up and everyone has to delete the group and we start over again.

Contacts are stored by Apple, Google, Microsoft, and/or their work email provider for a large majority of the population. Only the minority using burners might care and they are likely already used to setting up lists every time they burn a device.

Put a checkbox in the app for: 'Store my blocklist and profile info in Apple/Google's backup system. This will share info with them'. Some users will want that, others won't. Quite a few people would like to have Signal's message backups included in an offline iOS backup, their complaints have fallen on deaf ears. Stop pontificating and give the option. It was a bigger compromise on your end creating a Signal Desktop app than it was to provide an option to include message exports in an encrypted backup.

Say what you will about Telegram, they made a much more reasonable compromise with their 'secure messaging'. This feature is not in their desktop apps as the attack surface of a desktop/laptop is too large. Secure chats instead focus on ephemerality and are torn down after completion. It's a more realistic threat model.

>Check out this blog post for more information about the technology:

Ah yes, the complex technology that relies on the insecure broken thing from Intel: https://arstechnica.com/information-technology/2020/03/hacke...