[Nextgrid]

The fact that the PIN is mandatory in Signal is annoying. I understand why it's there and the attacks it defends against, but most people just want Facebook to stop stalking them and don't worry about a dedicated, nation-state attacker targeting them, so the PIN here actually reduces overall security & privacy by introducing extra friction compared to malicious alternatives such as Facebook.

Same thing with backing up/restoring chat history. I guess there's a security argument to be made there, but it doesn't apply to most people. Are you leaking state secrets? By all means, crank all the security options to 11. Are you using it just to not have Zuck spy on your family conversations? Then bulletproof security doesn't matter that much and feel free to backup your chats.

[akvadrako]

I agree the pin is bad UX, but it isn't mandatory, it can be turned off in settings.

[dunefox]

Most people never look into the settings.

[teekert]

Yeah I agree, they'd be better off warning people that they loose many things if they switch device (most people only care about their groups I think), but that there is a way around this. It will, in comparison to other apps, constantly bother you about it though. I heard from several people who used Signal who don't care about what they'll loose, they do care about the pin nagging though.

Why you can just export to file, import on new device is also a mystery to me, I think that would be acceptable to people (combined with phone number validation).

[benhurmarcel]

I just wish it stopped doing spaced repetition exercises after you've gotten it right for months.

[cheph]

You can't have meaningful E2E encryption unless your private key is encrypted with a password that only you know. If the operator of the service has your un-encrypted private key then it is not clear in what way you have E2E encryption. And actually if you use a 4 digit pin it won't be of much use either.

[corty]

Encrypted private key isn't the purpose of signal's PIN. Signal's private key is actually used, discarded and possibly recreated quite nonchalantly by the application on your phone. The only purpose of the PIN is securing data that is stored on Signal's servers.

[johnchristopher]

> The only purpose of the PIN is securing data that is stored on Signal's servers.

Which is at odds with "signal doesn't store anything server side".

Choice of words, but it matters when building a narrative.

[corty]

"signal doesn't store anything server side" is false, plain and simple. Signal stores certain kinds of data server side, just not everything. And they do some SGX voodoo dance to maybe protect it: https://signal.org/blog/secure-value-recovery/

[csunbird]

I have not set any PINs.