[cheph]

You can't have meaningful E2E encryption unless your private key is encrypted with a password that only you know. If the operator of the service has your un-encrypted private key then it is not clear in what way you have E2E encryption. And actually if you use a 4 digit pin it won't be of much use either.

[corty]

Encrypted private key isn't the purpose of signal's PIN. Signal's private key is actually used, discarded and possibly recreated quite nonchalantly by the application on your phone. The only purpose of the PIN is securing data that is stored on Signal's servers.

[johnchristopher]

> The only purpose of the PIN is securing data that is stored on Signal's servers.

Which is at odds with "signal doesn't store anything server side".

Choice of words, but it matters when building a narrative.

[corty]

"signal doesn't store anything server side" is false, plain and simple. Signal stores certain kinds of data server side, just not everything. And they do some SGX voodoo dance to maybe protect it: https://signal.org/blog/secure-value-recovery/