| I did oversimplify their encryption scheme, but the issue is that in the end you still only need a pin to get the unencrypted data. I agree that if they'd been honest about passwords and the need for a strong one this wouldn't be as big an issue. It's because they were not honest that I don't think it's fair to expect their users (even the security nuts) to do it. Their target demographic will include whistleblowers and journalists who aren't necessarily all that tech-savvy. The strengths and weaknesses of SGX are debatable, I may lean on the pessimistic side, but as you say it impacts the security model of Signal users and to me that means they (and new users) should be clearly informed. The first line of their privacy policy says "Signal is designed to never collect or store any sensitive information." which is demonstrably false. As for opting out, unless something has changed they still store your data on the cloud, it's just handled differently: https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin... I don't know what options someone has after they've already created a pin, if there's a way to remove your data from the cloud, I stopped using signal before they forced the pin (back when you could still just ignore the notice) and getting real answers to these kinds of basic questions is way more difficult than it should be. This is, again, a service targeting very vulnerable people whose lives and freedom may be on the line. I was one of those Signal users who wanted them to move away from requiring a phone number too. That said, what I was looking for was something more like Jami. They managed to create a system with usernames and passwords but without phone numbers or accounts keeping your data in the cloud. I'm not shitting on Signal's efforts overall. A lot of great work went into Signal and I'm pissed I still haven't found a good replacement for it, but the changes they made hurt the security and safety of the people who depend on Signal. They are a massive intelligence target and I can't blame them for anything they were forced to do, and if their goal was to subtly drive people away by raising a bunch of red flags I thank them, but if this is their best effort at communication and building trust how charitable can they expect us to be when two years later so many of their users don't have a clear idea of what's being collected and stored or what that means for their safety? |