[illwrks]

The real issue here is a lack of proper risk controls around business processes involving money. Regardless of if it’s £3 for a coffee or £25m for a Secret acquisition there should be an agreed process that everyone involved in business transactions should be aware of so that if they are suddenly privy to a deal they can navigate and validate the authenticity of their involvement.

[legel]

This brings up an interesting “risk control” that one of my tech investors personally implemented with his family, in case a audio/video version of him ever asks to do anything crazy: secret passwords, agreed upon in person.

[XorNot]

Technically Signal solves this problem with safety codes.

The UI really could stand to be more assertive about what they mean though.

[GiveOver]

I notice every time somebody gets a new phone because it says "Your safety number with x has changed" but whenever I've spoken about it with friends, they have no idea what it means. An additional sentence could help here, such as "You might want to double check that you're really talking to x" or the classic "It's possible someone is doing something nasty". Although I understand that this would definitely scare a lot of people, maybe even push them into thinking Signal is insecure.

[graemep]

With £25m there ought to be at least two people required to authorise the transfer.