[Austiiiiii]

There's a new feature to sync old messages that seems like it could potentially make that attack vector ten times worse:

https://www.bleepingcomputer.com/news/security/signal-will-l...

Would a malicious URL be able to activate this feature as part of the request?

[inor0gu]

Probably not, in any normal case a secondary device shouldn't have that kind of authority to dictate.

It is more concerning if the toggle is on by default and then you carelessly press next (on this or some other kind of phish).