
Signal PINs - aendruk
https://signal.org/blog/signal-pins/
======
bsdubernerd
Sigh. What about fixing backups so that I don't need this?

There is always something absolutely odd with Signal. The obtuse insistence in
creating it's own vault makes it annoying to use to share media and to make
backups. Down to the built-in unusable camera app. I have almost everything
duplicated in/out of signal because of this. Huge space waste. What's the
threat model? Under the assumption that I can root the phone this is
pointless. But if I trust the sandbox it's also pointless. Anonymizing file
metadata in/out would have been more pragmatic, but pragmatism here is frowned
upon.

Remote contact discovery: technically impressive. I would have gladly opted
out though to remain anonymous to some contacts that have my number. Yeah,
that's the real "privacy" bit which is worth 10 times this PIN debacle.

I'm still bound to use a phone number which I _don't_ really care about even
just to use the desktop version (ahaha, _desktop_ , yeah.. _cough_ ).

When I saw the PIN prompt for the first time I realized the money injection
was giving its first fruits. I gave matrix a first good try. Finally I can
choose from a plethora of clients, run my own server if needed.

The setup though is still not dumb-proof as signal (which is why I tolerated
all the issues with signal so far), and the phone clients I've tried are not
as polished.

That being said, when I mentioned PINs I managed to convert most my tech
contacts to matrix within a week. The real question is whether the other ones
will stay, jump over, or just go back to whatsapp (which they never removed).

~~~
izacus
I just had to restore backups on my phone (previous got broken) and it's such
a disaster of usability that it makes use of GPG easy.

1.) You only get to see the backup password ONCE. They create it for you, it's
a giant bunch of numbers written in columns. They show you that the FIRST time
you enable backups, which might be years away from the time you need them.

2.) After they dump the backup, they just throw it in a preset folder on
Android flash. You need to find a way to get it off the device yourself (good
luck if the device broke). No help with transferring to another device, no
Android beam support, nothing.

3.) After you somehow manage to get the file to another device, there's no
help at restoring it either. You need to put it EXACTLY in the right
directory. They don't tell you which. Even after that, the app will not pick
up the backup. There's no "Restore backup" button or option. You need to KNOW
that you have to destroy all existing app settings by clearing data and then
it'll attempt a restore.

4.) When it attempts to restore, it presents you an input field that's flat
text entry and is NOT organized in original columns. You need to guess the
order of columns in which you need to enter the 30+ digits. If you fail...
well, try again!

5.) If you switch from iOS to Android then you're SOL because iOS people don't
deserve to have their conversations preserved.

It feels like the authors of the app never had any meaningful conversations
they'd like to remember in the future. It feels like the same mindset which
made some security people implement nonsensical policies like "you need to
change to a new 16 char password every week without duplication for a year" on
Active Directory. A mind set which thinks that badgering you for PIN every
week accomplishes anything but a wish to install WhatsApp. A mindset, which
does significantly more harm to security than good. A mindset, which bogged
proliferation of encrypted communication for years until corporations took it
away. And that's sad.

~~~
vinay427
> You only get to see the backup password ONCE. They create it for you, it's a
> giant bunch of numbers written in columns. They show you that the FIRST time
> you enable backups, which might be years away from the time you need them.

You can create a new backup if you forget or lose the encryption key, and
considering it creates them periodically this doesn't even serve as an extra
inconvenience for me. I don't see an obviously better alternative for creating
an encrypted backup. Why would a password repeatedly be shown to a user?

~~~
izacus
How do you recreate the key on a broken phone?

Also, the dialog showing the code doesn't allow copying or provide any easy
way of saving it somewhere. Which makes is very unlikely that many users will
successfuly store it.

Also the backup itself has no support of syncing anywhere. Your phone fell out
of your pocket? Well, say goodbye of all the pictures of your nephew.

Pretty much every layer of this process is very user-hostile and provides
practically no help for the user to have effective and secure backups.

~~~
vinay427
> How do you recreate the key on a broken phone?

What you're looking for appears to be an unencrypted backup, which has clear
security implications that Signal (quite reasonably, in my opinion) chose to
avoid given that it is storing a file on your local device memory. Honestly,
if you don't want to keep track of an encryption key and still want to retain
your message history, maybe you don't care that much about your messaging
privacy (which is fine). There are plenty of apps that serve this use case.

> Also, the dialog showing the code doesn't allow copying or provide any easy
> way of saving it somewhere. Which makes is very unlikely that many users
> will successfuly store it.

Again, I think this is a conscious choice. Their design decisions appear to
work well for those who don't know much about technology but still want a
private messaging platform. Allowing unsafe key storage methods instead of
(for example) writing it down on a piece of paper might encourage users to
take that easier route and Signal wants to lean towards privacy even if that
means losing message history.

> Also the backup itself has no support of syncing anywhere. Your phone fell
> out of your pocket? Well, say goodbye of all the pictures of your nephew.

I agree that this can make things complicated, but based on the comments here
a good number of users don't want a cloud storage solution and would prefer to
lose their messages. In any case, this is easy to work around because a
Android allows for decent file management, so any one of the hundreds of file
sync apps can work for you here.

------
s0ss
This is all well and good. But the forced/unsilenceable pin reminders seems a
bit obtuse to me.

[https://support.signal.org/hc/en-
us/articles/360007059792-Si...](https://support.signal.org/hc/en-
us/articles/360007059792-Signal-PINs)

"Can I turn off these reminders?

    
    
        It is important to memorize your PIN, and the reminders cannot be disabled. We cannot recover your PIN if you forget it.
        You will see the reminders less frequently if you consistently enter your PIN correctly. The reminders will become more frequent if multiple attempts are necessary."

~~~
atestu
I agree. Shouldn't you put your PIN in a password manager anyway?

Why call it a PIN and not a password to begin with? Is there a difference I'm
missing?

~~~
toomuchtodo
Same reason iPhones support PINs. It’s easier for the user, and provides some
level of protection versus nothing.

If it’s not user friendly, the user will defer to convenience over security.
Signal PINs do support alphanumeric strings FYI.

If you have a password manager, use a string. If not, a PIN works just fine.

~~~
emerongi
It seems alphanumeric PINs are allowed now. At least on iOS, I do get the
option to change the PIN to an alphanumeric one.

The whole PIN thing has changed quite a bit in the past 6 months or so.

------
mapgrep
I've been using Signal PINs for a long time to lock the app to my SIM card and
unfortunately they are a real pain. This sounds exactly the same.

First off the app is incessant about asking you to enter your PIN to prove you
know it; this prompt is supposed to get less frequent and I suppose it does
but is still way too frequent. Some of us are competent at storing secrets in
a password manager and this is like a punishment for us because it can easily
take several minutes to go retrieve the strong password, copy it, paste it in.

It actually reduced the security for me; I started out with maybe a 16 or 20
digit PIN and cut it to a smaller number of digits that I could memorize. (I
still haven't memorized them!)

There were also issues with Signal's implementation of the feature. I chose
quite a long PIN (>20 digits) at first for security only to find out later
from them that it was above the silently imposed limit. Later when I went to
verify the PIN it would not work because whatever silent truncation was done
when establishing the PIN was not re-performed on verification so it did not
recognize the PIN.

~~~
thanksforfish
I've found that tapping next to the registration lock PIN prompt will dismiss
it on Android. A "dismiss" button and a "don't ask me again, I won't lose
this" checkmark would make much more sense to me.

~~~
tialaramex
> "don't ask me again, I won't lose this"

This option should be labelled according to the reality rather than people's
wishful thinking

"Don't ask me again, when I lose this I am OK with losing the account and
messages"

There's probably a pithier way to express that we could get into the common
lexicon as I foresee it being useful in many places. Maybe we can just label
it "Yolo!" ?

~~~
fao_
I mean, for a start the messages are stored locally, it doesn't protect the
messages server-side, because they are never stored on the server. All the pin
does is keep the server-side data, i.e. your address book and conversation
information, safe.

Secondly, outside of encryption, _it should not be Signal 's job to enforce
whether a logged-in user of a phone can see that user's content_. It is _the
operating system 's job_ to enforce user-level security, and users of Signal
are unlikely to keep their phones without a pin, fingerprint, or other level
of authentication.

The fact that you cannot turn off the option to lose all your messages when
you lose a pin that you have been _forced_ to set is horrific for those of us
that rely on conversation history as a memory aid, and is precisely the reason
why I have refused to set a pin.

~~~
msh
Well most mobiles don't offer multi user and phones are often loaned
temporarily to other people. For example for kids to play on.

~~~
fao_
Android 9 and 10 has multi-user.

And if you take into account the "lending phones to kids" scenario it gets
_worse_ because that just means that when your 4yro kid gets your phone they
can irrecoverably delete all your messages, simply by playing around with it.

------
tguedes
I don’t want my messages to be stored anywhere other than on my phone. I hate
when companies push this bullshit on you. I keep on getting reminders to set a
pin and I can’t turn it off.

I think one of the issues with software is that because it’s infinitely
extensible, people just add more and more features, they don’t know when to
stop. So they keep pushing features that satisfy 10% of their users to the
detriment of the 90%. Slowly the app becomes bloated and extremely confusing
to use.

~~~
sneak
The 90% want their message history synced across devices.

~~~
themihai
yeah, across devices not across the world. What stops your devices being
synchronised over lan/wifi network?

~~~
sneak
The cryptographic problem of device authentication is the same whether across
the room or the planet.

~~~
Multicomp
Then establish a handshake between two devices that you want to trust each
other in the same way that you add syncthing devices.

If they still want to use a pen then there should be an option if it is an
alphanumeric string to check a box that says this is managed by a password
manager don't remind me for at least 6 months.

------
ludocode
I'm extremely disappointed about how this Signal PIN rollout has been handled.
Signal refused to let me view my received messages until I created a PIN. I
filed a bug report about it [1]. I don't know if I was just caught in an A/B
test or what because it hasn't happened to all of my Signal-using friends but
it happened to me.

I don't understand why it isn't just optional. They claim they want to protect
my Signal data stored in the cloud. I don't want my data stored in the cloud.
I want them to store nothing. I don't care about their Intel SGX whatever
because I don't want to have to trust their servers in the first place.

Cloud storage is a complete non-starter for me. I started my company to get
away from cloud storage [2]. The fact that they are forcing this on their
users is making me seriously consider dumping Signal. I just don't know if
there are any sane alternatives.

[1]: [https://github.com/signalapp/Signal-
Android/issues/9632](https://github.com/signalapp/Signal-Android/issues/9632)

[2]: [https://homefort.app/](https://homefort.app/)

~~~
moxie
Right now if you re-install Signal on your device, you lose all your messages.
That's already a very bad user experience, but imagine how much worse it would
be if you lost your entire address book in that moment as well.

Right now that's not a problem because your social graph is in the address
book on your phone, and isn't managed by Signal. This is one of the primary
reasons that Signal uses phone numbers for addressing: it leverages an
existing user-owned and user-managed social graph. However, what we've
repeatedly heard from users is that they don't want addressing to be based
exclusively on phone numbers for a variety of reasons.

If we're not using that social graph, then where does the Signal-specific
social graph live? For every other app in the world, the answer is that it
lives in a server-side plaintext database. Snapchat, WhatsApp, Telegram,
Matrix, Wire, FB Messenger, Skype, etc etc... they're all just storing your
entire social graph in a plaintext database (along with a bunch of other
stuff, like your groups, profiles, etc).

Given the way that technology has developed (devices are fundamentally
designed for a world of clients and servers), it's probably not possible for
us to build something that makes no use of servers. Instead, we've focused on
building something that doesn't store or transmit any sever-side plaintext.

For instance, when you set your Signal profile name and avatar, that lives "in
the cloud" so that other Signal users can retrieve and display it. But it's
encrypted ([https://signal.org/blog/signal-profiles-
beta/](https://signal.org/blog/signal-profiles-beta/)), so only your contacts
can see it (not us).

With Signal Private Groups ([https://signal.org/blog/signal-private-group-
system/](https://signal.org/blog/signal-private-group-system/)), again we have
to store data "in the cloud," so that there's a canonical data source for
group management, but again all of the contents are encrypted so that only
group members can see it (not us).

In this case, we're using Secure Value Recovery to ensure that a future
addressing scheme that's not based on phone numbers is available across app
reinstalls, phone switches, phone loss, etc. We could have just done what
every other consumer messaging app in the world has done (store it in
plaintext on the server), but we built this instead. It is the most user-
friendly option that we could conceive of while still being privacy
preserving, and took a lot of engineering work.

We're going to keep looking at all the feedback we've gotten, though, to try
to make it the best experience we can.

~~~
wl
> Right now if you re-install Signal on your device, you lose all your
> messages. That's already a very bad user experience, but imagine how much
> worse it would be if you lost your entire address book in that moment as
> well.

How about letting people back this up? There's no way to do this on iOS or in
the desktop app. You're solving a problem of your own making with a solution
your core audience of privacy conscious users does not want.

~~~
fao_
I'm not sure why you're being downvoted? Backups are an essential feature of
chat apps, and it seems pretty sane that a lot of Signal users _don 't want_
any information stored in the cloud, _full stop_.

------
y7
I like the security-mindedness of Signal, but some of their choices baffle me.
They go through all this trouble to create an encrypted cloud storage, which
many people in the target audience of Signal do not want, while not even
giving iOS users the simple option of creating an offline backup of their
messages (in fact, they actively disable this option). This issue has been
open for more than four years [1] and even has a $1000 bounty [2].

1: [https://github.com/signalapp/Signal-
iOS/issues/967](https://github.com/signalapp/Signal-iOS/issues/967)

2: [https://www.bountysource.com/issues/28598496-message-
export-...](https://www.bountysource.com/issues/28598496-message-export-
backup)

------
JoshTriplett
I'm looking forward to hearing how they plan to prevent brute-forcing of
these. A physical hardware device can wipe keys after a certain number of
failures.

I definitely look forward to the ability to move Signal forward to a new
device without losing all logs, and the ability to use Signal without tying it
to a phone number.

~~~
kijiki
Basically, SGX:
[https://github.com/signalapp/SecureValueRecovery](https://github.com/signalapp/SecureValueRecovery)

The enclave is hardened against Spectre and LVI with this (BOLT/LLVM based),
and other techniques:
[https://github.com/signalapp/BOLT](https://github.com/signalapp/BOLT)

The last build step before signing is a verifier that checks that there are no
missed mitigations, built using Intel Xed, to try to avoid potential missing
mitigations due to an LLVM or BOLT bug.

~~~
JoshTriplett
I'm familiar with Signal's usage of enclaves. The case I'm wondering about is
what happens if someone seized (or surreptitiously accessed) Signal's servers,
ran the unmodified enclaves, but fed in different PIN requests to those
enclaves in a brute-forcing attempt. What prevents that?

~~~
ccktlmazeltov
if it's anything like what other big players are doing: the attempts are
limited and the code will destroy its knowledge of the key once you reach this
limit.

Looking at the code quickly I see that nothing is documented and it's not
clear what code gets executed there. So good luck understanding what they're
doing. But it seems to be using Raft, probably to bring several HSMs to
consensus on what's the state of the number of attempts. And it does seem to
erase stuff if you reach some threshold of attempts:
[https://github.com/signalapp/SecureValueRecovery/blob/00d023...](https://github.com/signalapp/SecureValueRecovery/blob/00d023abcaf16d7ea664f9e6f1dd8b2aff4da915/enclave/kbupd_enclave/src/service/replica/partition_data.rs#L518)

My follow up question is: what prevents someone from destroying your account's
backup key by entering wrong PINs for your account?

~~~
kijiki
That isn't quite how it is implemented, there are no HSMs, we use SGX for that
function instead. See my reply to Josh's follow up for details.

You need a random id not the phone number, so other users can't do guesses
unless they get that random id somehow. The ID is stored on the phone, and if
you lose it, when you reinstall Signal, the signal server will give it to you
after SMS phone # verification.

A sim-jacker could nuke your key, but that seems like a lot of work for
griefing. Signal of course, has the plaintext random id, so they could nuke
your backup, but there are tons of ways Signal can DoS attack their own
service. Stopping paying for the servers, for one.

------
aendruk
Don't miss:

> PINs will also help facilitate new features like addressing that isn’t based
> exclusively on phone numbers

~~~
ojizero
I dunno but for example Wire does implement addressing without giving phone
number optionally if you sign in with an email and a password, which makes me
less convinced of the necessity of forced PINs in this style to enable such
cases (which should be optional in the first place). Same thing with syncing
across devices which requires you opt in to add email/password combo to enable
those features.

~~~
moxie
They store your social graph in plaintext on their servers.

~~~
ojizero
The point I was trying to make was more on how Wire made the whole password
situation optional, I am aware of the conversation name and creation date
being stored but that's an issue depending on the threat model for each user.

The main issue I see is with the intrusiveness of how Signal PINs are handled
by the UI, this will only work to alienate users or encourage writing simple
PINs that make them weak to use! It would've been much better had it been
treated as a fully opt in feature and PINs treated more as passwords, without
the constant bombardment of reminders to input it.

This can be placed behind a "sync" option for example and enabling it opens a
dialogue explaining the need for password, from there it's up to the user to
enable sync and in doing so they have to set a password like normal services.

That's just my 2 cents ¯\\_(ツ)_/¯

------
LukeShu
That's kinda weird timing. Signal's been asking me for a PIN for about 2 weeks
now. Did Aurora screw up and give me an early version? Or did they just roll
this out to users weeks ahead of publishing an announcement?

~~~
genpfault
> Signal's been asking me for a PIN for about 2 weeks now.

And my copy started preventing me from using it entirely yesterday with a
full-screen un-dismissable popup[1] :(

[1]:
[https://i.redd.it/4sip5dcw9iy41.png](https://i.redd.it/4sip5dcw9iy41.png) [2]

[2]:
[https://www.reddit.com/r/signal/comments/giw4if/the_signal_p...](https://www.reddit.com/r/signal/comments/giw4if/the_signal_pin_screen_blocking_the_user/)

~~~
marssaxman
I just got the nag-alert a couple days ago. I don't really want to set a PIN,
so I have been ignoring it. If they are going to force us all into the new
system, maybe it is time to stop putting up with Signal's constant forced-
upgrade treadmill and find some other means of secure communication.

------
secfirstmd
"As we move to support additional features the Signal community has asked for
– like addressing that isn’t based on phone numbers"

This is awesome. So important for people at risk like the human rights
defenders, journalists, legal, LGBTIQ people we work with. Great to see Signal
looking at this.

------
Ansil849
The way the Signal PIN feature implementation has been handled by the Signal
team is extremely disappointing.

The blog post completely fails to explain why this feature is mandatory, and
why users are now locked out of being able to view their messages until they
setup a PIN. The Signal app has now essentially taken all messages hostage,
and users are unable to access messages until they create a PIN.

I am a huge proponent of Signal, but this is unacceptable behavior.

~~~
binarysneaker
Completely agree. My wife showed me her phone the other day and asked "what's
this PIN nonsense in signal", which I hadn't seen yet. The messaging, UI and
overall UX missed the mark. What happened, Signal??

------
aoeuhtns
Don't understand the negative comments here and on their subreddit... Secure
Value Recovery and the associated PIN seems like an advance in the state of
the art -- nobody else seems to do this. All users have to do is remember a
few numbers.

I find it surprising that many users got so upset by the software asking them
to set a password that they removed the app... seems a bit extreme. I guess if
it was part of a "sign-up" flow, people would have been primed for it... But
even then, it takes like just a minute to do it? /shrug

~~~
TheChaplain
Another number?

I have a pin for my sim-card, a pin for the phone encryption, pins for each of
my 4 credit cards, a pin for the office door, a pin for my work phone, a pin
for the computer smart-card login..

I'm very fine with not having a pin for Signal.

------
Y-bar
> Currently, that also happens to mean that if your hands accidentally lose
> your phone to the toilet, your information in Signal is lost along with it.

Duh. Because they explicitly disable backups.

------
zeveb
This really worries me: now the safety of my data hinges on Intel's remote
attestation and a password I can remember.

~~~
MattGaiser
> and a password I can remember.

This is going to be the reality of any data system which you want to have
complete control over. I suppose it could also be a complex key you instead
keep on your drive, but that has risks as well.

~~~
RL_Quine
The previous status quo was that nobody had the data other than your device.

------
AdmiralAsshat
I've already got a passphrase on my Signal app. Why do I also need a PIN on
top of that?

If it's supposed to be an _easier_ alternative to a passphrase, then okay, but
stop showing me the freaking notification to setup a PIN...

~~~
ViViDboarder
You mean the pre-existing “Registration lock” feature? I think they are using
the same pin. I’ve had that set for years and I’ve been getting pin reminders
for the last several months and I now see “Change your PIN” in my settings.

~~~
balladeer
I have only set a reg lock pin. I never set any other pin. Then I uninstalled
the app. Now when I installed it again today it is asking me for a PIN and the
only PIN on Signal I have set was a reg lock pin which is not being accepted.

I remember the PIN and it's also stored in BitWarden and KeePass. Now I am
locked out.

------
whycombagator
If I set up a PIN and decide I no longer want one (or what it entails) - how
do I undo that decision? Or is it strictly opt-in without a way to opt-out
after the fact?

~~~
ahmedalsudani
I think you can change it as long as you still have access to your phone

------
renewiltord
I use both Signal and WhatsApp. Honestly, only use the former to communicate
with my friends who insist on using Signal. Found this PIN nonsense annoying
but who really cares. Ultimately, I have to contact these friends so I'll jump
through their hoops till the hoops make my friends leave.

------
davewood
My signal app simply started crashing on my LineageOS powered phone. Pretty
much at the same time the PIN update was rolled out. The app never starts, it
always crashes on startup.

~~~
davewood
if you have the same issue waiting for signal 4.60. might be the way to go.
Should be due to release soonish according to github issues.

------
pensatoio
After setting a pin, if I try to change it, I don’t have to enter the existing
pin? Something about this feels horribly wrong...

------
seemslegit
This is a periodic reminder that Signal's non-optional contact discovery
feature stands directly against their central value proposition and should
cause everyone to doubt their alignment.

------
DavideNL
Curious: So this PIN has to be stored on the Signal server?

Now lets assume most average (non-technical) users will simply type in/re-use
their smartphone pin (most of the people i know will do this.)

Would this mean if there's a data breach in the 'Signal cloud', their Pins
have now leaked onto the internet?

Doesn't seem like a great idea to store peoples Pin codes in a cloud... would
probably be better if they'd just called it a 'Signal password'. People would
not think about entering their smartphone PIN code that way.

~~~
zorked
Read the article before commenting.

~~~
DavideNL
I did. I assume you are referring to " _your PIN isn’t recoverable if you
forget it_ ". There's a difference between "not recoverable to a Signal user"
and "nobody is able to brute force it if they get access to the cloud data".

So what i'm curious about is, how can this be? If you have lost your device
(and thus all the keys stored in the signal app/phone), how can they store
just a single pin while at the same time being able to prevent it to be
recovered/brute forced (since it only has to be 4 digits)?

~~~
ikawe
> Signal PINs are based on [Secure Value Recovery], which we previewed in
> December, to allow supporting data like your profile, settings, and who
> you’ve blocked to be securely recovered should you lose or switch devices.

[Secure Value Recovery] [https://signal.org/blog/secure-value-
recovery/](https://signal.org/blog/secure-value-recovery/)

> All of this adds up to a secure enclave that limits the number of recovery
> attempts that are possible against a value synchronized across nodes in
> hardware-encrypted RAM.

------
27182818284
If you lose your phone and pin, how much does someone have to bruteforce to
recover your messages on a new phone?

Surely they'd have to do more work than iterate through a possibly as small as
4-digit key?

~~~
Jtsummers
If I understand the settings correctly (just opened Signal on my phone to
explore this), you can require the PIN for re-registering (like after losing a
device) and set up a 7-day lockout for failed PIN entries (not sure the number
of permitted failures before lockout). This would greatly reduce the speed of
brute force, though could also be used for a nice denial of service.

------
anoncake
This was bound to happen. Signal is a non-federated messenger controlled by a
single organization hostile to alternative clients. It isn't much better than
WhatsApp/Facebook.

------
NickBusey
[deleted]

~~~
vinay427
It sounds like it's on the roadmap. From the article:

> As we move to support additional features the Signal community has asked for
> – like addressing that isn’t based on phone numbers and chatting with
> contacts that aren’t saved in an address book – it means that more and more
> of this important supporting data can also be lost.

------
maxerickson
Do people that try to piss up a rope spend a lot of time complaining about
rope?

------
badrabbit
Why is signal so eager to make changes. It has been pestering me to create
profile names,I don't want that so I ignore it. That's just a small drop in
the bucket but why fix it isn't broken? Why not make things optional.

This b.s. is starting to remind me of the systemd crap lin Linux. I am at a
point where I prefere paid open source apps and services (with a free tier) so
the devs have incentive to listen to users.

It worked well a year ago,now they are ruinig it. I constantly have problems
with Signal where it takes hours at times to deliver the message and this
translates to real world problems and misunderstandings with people for me.
Just fix the bugs,make new features optional and opt-in unless you absolutley
have no choice.

------
eitland
_This post is about the UX, not about the crypto:_

Meanwhile on Telegram everything just works more or less as is has always
done.

If I click on settings I get a "menu" called "Passcode & Face ID". There's a
button saying "Turn Passcode On", and a help text saying: "Note: if you forget
the passcode, you'll need to delete and reinstall the app. All secret chats
will be lost."

While I personally have big questions around the encryption in Telegram I
think Telegram takes a much more effective approach towards making it
available: by default it is just a very good messaging application that is a
good replacement for Facebook Messenger and WhatsApp and almost everything
else except Signal.

On top of that it provides secret chats which are end to end encrypted (and
can also be set to automatically disappear), and an option for deleting all my
data if I don't log in within 1, 3, 6 or 12 months.

~~~
hawaiian
Except that I don't trust Telegram because they seem to ship a marketing-
first, cryptography-later sort of product. IIRC initially their "E2E
encryption" could be decrypted on the server. In contrast, Signal seems to put
strong encryption first.

~~~
seemslegit
There is no E2E encryption in Telegram for any reasonable definition of the
term.

~~~
eitland
This is plain wrong. I think even tptacek has become more careful about his
wording now.

There's a lot of problems around Telegram from their marketing to their crypto
implementation to their incentives.

But please stick to the facts.

~~~
seemslegit
Facts are that whatever e2e encryption telegram allegedly offers needs to be
invoked per-conversation as a 'secret chat' and is not availabe on dekstops,
normal conversations are ¯\\_(ツ)_/¯ -encrypted

