
Pins now optional in Signal v3.13.1 - christefano
https://www.reddit.com/r/signal/comments/hrlmoe/pins_now_optional_in_signal/
======
java-man
Once shared, the data remains in the signal servers, accessible to anyone with
subpoena. Even if there will be an option to turn it off, the damage is
already done.

Or may be I am missing something?

~~~
0-_-0
>accessible to anyone with subpoena

I assume it's encrypted.

~~~
kingemer
Well, it is encrypted with a pin. Unless you make a long pin or switch to
optional alphanumeric, the contact list is just protected by SGX and a short
pin.

The SGX works like the iPhone auto-wipe. But it is in an online service with
lots of juicy data in one place, so the target is bigger. A vulnerability
could leak your contact list.

