Pins now optional in Signal v3.13.1 (opens in new tab)

(reddit.com)

12 pointschristefano5y ago3 comments

3 comments

3 comments · 1 top-level

java-man5y ago· 2 in thread

Once shared, the data remains in the signal servers, accessible to anyone with subpoena. Even if there will be an option to turn it off, the damage is already done.

Or may be I am missing something?

0-_-05y ago

>accessible to anyone with subpoena

I assume it's encrypted.

kingemer5y ago

Well, it is encrypted with a pin. Unless you make a long pin or switch to optional alphanumeric, the contact list is just protected by SGX and a short pin.

The SGX works like the iPhone auto-wipe. But it is in an online service with lots of juicy data in one place, so the target is bigger. A vulnerability could leak your contact list.

j / k navigate · click thread line to collapse