top | item 23245156

(no title)

ojizero | 5 years ago

The point I was trying to make was more on how Wire made the whole password situation optional, I am aware of the conversation name and creation date being stored but that's an issue depending on the threat model for each user.

The main issue I see is with the intrusiveness of how Signal PINs are handled by the UI, this will only work to alienate users or encourage writing simple PINs that make them weak to use! It would've been much better had it been treated as a fully opt in feature and PINs treated more as passwords, without the constant bombardment of reminders to input it.

This can be placed behind a "sync" option for example and enabling it opens a dialogue explaining the need for password, from there it's up to the user to enable sync and in doing so they have to set a password like normal services.

That's just my 2 cents ¯\_(ツ)_/¯

discuss

No comments yet.