there are a number of foot-guns in Signal that work like this. Secure backups require setting a master password with signal. Securing against SIM attacks requires setting another pin.
These are usability/security problems that only exist because Signal doesn't want new accounts to require a password.
But in order for those accounts to protect against data loss and prevent sim jacking, they have to set passwords anyway. All we've done is made the defaults worse.
foxyoreos (they/it) (🔞)
npub16d…lnu6d
2025-06-05 02:01:57 UTC
in reply to nevent1q…9kvd
Author Public Key
npub16dhuhhnrc6ps0acrnpk6tugrrt6m5z8hlqdh8sxzzd86a09jksns5lnu6dSeen on
wss://relay.momostr.pinkPublished at
2025-06-05 02:01:57 UTCEvent JSON
{
"id": "959554886c88d6bc9c12d1a964182c759a964cea214889854fb3bf2760bcccf3",
"pubkey": "d36fcbde63c68307f703986da5f1031af5ba08f7f81b73c0c2134faebcb2b427",
"created_at": 1749088917,
"kind": 1,
"tags": [
[
"p",
"77db4337bbe5a6a8f281c8326a1865942666b53325d16c10a7b491775a906110"
],
[
"e",
"09f0141b2722dc367b2382927b4d58a151a192d868a0a4e9a0ed51a6436a1141",
"",
"reply",
"d36fcbde63c68307f703986da5f1031af5ba08f7f81b73c0c2134faebcb2b427"
],
[
"proxy",
"https://gulp.cafe/@foxyoreos/114628291272184577",
"web"
],
[
"content-warning",
"signal critique"
],
[
"e",
"5ab56b60a648495158517e55736b80a3878f7eb2cbaef919cff3a183374289d6",
"",
"root",
"a32ef24bb7a1ef3752e84e42c4a6701c1c1158af93001efea85695818d521d14"
],
[
"p",
"a32ef24bb7a1ef3752e84e42c4a6701c1c1158af93001efea85695818d521d14"
],
[
"p",
"d36fcbde63c68307f703986da5f1031af5ba08f7f81b73c0c2134faebcb2b427"
],
[
"proxy",
"https://gulp.cafe/users/foxyoreos/statuses/114628291272184577",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://gulp.cafe/users/foxyoreos/statuses/114628291272184577",
"pink.momostr"
],
[
"-"
]
],
"content": "there are a number of foot-guns in Signal that work like this. Secure backups require setting a master password with signal. Securing against SIM attacks requires setting another pin.\n\nThese are usability/security problems that only exist because Signal doesn't want new accounts to require a password.\n\nBut in order for those accounts to protect against data loss and prevent sim jacking, they have to set passwords anyway. All we've done is made the defaults worse.",
"sig": "f4a0e6a73e01935765f3b3778f51ccce179208d4e7eedfa64f624f7c35cdad239ab2e6d5c98d95a47e80e9ee3ecf302d6d536efd9712baf90e04768ab551c64a"
}