> You can add a registration lock that requires a pin that prevents that kind of takeover.
Note that this *expires* if the app is inactive for too long, which is one of the most baffling security decisions I've ever seen.
I think it's reasonable to say that Signal's defaults make it vulnerable to SIM swapping. If you have to teach critters how to secure an account, you're doing something wrong. That pin should be required by default, and should not expire.
foxyoreos (they/it) (🔞)
npub16d…lnu6d
2025-06-05 01:55:57 UTC
in reply to nevent1q…h3x5
Author Public Key
npub16dhuhhnrc6ps0acrnpk6tugrrt6m5z8hlqdh8sxzzd86a09jksns5lnu6dSeen on
wss://relay.momostr.pinkPublished at
2025-06-05 01:55:57 UTCEvent JSON
{
"id": "621675bb369b051435b43a55820720df3ce8691ecc97d9570025f70ab463295f",
"pubkey": "d36fcbde63c68307f703986da5f1031af5ba08f7f81b73c0c2134faebcb2b427",
"created_at": 1749088557,
"kind": 1,
"tags": [
[
"e",
"bf28a6ae545316d90e8fec163485523cea87621831feec0d49bd65222cbfeb58",
"",
"reply",
"77db4337bbe5a6a8f281c8326a1865942666b53325d16c10a7b491775a906110"
],
[
"proxy",
"https://gulp.cafe/@foxyoreos/114628267718256322",
"web"
],
[
"content-warning",
"signal critique"
],
[
"e",
"5ab56b60a648495158517e55736b80a3878f7eb2cbaef919cff3a183374289d6",
"",
"root",
"a32ef24bb7a1ef3752e84e42c4a6701c1c1158af93001efea85695818d521d14"
],
[
"p",
"a32ef24bb7a1ef3752e84e42c4a6701c1c1158af93001efea85695818d521d14"
],
[
"p",
"77db4337bbe5a6a8f281c8326a1865942666b53325d16c10a7b491775a906110"
],
[
"proxy",
"https://gulp.cafe/users/foxyoreos/statuses/114628267718256322",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://gulp.cafe/users/foxyoreos/statuses/114628267718256322",
"pink.momostr"
],
[
"-"
]
],
"content": "\u003e You can add a registration lock that requires a pin that prevents that kind of takeover.\n\nNote that this *expires* if the app is inactive for too long, which is one of the most baffling security decisions I've ever seen.\n\nI think it's reasonable to say that Signal's defaults make it vulnerable to SIM swapping. If you have to teach critters how to secure an account, you're doing something wrong. That pin should be required by default, and should not expire.",
"sig": "7f7a1440296c6fd318bb46fa1348eefc0b9c210c03bd0921377e0ca2b40c18372fe88cddd12c218d2933f4dfc8a0fa838661f622c3992fdd8182bb83f1895622"
}