This is a good thread.
-
RE: https://mastodon.world/@signalapp/116478659183004819
This is a good thread. I like how carefully they take responsibility for where they could have done better, and at the same time very clearly state what isn't a problem with Signal.
Like, it's both very true that a phishing attack against Signal users isn't a vulnerability with Signal, and that given the high value of Signal accounts, they can and should do more to proactively resist phishing attacks. They don't let either one of those truths overshadow the other, and good on 'em.
-
Like, it's both very true that a phishing attack against Signal users isn't a vulnerability with Signal, and that given the high value of Signal accounts, they can and should do more to proactively resist phishing attacks. They don't let either one of those truths overshadow the other, and good on 'em.
@xgranade if I understand the attack correctly, it would not have been possible if they hadn't un-coupled Signal accounts from phone numbers a while back
-
Like, it's both very true that a phishing attack against Signal users isn't a vulnerability with Signal, and that given the high value of Signal accounts, they can and should do more to proactively resist phishing attacks. They don't let either one of those truths overshadow the other, and good on 'em.
@xgranade
it kinda is an issue with #signal tho.they've been training users to fall for re-register #scams by constantly prompting users to re-enter your #PIN (and the PIN is only necessary because phone numbers are used for sign-up).
#signal are good at #victimblaming whenever there's a security incident.
-
@xgranade
it kinda is an issue with #signal tho.they've been training users to fall for re-register #scams by constantly prompting users to re-enter your #PIN (and the PIN is only necessary because phone numbers are used for sign-up).
#signal are good at #victimblaming whenever there's a security incident.
they've been training users to fall for re-register #scams by constantly prompting users to re-enter your #PIN (and the PIN is only necessary because phone numbers are used for sign-up).
No, the PIN is required to reacquire the account if you lose all connected devices. If they used any other unique identifier as the account handle, the PINs would still be required.
-
they've been training users to fall for re-register #scams by constantly prompting users to re-enter your #PIN (and the PIN is only necessary because phone numbers are used for sign-up).
No, the PIN is required to reacquire the account if you lose all connected devices. If they used any other unique identifier as the account handle, the PINs would still be required.
@david_chisnall @xgranade
yes, exactly: #PIN is needed to reaqcuire your account — using your #phonenumber! — because without PIN, #signal account data would be vulnerable to #SIMswapattack, right? -
@david_chisnall @xgranade
yes, exactly: #PIN is needed to reaqcuire your account — using your #phonenumber! — because without PIN, #signal account data would be vulnerable to #SIMswapattack, right?Without the phone number, you'd still need a mechanism for authenticating new devices, which would be a password or a PIN. With the phone number, the first step is there for you and the PIN is defence in depth, without it you still have the same problem.
-
@david_chisnall @xgranade
whatever #signal's reasons are for badgering users for a #PIN, it's clearly a design choice they made, because other secure messengers don't do this.and clearly this design choice has some harmful consequences, which i don't think it's fair of them to just #victimblame away.
-
@david_chisnall @xgranade
whatever #signal's reasons are for badgering users for a #PIN, it's clearly a design choice they made, because other secure messengers don't do this.and clearly this design choice has some harmful consequences, which i don't think it's fair of them to just #victimblame away.
whatever #signal's reasons are for badgering users for a #PIN, it's clearly a design choice they made, because other secure messengers don't do this.
The choice is either:
- Periodically ask people to enter their PIN, or
- Deal with people complaining that they forgot their PIN and are locked out (or, ideally not possible):
- Provide an insecure way of recovering an account after you are locked out.
The PIN entry UI looks nothing like an incoming message.
-
whatever #signal's reasons are for badgering users for a #PIN, it's clearly a design choice they made, because other secure messengers don't do this.
The choice is either:
- Periodically ask people to enter their PIN, or
- Deal with people complaining that they forgot their PIN and are locked out (or, ideally not possible):
- Provide an insecure way of recovering an account after you are locked out.
The PIN entry UI looks nothing like an incoming message.
@david_chisnall @xgranade
yea, i guess it's a trade-off, but repeated nagging pop-ups asking for your PIN unrelated to any user action within the app is perhaps not the best way of to teach users to never give out the PIN. -
@david_chisnall @xgranade
yea, i guess it's a trade-off, but repeated nagging pop-ups asking for your PIN unrelated to any user action within the app is perhaps not the best way of to teach users to never give out the PIN.@pelle @david_chisnall @xgranade The prompt appears less over time. I get it once per month.
