A response to recent reporting in Germany, in service of clarity and accountability:

@jtb @ahltorp @davep @signalapp And they are saying that because people do. Because it's easy for a con artist to convince some people who may just be vulnerable at that moment to give it to them.

@skaphle @signalapp oh wow

@stagerabbit @ahltorp @davep @signalapp ok i withdraw my remark as I didn't see the dialog. If it said "verify pin" someone might have done that without thinking

@jtb @stagerabbit @ahltorp @signalapp

Fair enough. Social engineers and phishing scams are by definition very good at this.

@signalapp
Dear Signal,
just want to let you know. Those who use Signal, at least those who are not ...naive (not to say stupid/digitalincompetent) are well aware that at least the whole media coverage was rather a campaign against Signal (as a save/independent Messenger).
Here in Germany the government seem to have a certain ...procedure when it comes to digital infrastructure. And yes, it is based on digital incompetence and always following certain lobbyinterests.

@signalapp Very well handled! Much appreciated.

@energisch_ @signalapp with e2ee?

@skaphle @olliausstuhr @signalapp @Chantology
Nice strawman, but I did not claim any immunity against scams. I explicitely said, I just don't had the influence to frame it as a hack, if it happened.

@olliausstuhr @signalapp @Chantology
That's pretty much the same. You can't publically frame something if noone hears you.

@skaphle
The server doesn't but the app does. Is there any reason to not want to make the app hide messages from accounts with such names?
@expertenkommision_cyberunfall @signalapp

@jtb
*Anyone* can be tricked. If your'e caught at a bad time, distracted, stressed, you *will* fall for it.
@davep @signalapp

@jackemled @signalapp Gaining access to classified information from highest government officials, and being able to pose as these officials when contacting their colleagues, feels like something worth your time if you're interested in that sort of information.

@jtb @davep @signalapp we are talking about german politicians here, being daft is a job requirement

@jtb @stagerabbit @ahltorp @davep @signalapp Banks and others regularly call me up and ask me to identify myself to them, ie give the unknown caller my credentials. And cannot see the problem in training their customers to comply.

@jtb @davep @signalapp Well well. We speak of the president of the german parliament. No one would ever suspect her to be seriously daft.

@guenther @jtb @davep @signalapp she is, actually, and has long been known to be

@signalapp I am trying to work out why Registration Lock is not on by default. In particular, why would you be able to set a PIN and not set Registration Lock? I can imagine a use case where someone didn't want a PIN at all, though that shouldn't be the default in a secure messaging app. But why PIN and no lock?

@davep @ahltorp @jtb Typically, I'd agree. But these accounts are some of the highest politicians in Germany. I don't believe it's unreasonable to hold them to higher standards than the average user. They handle confidential stuff. Their decisions and actions concern tens of millions of people.

@stairjoke

As far as I know, the Bundeswehr already uses matrix

@claudius @davep @ahltorp @jtb They handle confidential stuff irresponsibly.

Or maybe they were just drunk? That's how Whisky Pete Hegseth does it.