Hacker News new | past | comments | ask | show | jobs | submit login

> Neither was signal taking your contact list and uploading a copy along with your name and photo and storing that data forever in the cloud.

It seems incomplete to not mention that that data is end‐to‐end encrypted, and that name and photo are optional.




In which case it would also be incomplete not to mention that that same data is stored insecurely and protected by an easy to brute force PIN. ( see https://community.signalusers.org/t/proper-secure-value-secu...)


Yes, “though contacts are encrypted, users are not prevented from using a weak PIN” would have been a better way to word this criticism from the start, rather than implying that they are stored completely unencrypted.


“though contacts are encrypted, users are not prevented from using a weak PIN” ignores that Signal encouraged users to set a weak pin (for many people the word "PIN" means a 4 digit number) and that the data is stored using SGX which has already proved to be vulnerable. In my view the fact that they have been lying in their privacy policy is a much bigger problem for a company we're supposed to trust.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: