@sneak I didn't know this ...

But I'm not entirely sure it's a problem. It seems similar to the constant question of "where do you store your encryption keys/passwords" for apps that aren't expected to prompt the user for input on every invocation, and I cam imagine that Signal didn't feel like saying "just trust your TPM" - plus with multi-OS support trying to find a trusted infrastructure is not easy.

But I'd be happier if they made it more obvious to the end-user ...

@yojimbo the solution to "where do you store your secrets" has been defined for a long while now. on the macos there's keychain, on linux there's gnome-keyring, KDE probably has some equivalent, and I'm sure Windows has something, too.

I'd be willing to bet there's even some library that abstracts them all for crossplatform Electron apps. If not, that's a good Innovation Token to spend.

@sneak True for most people, but I'm not sure Signal consider themselves to be part of that set, rightly or wrongly.

Leaving their data unencrypted on the device is a choice that isn't automatically wrong as long as the users are made very aware of the fact and have enough information to choose what to do; but that doesn't seem o be the majority of Signal's userbase ...

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!