The Signal secure messaging app has started forcing users to set a new PIN, popping up a nag dialog saying
Create a PIN
PINs keep information that’s stored with Signal encrypted.
They’ve done a terrible job of communicating why they’re doing this, so I went away and read a bunch of forum threads, GitHub tickets, blog posts and support documents and here’s my own attempt at an FAQ more clearly answering the questions which immediately occurred to me when I got the nag dialog this morning.
An article has been doing the rounds suggesting that Signal is closed for selfish reasons and suggesting that it can’t be trusted. The article carefully omits any mention of the reasons why Signal is the way it is, so here are those reasons.
Signal is a closed system because of its focus on (a) user experience and (b) security for ordinary users.
First, user experience. If you want people to use your secure messaging app rather than whatever comes with their phone, it has to use push messaging in order to receive messages without the app running and without draining the user’s phone battery.