Signal PINs dramatically change their threat model and reverse their prior no-retention policy. The security of user data now stored on their servers relies entirely on SGX, which is barely secure against casual attacks, much less nation state adversaries. https://signal.org/blog/secure-value-recovery/

As recently as four hours ago @signalapp claimed they had no data to turn over to governments, but that is no longer true once a PIN is enabled, and as of the most recent update there is no longer a way to opt-out from uploading your data to their servers. https://twitter.com/signalapp/status/1280166087577997312

The security community has recommended @signalapp for many years, but this forced update is such a dramatic change with such a massive increase in the attack surface, based on relatively weak SGX security, that it makes me reconsider. @moxie Blink twice if you're being coerced!

* Signal is not currently storing your messages
* They are storing your contacts encrypted by the PIN
* You can use a strong PIN, many people will not
* The PIN is validated by SVR, protected by SGX
* SGX might be hard to break in practice, but Signal has nation state adversaries

An adversary can potentially recover the master key of some users by either probabilistic guessing of their PINs, or offline attacks if they can access the SGX protected SVR replicas. This gives them access to the users' social graphs and other data protected by the master key.