alt Hacker NewsEven if everyone agreed that the system was secure, and they absolutely don't, see for example
https://web.archive.org/web/20210126201848mp_/https://palant...
https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...
I think we should all agree that outright lying to users on the very first line of their privacy policy page is totally unacceptable.
You cited this so I think this is what you mean:
"Signal is designed to never collect or store any sensitive information."
I interpret this, I think reasonably, to not include encrypted information. For that matter they collect (but probably don't store) encrypted messages. The question is, does PIN+SGX qualify as sufficiently encrypted? This line is a lie only if it does not.
Sorry I skimmed those articles, I don't want to read them in depth. But it sounds like they are again ultimately saying "PIN+SGX is not secure enough".