alt Hacker News> Maybe Signal's documentation will tell you.
Not the person you replied to, but I just tried googling half a dozen different terms and got results that have nothing to do with Signal.
> Remember that Signal is designed for non-technical users.
That does not prevent them from putting up a warning message that says "You just scanned a code which will allow another device to read all future messages sent to you, and send messages from your identity. Are you sure you want to do that? And the button says "link devices", not "yes" or "no."
I think the frustration here is that Signal petulantly and paternalistically refuses to allow you to fully sync to another device (and for years refused to even allow you to back up messages) because supposedly we can't be trusted with such a thing...but then they leave the QR code system so idiotically designed it's apparently trivial to phish people into linking their devices to malicious actors?
Why the fuck does scanning a QR code, without having first selected "link device", even open that dialog? Or require a PIN code they obsessively force us to re-enter all the time?
It's obviously ripe for abuse.
We admonish people for piping a remote document into their shell but a QR code that links devices with one click is OK?
> That does not prevent them from putting up a warning message that says "You just scanned a code which will allow another device to read all future messages sent to you, and send messages from your identity. Are you sure you want to do that? And the button says "link devices", not "yes" or "no."
As an experiment, I just linked a device to my Signal account. After clicking "Link new device" in Signal, and then scanning the QR code, a dialog popped up: "Link this device? This device will be able to see your groups and contacts, access your chats, and send messages in your name. [Cancel] [Link new device]"
If I scan the QR code with Google Lens instead, it reads and displays the sgnl://linkdevice... URL but does not launch (or offer to launch) Signal.