Let me get this straight...
-
Let me get this straight...
The default setting for Signal on an iPhone allows law enforcement to see the content of all incoming messages, even after the app has been deleted?
@wdormann switching my friends and family to signal was made easier because of settings like this. It behaves like a normal messaging app. None of them have a threat model that has them thinking of device seizure by law enforcement.
-
@thomasareed @Viss
I don't believe you, asthat setting(my screenshot) is within the Signal app itself.As such, if they wanted a different default value, they would have just released the software with the preferred setting.
-
@thomasareed @Viss
I don't believe you, asthat setting(my screenshot) is within the Signal app itself.As such, if they wanted a different default value, they would have just released the software with the preferred setting.
@wdormann @Viss Okay, whatever. “I don’t believe you” is a pretty rude response, as it implies I’m lying and that nothing changed in the years since I installed it. I do distinctly remember some kind of warning about Signal notifications from somewhere, though, so this is most definitely NOT new news.
-
@lennybacon
The screenshot I shared is from the Signal app itself, in Settings.Not iPhone-wide settings.
@wdormann Thanks. Looks the same in the app to me.
Probably the same but configured from the opposite side of things.
-
@prism
The default setting is that you get notified with the message contents -
@Mer__edith
Can we get a comment on this?1) The default Signal setting to show message contents in push notifications seems... bad, assuming this article is accurate.
2) Does changing the in-Signal-app setting for Notification Content indeed prevent notifications from being stored anywhere, which by default contains incoming message bodies.@Mer__edith
On the macOS side of things, we have confirmation that Signal notification contents get stored, even for disappearing messagesiOS sadly offers less visibility into what's going on. But the FBI probably appreciates that it's happening there too.
The default notification setting for Signal (on both iOS and macOS) ensures that potentially sensitive information leaks out of the Signal app. This is unfortunate.
-
@Mer__edith
Can we get a comment on this?1) The default Signal setting to show message contents in push notifications seems... bad, assuming this article is accurate.
2) Does changing the in-Signal-app setting for Notification Content indeed prevent notifications from being stored anywhere, which by default contains incoming message bodies.@wdormann @Mer__edith it should probably be changed but you also have to weigh this against how many people would try Signal, see that it lacks message previews, and go back to SMS.
-
@wdormann @mastodonmigration eh what?
On Android it just shows "you have a new message". Was this an Apple or a Signal decision?
@craignicol @wdormann @mastodonmigration On my Android it did show Name and message completely. Not sure if I have changed that setting myself in the past 8 years that I have been using Signal, or whether that is/was the default.
-
@craignicol @wdormann @mastodonmigration On my Android it did show Name and message completely. Not sure if I have changed that setting myself in the past 8 years that I have been using Signal, or whether that is/was the default.
@erwinrossen @wdormann @mastodonmigration hmm. Entirely possible the default has changed
-
@grammasaurus @omnicore @signalapp
The screenshot I shared is from the Signal app itself, which chooses to include the message content in notifications.
So I'd say that both are at fault.
@wdormann @omnicore @signalapp That’s not at all what I see on my phone for the signal app.
I’m using iOS 18.1.1–maybe the latest version has changed a lot?
-
@wdormann @omnicore @signalapp That’s not at all what I see on my phone for the signal app.
I’m using iOS 18.1.1–maybe the latest version has changed a lot?
@grammasaurus @omnicore @signalapp
18.1.1, eh? If you don't install security updates, I wouldn't expect your experience to be like the rest of the world.
-
@wdormann I mean, before 2025 did the average mainstream user have the US government in their threat model?
@marypcbuk @wdormann The government has always been a threat to any left of center activists. The right planned their insurrection on public Facebook groups without precautions.
-
@tdpsk @Mer__edith
The problem is that such content is not included in unencrypted backups. So we mortals can't even confirm this, as we don't have access to full-device exploit tools such as Cellebrite.@wdormann @Mer__edith from what I understand it was forensically recounstructed from storage, the database itself is non-persistent (on the software layer). So something Apple could solve in a future update, e.g. by regularly properly wiping that part of storage.
-
@wdormann @Mer__edith from what I understand it was forensically recounstructed from storage, the database itself is non-persistent (on the software layer). So something Apple could solve in a future update, e.g. by regularly properly wiping that part of storage.
@tdpsk @Mer__edith
Right, why is this data persistent at all? -
@Mer__edith
On the macOS side of things, we have confirmation that Signal notification contents get stored, even for disappearing messagesiOS sadly offers less visibility into what's going on. But the FBI probably appreciates that it's happening there too.
The default notification setting for Signal (on both iOS and macOS) ensures that potentially sensitive information leaks out of the Signal app. This is unfortunate.
@Mer__edith
From elsewhere on the interwebs: -
@Mer__edith
From elsewhere on the interwebs:@Mer__edith
From a worse place on the interwebs.
Implying:
Signal message content being present in Apple Notifications database even after Signal itself is deleted is apparently expected and fine.Signal message content being present for self-deleting messages is not (in their minds).
-
@Mer__edith
From a worse place on the interwebs.
Implying:
Signal message content being present in Apple Notifications database even after Signal itself is deleted is apparently expected and fine.Signal message content being present for self-deleting messages is not (in their minds).
-
@Mer__edith
From a worse place on the interwebs.
Implying:
Signal message content being present in Apple Notifications database even after Signal itself is deleted is apparently expected and fine.Signal message content being present for self-deleting messages is not (in their minds).
@wdormann that's exactly what I was worried about. It suggests that whatever the/an app sends to the notification service gets stored, since OS notification settings would most likely apply only after and not before storage. That's .. creepy but not too surprising.
Thanks for raising awareness!
-
@wdormann that's exactly what I was worried about. It suggests that whatever the/an app sends to the notification service gets stored, since OS notification settings would most likely apply only after and not before storage. That's .. creepy but not too surprising.
Thanks for raising awareness!
@AwkwardTuring
It's easy to fix. It's just somewhat surprising to me that Signal ships with obviously insecure defaults. -
@AwkwardTuring
It's easy to fix. It's just somewhat surprising to me that Signal ships with obviously insecure defaults.@wdormann it is. I'm only worried about all the apps (or users for that matter) that rely on OS' built-in notification settings instead of more granular in-app-settings.
Again: not too surprising but leaves a sour taste nonetheless.
