[tptacek]

Your argument has become circular, because the what Signal uses push notifications for isn't security-relevant: the messages are empty and used only as a wakeup.

[Sir_Cmpwn]

They still contain information, though. They say when you're talking on Signal. Matched with someone else's messages at about the right frequency to indicate a conversation, they give a pretty decent idea of who you're talking to.

[tptacek]

They give the same information that TCP/IP traffic analysis does.

[Sir_Cmpwn]

Perhaps, but we can at least start to explore solutions to that if we can work on the server too.

[tptacek]

You're ping-ponging all over the place. Which is it? "Glaring security problems", or impediments to fully exploring the solutions space?