[upofadown]

Putting on my user hat...

"OK. Signal has forward secrecy. So messages are gone after I receive them. Great!"

Oh, you didn't turn on disappearing messages? Oh, right, then forensic tools like Cellebrite can get them. You have to turn on disappearing messages. The default is off.

Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default.

"I'll just delete the entire app!" No, sorry, the OS still has your messages...

At what point does the usability get so bad that we can blame the messaging system?

This same app had a usability issue that turned into a security issue just last year:

End to End Encrypted Messaging in the News: An Editorial Usability Case Study (my article)

https://articles.59.ca/doku.php?id=em:sg

[microtonal]

I think one of the main issues is that end-to-end message encryption is a sham as long as backups are not encrypted. I could have good device security, but if the person I'm talking to does not use ADP, iMessage and WhatsApp messages get backed up with only at-rest encryption (I think Signal opts out of standard iOS backups) and possibly the same for backups of the iPhone notification database (which the article suggests as a possibility).

Similarly on Android, WhatsApp suggests unencrypted backups to Google Drive by default.

Putting on my tinfoil hat, I am pretty sure that Google/Apple/Meta have some deal (successor to PRISM) where end-to-end encrypted messaging is tolerated as long as they have defaults that make it possible to access chats anyway. Apple not enabling ADP by default and WhatsApp doing Google Drive backups that are not end-to-end encrypted is the implementation. Since most people just use the defaults, it undermines security of people who care.

It's a 'win-win', the tech companies can wash their hands in innocence, the agencies get access to data, and phone users believe that they are chatting in a secure/private manner.

[AJ007]

"end-to-end message encryption is a sham as long as" -- I agree with that but would add even more caveats. If someone can't list those caveats off the top of their head they shouldn't be pretending they aren't able to communicate securely.

Just look at Salt Typhoon, every single person should be way more paranoid than they are, including government & agency officials. The attach surface and potential damage - financial and reputation - will only get worse with AI automation and impersonation, and that's for people who are doing nothing interesting and are law abiding citizens.

[sph]

Given the shoddy state of network security at large, especially on infrastructure projects (power plants, hospitals, dams, etc.) I always feel like major governments sit on so destructive potential to disrupt communications and anything connected to the Internet of its adversaries to have mutual assured destruction potential of a nuclear bomb.

No one’s crazy enough to push that button, because once you do there is no turning back.

[14]

I have often wondered about this exact situation. Like there are many instances of companies who depend on keeping their network secure and are actively taking preventative measures to keep their network safe that end up getting hacked. So surely there has to have been infiltration to some of the critical infrastructure keeping cities running. Why don't we hear more about it?

[BobbyTables2]

Only semi-conscientious companies will even KNOW they were compromised.

Suspect the rest are either not even looking and/or the attackers removed all their traces before anyone could possibly see.

When was the last time YOU inspected the authorization logs in systemd or the event log in Windows on your personal computer…

In Windows Defender we trust…

[microtonal]

I mean the Hungarian minister of Foreign Affairs briefed Lavrov on internal EU matters and there are recordings of one or more calls. It seems that opsec is bad at pretty much every level.

[alfiedotwtf]

We’re already forgetting when the Secretary of War invited a journalist to the secret SIGNAL group chat

[tapoxi]

Signal data is not backed up, they have a local backup solution and an in-app e2e cloud backup for $2/month.

[DeathMetal3000]

The backup is free for text and something like 60 days of media. You only have to pay to backup all media.

[alfiedotwtf]

This is what I’ve always hated with Apple Time Machine, which I think MUST have been deliberate:

    - create an encrypted disk
    - install Mac OS on the encrypted disk
    - use Time Machine to back it up with encrypt turned on

All good so far. Ok, time to restore:

    - Restore from Time Machine
    - enjoy your PLAIN TEXT install :poo:

[pxeboot]

This isn't really an issue anymore. All M series Macs (and T2?) are always encrypted by default.

[lo_zamoyski]

> the tech companies can wash their hands in innocence

Hostile defaults, not just in tech, is how Western liberal soft power often works. They can always claim "hey, you have the choice", but they know very well most people won't even know they have the choice, or is it so cumbersome or costly to move away from the hostile defaults - and stay that way - that in practice, the effect is the same as if you lived in a totalitarian regime. The difference is that you can keep believing in the deception of "freedom" in a Western liberal society; in a totalitarian regime, you are much more likely to know you've got a jackboot on your throat, because there is one.

What is needed isn't radical liberal atomistic individualism which rationalizes the antisocial war of all against all that rewards raw might. You won't find freedom there. You need a culture of respect of and sense of duty toward the authentic common good, backed by moral authority, where authority is power + justice.

[jacquesm]

People keep pushing signal because it is supposedly secure. But it runs on platforms that are so complex with so much eco system garbage that there is no way know even within a low percentage of confidence if you've done everything required to ensure you are communicating just with the person you think you are. There could be listeners at just about every layer and that is still without looking at the meta-data angle which is just as important (who communicated with who and when, and possibly from where).

[dingaling]

I've raised concerns about the Signal project whitewashing risks such as keyboard apps or the OS itself, and the usual response is that it's my fault for using an untrustworthy OS and outside Signal's scope.

At some point there need to be a frank admission that ETE encrypted messaging apps are just the top layer of an opaque stack that could easily be operating against you.

They've made encryption so slick and routine that they've opened a whole new vector of attack through excessive user trust and laziness.

Encrypting a message used to be slow, laborious and cumbersome; which meant that there was a reticence to send messages that didn't need to be sent, and therefore to minimise disclosure. Nowadays everything is sent, under an umbrella of misplaced trust.

[OutOfHere]

There is nothing secure about sending encrypted content to notifications. If it were secure, it would only notify that there is a message, with no details included.

[david_shaw]

> If it were secure, it would only notify that there is a message, with no details included.

You're right. This is configurable via settings, but is not the default state.

That said: if I can get friends and family to use Signal instead of iMessage, that gives me the opportunity to disable those notifications and experience more security benefits.

But I agree with your point: most people think that Signal is bulletproof out of the box, and it's clearly not.

[jacquesm]

You only control one side of any conversation.

[anon84873628]

Once again there is a trade off between security and user convenience.

If security is the main differentiator then app should start in the most secure mode possible. Then allow users to turn on features while alerting them to the risks. Or at least ask users at startup whether they want "high sec mode" or "convenient mode".

As the app becomes more popular as a general messaging replacement, there will be a push towards greater convenience and broad based appeal, undermining the original security marketing as observed here.

[jacquesm]

Exactly, but, sooner or later the cost of support overcomes the need for security, that's what is driving this. Popularity is the main reason signal is now less secure than it was in the past.

[DevX101]

The median user isn't going to change default settings, so your app is as secure as whatever the default it.

[stvltvs]

Even if I change the setting, my messages aren't truly secure against this unless all recipients do the same on all of their devices.

[GeekyBear]

> Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them.

Worse than that, they did not take advantage of the ability to send that message data as an encrypted payload inside the notification.

https://blog.davidlibeau.fr/push-notifications-are-a-privacy...

Either do not include sensitive user data inside a notification by default, or encrypt that data before you send it to the notification server.

[janfoeh]

According to Michael Tsai, they did use encrypted notification payloads. The OS just then stores the decrypted payloads in its notification database. [0]

[0] https://mjtsai.com/blog/2026/04/10/notifications-privacy/

[greysonp]

Signal developer here. Our FCM and APN notifications are empty and just tell the app to wake up, fetch encrypted messages, decrypt them, and then generate the notification ourselves locally.

[GeekyBear]

That's certainly a better state of affairs.

So you just need to fix the default setting and not display the message text in notifications to prevent this issue in the future?

[commandersaki]

We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default.

At least on my iPhone the default is to preview messages only when unlocked [0]. This user went out of their way to show previews in a locked state which meant it was vulnerable by digital acquisition without unlock code.

[0] https://files.catbox.moe/3gwjoy.png

[eggnet]

That doesn’t solve the problem. You have to configure Signal to not send the information in the notification.

[commandersaki]

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media

Doesn't indicate this is an issue when you have it set to preview when unlocked.

[dist-epoch]

Use SimpleX if you really want a secure messenger. Endorsed by Whonix, which in endorsed by Snowden.

https://www.whonix.org/wiki/Chat#Recommendation

[bladeacidic]

SimpleX has the same problem with notifications. You still have to properly configure it. Opsec is hard.

[wqaatwt]

> endorsed by Snowden.

Who is endorsed by the Russian government

[bombcar]

If the encryption security isn’t a freaking pain in every ass in the Tri county area, it’s not secure.

That’s been my go-to and I’ve yet to see it not work.

[ransom1538]

0) send a public key. 1) encrypt the file with your private key 2) send file.

WTF. This is super simple stuff.

[amethyst]

3) recipient stores decrypted content in plain text and backs that up in well-known cloud storage systems