Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
asdfman123 4 hours ago

Seems like you should use an app like Signal for anything sensitive at all so you don't have to worry about megacorp ecosystems as much.

jdwithit 3 hours ago | parent | next [-]

As mingus88 said, this story is literally in response to Apple leaking messages sent through Signal. Doesn't matter if the message is securely transmitted if the operating system then keeps it lying around in plain text in a cache.

From the linked article:

> The independent news outlet reported that the FBI had been able to extract deleted Signal messages from someone’s iPhone using forensic tools, due to the fact that the content of the messages had been displayed in a notification and then stored inside a phone’s database — even after the messages were deleted inside Signal.

stavros 3 hours ago | parent [-]

You can easily configure Signal not to show the message contents if you want, though.

QuantumNomad_ 17 minutes ago | parent | next [-]

Except even when you turn off message previews, it has to be specifically from within Signal settings. Not the iOS settings for notifications for the Signal app. To the user it looks the same, so it’s easy to make the mistake of turning off the previews in iOS settings instead of from within Signal settings. I didn’t even know there was a difference between the two until the recent posts about it.

jim33442 3 hours ago | parent | prev [-]

The original comment mentions this but gives the wrong reasoning. The APNs are encrypted either way, but this setting prevents Signal from decrypting them client-side and letting the notification cache store it. Yeah this is more secure because it means not trusting Apple to do their job right with local storage, but it's also kind of a reasonable thing to trust.

mingus88 4 hours ago | parent | prev | next [-]

Nope, Signal messages were stored in the phones notification DB even after the app was deleted

https://www.404media.co/fbi-extracts-suspects-deleted-signal...

3 hours ago | parent [-]
[deleted]
ryanisnan 4 hours ago | parent | prev | next [-]

This is also an oversimplification. If I understand the issue correctly, the notification with the message contents was what was cashed locally and then accessed. This same vulnerability would exist with Signal if you had the notifications configured to display the full message contents. In this case, it has nothing to do with either Apple or Signal.

3 hours ago | parent [-]
[deleted]
3 hours ago | parent | prev [-]
[deleted]