FBI used iPhone notification data to retrieve deleted Signal messages

Kind of a wake-up call that even "deleted" messages aren't really gone if the OS is caching notification previews — makes you rethink what end-to-end encryption actually protects you from.

Just curious, how come at least once a month signal bugs me to turn on notifications? I said no for a reason, every single time - why does it keep asking?

Not implying anything evil but it feels a bit weird esp after this.

Settings > Notifications > Notification Content > Show: "Name Only" or "No Name or Content"

I've had this enabled to prevent sensitive messages from appearing in full whilst showing someone something on my phone, but I guess this is an added benefit as well.

First, a critical setting for Signal users:

"Signal’s settings include an option that prevents the actual message content from being previewed in notifications. However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database."

Second, how can I see this notification history?

> testimony in a recent trial

Court cases are the real way to audit security.

Larping about security and complaining about companies responding to court orders only gets you so far. Its way more useful to look at what actually happens in reality.

So this is where we find out the one end of e2e is the phone and not the app.

Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.

"However, it appears the defendant did not have that setting enabled, which, in turn, seemingly allowed the system to store the content in the database."

"[A]llowing the system to store the content in the database" on the phone where a third party, such as Apple or a government, can access it is the default

Only a small minority of users know about settings and how to change them. The vast majority of users do not change default settings. Apple knows this

Original article: FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database[0]

0. https://www.404media.co/fbi-extracts-suspects-deleted-signal...

everyone's arguing about whether apple or the government is to blame. the actual problem is the verification methods themselves. credit card, drivers license, or a pass card. three options that each create a centralized database linking your real identity to your device. age verification is just identity verification with a friendlier name.

the verification accepts other people's credit cards and IDs. so the 'age gate' doesn't even verify the person using the device, just that someone with a credit card touched it once. it's all the privacy cost of an identity check with none of the supposed child safety benefit

I wonder why Apple doesn't 'just' delete the notification data associated with the app from the internal database when the user deletes the app? It seems like asking for problems to just keep old notification content around forever.

On Android, when I use WhatsApp and have notifications for groups turned off, I can still see that they arrive briefly and then get removed (the icon top left vanishes). I wonder often, if this is a way to push all group message content into an unencrypted data trace as well - for the same use case.

As an aside, I decrypted an encrypted iPhone backup using a tool from GitHub because I wanted easy access to my Voice Memo recordings.

Photos I had long deleted were still in the backup! It's quite surprising just how much is being stored by the phone.

Aren’t notifications supposed to be encrypted for Signal?

... and I thought I'm turning off notifications for all apps just so I don't get spammed. Looks like the setting is more useful than that.

I thought Signal didn’t show message previews by default and you had to go in and enable it? I’ve never had message previews in my Signal and I don’t remember changing anything. Maybe when they introduced the feature, you could pick but they strongly suggested it not showing?

People also got charges in the same case for removing people from a Signal chat

Also discussed yesterday, in https://news.ycombinator.com/item?id=47703573

There needs to be a bit more "group chat" control in Signal messages, wherein you could enforce certain settings for certain chats regardless of the phone settings. You could have group chats that would enforce not showing more information in the notifications, while others would still allow it.

[dupe] Discussion on source: https://news.ycombinator.com/item?id=47703573

People who NEED to hide their notifications from iOS have this already disabled.

They rest who "evaluate their threat models" can practice Spy-life-gymnastics by disabling it from Signal.

Probably stupid question: why won't they e2e-encrypt push notifications too? The vector is obvious and has been open since forever.

Reminder that no end-to-end encryption arrangement can do anything before encryption, or after decryption, at the endpoints.

Um. Android has notification history also and I see no similar ability to hide notification content from the system ...

[dead]

signal is security theater, and a very bad user experience