452
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
(www.404media.co)
Use Molly as your Signal client instead. It solves this.
this post was submitted on 09 Apr 2026
452 points (99.3% liked)
Technology
83632 readers
4520 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
End-to-end encryption is the final boss of false-sense-of-security.
Like, it's great and all, but it's not universal perfect privacy the way a lot of people seem to hold it up as if it were. You have to understand what it's actually defending against, and who might be blocked by that, and more importantly, who won't be. Because the list of potential adversaries it is actually useful against are becoming narrower and increasingly out-of-date.
Encryption alone prevents the messages being read in transit between you and Signal, and obviously that's fundamental basic security at this point. Signal being end-to-end encrypted prevents your messages being spied on by Signal, but ironically they're probably one of the most trustworthy actors in this whole chain, so the fact that it's protected from them, while commendable, is not particularly valuable security. They were probably not the ones going to spy on you in the first place. They have prevented themselves from being capable of doing so, and that's good, but if that's all you're worried about and you now think your privacy problems are solved, you're completely missing the point because instead of Signal themselves, you need to be worried about the guy currently standing over your shoulder with his camera filming.
Treat your phone and your Windows computer like they are permanently compromised with a rootkit taking continuous screenshots of everything you do and feeding that to their big tech overlords, because they might as well be.
For that matter, even Linux PCs still have their black box "intel management engine" or similar processor running constantly and potentially watching everything you do, although I don't believe they actually do that in any reasonable case, we need to understand they have both the capability and the motivation to be, at least in some cases, compromised by adversaries which may include (but are not limited to) tech companies and governments. You can't even trust your "dumb monitor" unless you've audited every chip inside it, you'll never know if it could be scanning everything on your screen and feeding it back through HDMI/DP back-channels or even through powerline networking. You also don't know if the same kind of things could be happening on the other side that you're sending/receiving from. Sure the network trip is protected, but that's hardly the only place you're vulnerable to interception.
That probably all sounds paranoid and extreme and improbable, and it is, but the point is end-to-end encryption does nothing to help you against any of that, so don't make the mistake of assuming you're 100% safe because it's end-to-end encrypted. The "end" is not what you think it is and it's not paranoid to at least understand that and accept the risk with the understanding.
I realize I am probably preaching to the choir here, and most of you probably understand this as well as I do. But I'm also pretty sure a lot of people truly believe it's more secure against eavesdropping than it actually is and that needs to change. The surveillance state is adapting and expanding rapidly and I fear they've started getting ahead of many of us. Beware, and plan carefully in the months and years ahead.
I understand the intent, but this is not phrased well.
prevents your messages being spied on by Signal, but ironically they’re probably one of the most trustworthy actors in this whole chain, so the fact that it’s protected from them, while commendable, is not particularly valuable security
It's extremely valuable security, because most companies, even if they don't want to spy on you might be compelled to by court order. And those companies often think their security is sufficient because they have good intentions, and they expect the government to have good intentions when they're going as far as getting a court order. (I also suspect more court orders are justified than not, but a few bad subpoenas spoil the bunch.) The fact that they physically are unable is quite important.
All your points about how things around that can fail are valid.
That's a fair criticism and an important clarification, I agree.
End-to-end encryption is the one of the most basic requirements for a communication system to be secure. Endpoint authentication is another. Message authentication is the third. After those 3 are fulfilled, further requirements can vary from system to system.
It's like electrical or building code. Just because it's compliant doesn't mean it's safe, but if it's not compliant it's almost certainly not safe. Necessary, not sufficient!
Ahem may introduce you to OpenBSD
Izzat anything like FreeBSD?
What if your notifications are turned off? Is anything stored in that circumstance?
I think it depends on where they're turned off. In Signal itself you can change it to remove the message text from the notification, or a few other variations.
If you just have notifications off on your phone in general, the notification is still being generated by the app and could potentially be stored somewhere on a server before being filtered out by your phone.
You know, I'm starting to think that maybe the "drive bay full of thermite" guy way back in the day WASN'T crazy...
Notification history is off by default in GrapheneOS....so that is nice.
load more comments
(9 replies)
my signal notification history is a lot of "Locked message"
Any software allowed on an appstore can be backdoored and decrypted many different ways. Even if the notification routing was turned off to prevent this, you still have a virtual keyboard that can be debugged at the system level or in one of the secure enclaves running on an iPhone. All of it is an illusion of security being sold for profit. Even the devices allowed to be sold must be backdoored many differnet ways by the state. In other words, anything that actually provided security and anonymity either from a hardware or software level would never be allowed on the market in the first place.
What's the purpose of keeping a history of seen notifications in a database? That shit should be being automatically purged if it needs to exist to show it, after its been dismissed.
I wonder if this revelation will trigger a change in how it works, since apple has often tried to do things securely?
If you accidentally dismiss a notification, you can go back in the history to see it. Or if you dismiss a message notification that you want to respond to later. Or if a notification keeps popping up and disappearing and you want to investigate.
I just checked if there were any controls for this on Android. As far as I could tell, you can only toggle it on/off.
Off clears the history, but I wish we could do more than all or nothing. I don't need a history of more than a week at most.
I have it turned on. It only shows the last 24 hours.
Oh I honestly didnt understand there's a perpetual database you can go back and look at, I didnt even know i had one on android, I just turned that off.
I understood it as they need a database to hold the notifications you should be shown and it gets purged eventually kinda thing.
As a history it makes sense, and that its something that can leak.
Also if you leave it on, uninstalling an app should definitely purge its history.
TIL I have a "notification history" toggle setting
The poor FBI has kinda triggered a Streisand effect. We used this thing no one knows about to win a case and shit now they know about it and are turning it off!
load more comments
(7 replies)
It always bears repeating, push notifications are not private, neither for Android, GrapheneOS, nor iOS, even if you use end-to-end encryption. If you are privacy conscious, you should either use settings to hide sensitive data from push notifications or turn them off altogether.
Wdym push notifications are not private on Graphene??
If you use GrapheneOS with push notifications, after enabling Google Play Services, those push notifications are relayed through Google servers. Most apps will include message sender and text in the push notification, meaning that data will pass through Google servers and they can read it.
If you are a GrapheneOS user and leave Google Play Services disabled - which they are by default - you have nothing to worry about, but notifications are generally delayed and use more battery as a downside.
That depends on your definition of private.
A push notification is pretty much just a ping that wakes up the app that is supposed to show you the notification. There usually isnt much data in that ping, so the only thing the Google firebase servers (or whatever other backend solution you use) see is a timestamp and an app. If you then disable Notification historie (default is off bzw on GraphenOS) there is no other data stored anywhere.
That's metadata that every single chat service has, no matter if its E2EE or not, because that's the bare minimum they need to transmit anything at all. If that already isn't private for you then you'd have to stop using the internet or phonecalls entirely and go back to carrier pidgeons.
It depends on the app. Some apps do (or can be configured to) indeed send "empty"/blank notifications which just notify you that you've received a new message from an app, but not from whom, or what the message contains.
However most apps by default will contain more data, such as who the message is from, and some/all of the sent message body.
If you get a push notification on your phone, everything you see in that notification must by definition pass through the push notification service.
If you turn off notification history on Android, should be enough to avoid such "attacks". Hiding sensitive content inside notifications only hides it in the lock screen. If your OS keeps a clear log of them, it's useless.
Edit: didn't know Signal actually has settings to hide their own notifications. I was thinking about Android's "hide sensitive content" setting.
Notifications go through FireBase Cloud Messaging (FCM) on Android. They bounce off a Google server. Even from local, on-device apps.
Same with iOS.
They can read and store every one of them, and you don’t control the encryption keys.
Signal only sends a "new message, retrieve the rest from Signal" ping to your phone through Firebase. It doesn't contain message details, just that you have a new message.
But they only instruct Signal to wake up and download whatever is waiting. They don't contain the message contents.
load more comments
(12 replies)
load more comments
(1 replies)
load more comments
(6 replies)
That's a interesting approach. It kind of backdoors a lot of private communication efforts. I can't even be sure, if disabling notifications for signal would avoid them from showing up in the database anyways
It should.
Signal has internal settings for exposing or not exposing the sender/content of messages to iOS notifications.
view more: next ›