FBI used iPhone notification data to retrieve deleted Signal messages

Posted by 01-_- 13 hours ago

FBI used iPhone notification data to retrieve deleted Signal messages(9to5mac.com)

557 points | 281 commentspage 4

lenerdenator 13 hours ago|

There needs to be a bit more "group chat" control in Signal messages, wherein you could enforce certain settings for certain chats regardless of the phone settings. You could have group chats that would enforce not showing more information in the notifications, while others would still allow it.

preinheimer 13 hours ago|

This feels like it would run against the “I bought my device, I should control how it behaves” line of thinking.

helpfulclippy 11 hours ago|||

I think it fits in pretty well with Signal. As it stands, a group chat can control when a message is automatically deleted for everyone, so everyone can rely on that being a shared setting. That's an intentional design decision. There's no individual opt-out.

An individual can disable name or content in notifications in iOS, or set "mute messages" for a chat to prevent notifications from appearing for that specific chat, but there's nothing that gives group members any assurance that other group members are doing that.

etiam 12 hours ago||||

But it would be pretty well in line with the "I trust my contact with this communication, but only if they're not systematically misled to copy it to readily exploitable insecure storage" line of thinking.

Since the purposes of the program are pretty heavy on private communication, I'm inclined to think that takes precedence here, especially considering the consequences for dropping default message previews versus adding default reveal of supposedly private information.

lenerdenator 8 hours ago||||

True, though the device could simply not be connected to that chat if the user doesn't want to implement the policies necessary to access that chat.

The major hole here is that you turn off your notifications and don't have a bunch of database records, but the threat actor somehow finds out who your contacts are, gets a hold of their phone, and can then see all of the messages you sent via their notifications database. So if you want to trust the device for secure communications, you can't do that.

kome 12 hours ago|||

smartphones in general runs against the “I bought my device, I should control how it behaves” line of thinking

lowbloodsugar 8 hours ago||

Terrorism charges. That’s what we should be talking about.

komali2 8 hours ago|

It sounds like they were considering liberating the ICE concentration camp. If you go down that route, you need to be ready for the terrorism charges. They brought rifles and one of them allegedly shot at a cop.

Personally, it's a moral good to free people from a concentration camp, even if it requires violence to do so. However it's also obvious that when you oppose a State, you get hit with terrorism charges. ...unless you're a jan6er, of course.

i_am_proteus 13 hours ago||

Reminder that no end-to-end encryption arrangement can do anything before encryption, or after decryption, at the endpoints.

windowliker 12 hours ago|

Right. It's purely a protection against MitM snooping. The app has to have the messages in plaintext to display to you via whatever mechanism the OS uses. Seems obvious, but also not, at the same time.

I've found other ways Signal can leak information, even with disappearing messages. It's not the total install-and-be-done privacy screen that some people think it is, and requires a little effort at the user end to fill in a few gaps.

SilverElfin 8 hours ago||

Is there a way to delete all Apple notification history from Apple’s servers?

sneak 8 hours ago||

How convenient that Apple can turn a blind eye to this, and maintain their useful fiction that they don’t provide law enforcement backdoors.

Privacy, that’s Apple: https://www.reuters.com/article/world/exclusive-apple-droppe...

ChrisArchitect 11 hours ago||

[dupe] Discussion on source: https://news.ycombinator.com/item?id=47703573

SergeAx 11 hours ago||

Probably stupid question: why won't they e2e-encrypt push notifications too? The vector is obvious and has been open since forever.

0x62 11 hours ago||

Signal does not send any sensitive information in push notifications sent via APNs [0]. This story concerns the local OS cache of push notifications, which are triggered after E2E decryption has occurred.

[0] https://mastodon.world/@Mer__edith/111563865413484025

tbrownaw 11 hours ago|||

The "e" in e2e encryption is a computing device, not the device's user's brain.

SergeAx 10 hours ago||

Right. So I send a push notification with the "silent" flag and encrypted content; the app receives it, decrypts the text, and displays the notification locally. Google/Apple has only ciphertext in their FBI/CIA/NSA-accessible databases.

jhatemyjob 8 hours ago||

I'm confused. You mean the iOS system notification would display the decrypted message in plaintext? Or do you mean the iOS system notification would display the encrypted message (i.e. it would be unreadable)?

SergeAx 8 hours ago||

The app decrypts the message and displays it via the system notification.

jhatemyjob 7 hours ago||

So in that case, the system has access to the plaintext, therefore the Alphabet boys have access to it as well. Unless, of course, you believe Apple isn't cooperating with them.

Am I missing something here? Maybe I'm missing a subtle detail.

SergeAx 4 hours ago||

A system like the one in "my phone's operating system". Do you assume that "Alphabet boys" have access to all parts of all Android file systems of all the phones ever produced?

SilasX 8 hours ago||

Hmmm this is interesting. Because I've long had the complaint that notifications are frustratingly ephemeral. There have been many cases where I've gotten a notification that my phone clearly has but which I can't read, because when I tap it, it's purged permanently, and then I have a spotty internet connection, so I can't see it in the actual app that loaded.

I'm always like "JFC, can't you cache the notifications, so I can see it there while waiting for the app to gets its act together?" But no, that's never an option.

So I'm getting a laugh out of how notifications last long enough to be extracted by someone just not the person that they're for. (Though to be fair, it could be a case of a notification that was never tapped, and therefore hadn't been purged yet. I couldn't tell from the story.)

lofaszvanitt 9 hours ago||

Sigh, just the usual. If you don't know the platform's nuances, you are fckd.

nixosbestos 11 hours ago|

Um. Android has notification history also and I see no similar ability to hide notification content from the system ...

TeMPOraL 11 hours ago||

Good. The moment they add it, all kinds of apps will start to abuse it, for "sekhurity" (read: engagement) reasons. See e.g. all the apps that now disallow taking screenshots, for no legitimate reason.

Personally I'd be in favor of a hard app store policy, that if an app notifies you about something, all the importantdetails (like full message text) must be included - specifically to allow the user to view the important information without having to open the app itself.

nixosbestos 9 hours ago||

I'm referring to what sounds like a feature of the app, not the OS... The app... already chooses what to send through the OS notification API so I really don't have any idea what scenario you're worried about.

I generally sympathize, I also don't like when apps block screenshots (or even more stupidly, they can block Android's amazing "select text from anywhere" feature...). But I don't think there are similar concerns for Signal allowing me to hide notification content from the OS.

TeMPOraL 8 hours ago||

Right. I'm saying most apps shouldn't be allowed to send a notification at all if they're not going to put the proper content in it. As it is, many apps already choose to omit notification body, instead supplying nothing or some noninformative text, forcing you to tap through to the app to see what the notification was about. If Signal is doing anything unusual here, is that it has a switch to enable showing actual content.

nixosbestos 7 hours ago||

I get it. I am stubborn. That behavior results in a polite but direct email/review followed by an uninstall. I'm so tired of being treated like disposable crap by everyone trying to make a buck the cheapest and shittiedt way possible.

gumby271 8 hours ago||

In the Signal app itself there's an option to hide the message body or both the sender and body, that way the OS wont have anything to store in the history.

nixosbestos 6 hours ago||

-_- I see it now, on Android. Thanks for prompting me to recheck.

More comments...