Comment by Klonoar
2 years ago
Unless my memory is seriously off, Signal push notifications just tell your device to call and fetch. It’s not like they’re unaware and just sending you stuff in plain text.
2 years ago
Unless my memory is seriously off, Signal push notifications just tell your device to call and fetch. It’s not like they’re unaware and just sending you stuff in plain text.
Can you elaborate on this? I'm still not sure if Signal notifications are any less vulnerable than others.
The gist of it is that when Signal sends you a push notification, it's just a marker for "hey, you have updates". It doesn't contain unencrypted data that could be passed to another actor - Signal isn't stupid enough to do this. The app will then call out to pull down any updates.
Thus, we wind up in the following situation: the US govt could ask Apple for a list of people who got notifications at X/y/z time to try and tie it to someone who sent at those times, but Signal is so large and widely used that it'd be finding a needle in a haystack (and that's probably putting it lightly).
The news from this article is concerning, no doubt... but I'm not particularly worried about Signal is all.