Comment by Klonoar

The gist of it is that when Signal sends you a push notification, it's just a marker for "hey, you have updates". It doesn't contain unencrypted data that could be passed to another actor - Signal isn't stupid enough to do this. The app will then call out to pull down any updates.

Thus, we wind up in the following situation: the US govt could ask Apple for a list of people who got notifications at X/y/z time to try and tie it to someone who sent at those times, but Signal is so large and widely used that it'd be finding a needle in a haystack (and that's probably putting it lightly).

The news from this article is concerning, no doubt... but I'm not particularly worried about Signal is all.