Comment by jonpalmisc
18 hours ago
Settings > Notifications > Notification Content > Show: "Name Only" or "No Name or Content"
I've had this enabled to prevent sensitive messages from appearing in full whilst showing someone something on my phone, but I guess this is an added benefit as well.
Just to clarify, this is within the Signal app settings—not the OS (iOS or Android) system settings.
Critical distinction, as merely changing OS notification settings will simply prevent notification content from being displayed on-screen.
Wait so if I do iOS setting notifications > never show previews it’s still caching them in the background? Unencrypted?
Yes. And technically, from a privacy perspective, it's even worse than that. What's additionally happening is they're still 'syncing' back to Apple servers via APNS (and to Alphabet servers via Firebase on Android)—even with notifications completely disabled, that's correct.
If the app generates them, the OS receives them. That's why the Signal app offers this setting.
32 replies →
yes, since apple doesn't control the content of the pushes it is sent by application backends. that can only be controlled within each app
Signal should switch the default to being less verbose.
They should also signal your counterparty's security posture.
Basically, give you a heads up that the other side has settings that make the system less secure.
1 reply →
The default should be "No name or content".
4 replies →
No it shouldn't. That makes the UX much worse, just to guard against the 0.00001% case where the FBI seizes your iPhone.
Not really, that would discourage use by normies.
users should switch to simpleX
When you put it up against each other it makes perfect sense, but I would never have thought about it in that way!
Thank you for adding this to the conversation.
Fwiw, in my Signal app on Android this setting is in
Settings > Notifications > Messages > Show
My Samsung also keeps a history of notification content. Under Settings->Notifications ->Advanced -> Notification History
However, if this is important to you then you want Signal to stop telling Android to make the notifications. If it doesn't exist nobody will accidentally make it available.
Deleting that history is good to know about after the fact, but preferably lets just not create the problem.
1 reply →
I allway say it: it is the defaults, stupid (paraphrasign).
The Defaults have to be the most sensitive ones.
If you are a supposed super secure app, this should be the default.
Disable Apple Intelligence summaries for sensitive app notifications too.
Given the quality of the summaries, you might want to keep them just for plausible deniability </s>
I guess enabling Lockdown mode might avoid this particular issue too, together with a bunch of other stuff?
Why would lockdown mode prevent this? I have lockdown mode on but that doesn't automatically make my notifications private.
Lockdown mode would prevent access to the data in theory.
But most likely (pure speculation mind you), this was a case of someone handing over the phone for review and where cooperating.
It might have been that they deleted signal some time ago, or even deleted signal and then handed over the phone.
It's notable that the data wasn't recovered from signals storage (was the data securely erased or that kind of recovery not attempted?).
It's a mode of the phone that is supposed to prevent cyber attacks, more so than "normal mode" I suppose, since it's supposed to limit features in the name of security. This seems like a variant of such attack, so seems like it should protect against it
2 replies →
Maybe it should.
Originally enabled it just to avoid awkward moments
This seems to be the default for me, at least on Android.
Android also supports custom encrypted payloads so Signal doesn't have to give them to Google.
WhatsApp supports this too.
Settings > Notifications > Show preview