- The 16-inch MacBook Pro is a beast, and it has a decent keyboard 2 Years Ago
- This group is scanning thousands of faces in Congress today to protest facial recognition 2 Years Ago
- Why everyone is debating Pete Buttigieg’s Medicare for All stance? 2 Years Ago
- The Motorola Razr is a foldable homage to millennial nostalgia Today 10:22 AM
- The ‘I’m baby’ meme gets much more literal on TikTok Today 10:20 AM
- MrDeadMoth avoids jail time for assaulting pregnant partner during live stream Today 9:21 AM
- Deval Patrick 2020 fever is not catching on Today 9:08 AM
- How to stream Steelers vs. Browns on Thursday Night Football Today 8:13 AM
- How to stream Mexico vs. Netherlands in the U-17 World Cup semis Today 6:46 AM
- ‘Waves’ wrestles with the family drama and breaks it in half Today 6:30 AM
- QAnon-touting congressman sneaks ‘Epstein Didn’t Kill Himself’ into tweets Wednesday 7:12 PM
- Ocasio-Cortez met a famous drag queen–and the right melted down Wednesday 6:09 PM
- Woman says Lyft driver tried to kidnap her Wednesday 5:18 PM
- Debunking the right-wing conspiracy theories from the impeachment hearing Wednesday 4:29 PM
- Maroon 5 approves of the latest TikTok trend Wednesday 3:54 PM
Messaging app Signal has been praised for its high levels of privacy and security. Unfortunately, a flaw in the Signal Mac desktop app seems to have been violating the app’s trademark levels of secrecy.
Signal is a service that lets you chat with friends in real time and promises to never store your data. The app uses end-to-end encryption to ensure your messages are protected from prying eyes. It also doesn’t store metadata about group chats, such as who’s chatting in the group or the group title.
Signal also allows you to set messages to self-destruct, destroying any evidence they were ever sent—unless you’ve got notifications enabled in the Signal Mac desktop app. With the app’s default settings in place, a security researcher noticed that these messages don’t actually disappear—they’ll persist on your computer’s notification bar indefinitely, including information such as who sent the message and its contents.
#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are "disappearing" messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY— Alec Muffett (@AlecMuffett) May 8, 2018
Motherboard confirmed that messages sent and self-destructed within the app itself continue to live on in the macOS notifications bar. The problem here, for those concerned about true messaging privacy, is that this means this Signal message data is stored on your Mac’s hard drive. This information can then be recovered at a later time, even if the messages were deleted within the Signal app.
According to Objective-See’s chief research officer Patrick Wardle, this data is stored in a database accessible under normal user permissions. This leaves it vulnerable to access by hackers, malware, or forensic experts employed by government agencies. The Signal iOS app doesn’t seem to suffer from this issue, according to Wardle.
Thankfully, there is a fix for the problem: In the Signal Mac app’s settings menu, head to Notifications and then edit the settings underneath to either “Only sender name” or “Neither name nor message.” Alternatively, you can disable the desktop app’s notifications altogether—but that minimizes some of the app’s utility. This won’t remove messages that are already stored on your Mac’s hard drive but will prevent future messages from being preserved.
Whisper Systems, the company behind the Signal app, hasn’t commented on the discovery.
- How to get faster Wi-Fi
- Everything you wanted to know about how the internet works
- The best privacy screens to protect your monitor and laptop
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.