- Ohio KKK rally met with massive counter-protest and witty signs from local businesses Saturday 5:06 PM
- Guy who said he stole drugs from MS-13 now says viral story is fake Saturday 4:07 PM
- Financial service company left 885 million private records exposed online Saturday 3:13 PM
- Sasha Obama went to prom and Twitter is delighted with the photos Saturday 2:22 PM
- Jon Voight says Trump is the greatest president since Lincoln in Twitter videos Saturday 1:31 PM
- #DeleteFacebook gains momentum after the platform refused to remove doctored Nancy Pelosi videos Saturday 11:58 AM
- ‘Game of Thrones’ failed women—and it’s a shame on its legacy Saturday 7:40 AM
- How to use Tor, the network that lets you browse the web anonymously Saturday 7:30 AM
- How to live stream Devin Haney vs. Antonio Moran on DAZN Saturday 7:00 AM
- Trump’s transphobic policies are disgusting—but they aren’t new Saturday 6:30 AM
- How to watch the Copa del Rey Final online for free Saturday 5:45 AM
- How to watch the DFB-Pokal final for free Saturday 5:30 AM
- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’-inspired miniseries is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
The disappearing messages aren’t entirely disappearing.
Messaging app Signal has been praised for its high levels of privacy and security. Unfortunately, a flaw in the Signal Mac desktop app seems to have been violating the app’s trademark levels of secrecy.
Signal is a service that lets you chat with friends in real time and promises to never store your data. The app uses end-to-end encryption to ensure your messages are protected from prying eyes. It also doesn’t store metadata about group chats, such as who’s chatting in the group or the group title.
Signal also allows you to set messages to self-destruct, destroying any evidence they were ever sent—unless you’ve got notifications enabled in the Signal Mac desktop app. With the app’s default settings in place, a security researcher noticed that these messages don’t actually disappear—they’ll persist on your computer’s notification bar indefinitely, including information such as who sent the message and its contents.
#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are "disappearing" messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY
— Alec Muffett (@AlecMuffett) May 8, 2018
Motherboard confirmed that messages sent and self-destructed within the app itself continue to live on in the macOS notifications bar. The problem here, for those concerned about true messaging privacy, is that this means this Signal message data is stored on your Mac’s hard drive. This information can then be recovered at a later time, even if the messages were deleted within the Signal app.
According to Objective-See’s chief research officer Patrick Wardle, this data is stored in a database accessible under normal user permissions. This leaves it vulnerable to access by hackers, malware, or forensic experts employed by government agencies. The Signal iOS app doesn’t seem to suffer from this issue, according to Wardle.
Thankfully, there is a fix for the problem: In the Signal Mac app’s settings menu, head to Notifications and then edit the settings underneath to either “Only sender name” or “Neither name nor message.” Alternatively, you can disable the desktop app’s notifications altogether—but that minimizes some of the app’s utility. This won’t remove messages that are already stored on your Mac’s hard drive but will prevent future messages from being preserved.
Whisper Systems, the company behind the Signal app, hasn’t commented on the discovery.
- How to get faster Wi-Fi
- Everything you wanted to know about how the internet works
- The best privacy screens to protect your monitor and laptop
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.