- Daniel Caesar dons cape for whiteness—and gets canceled 11 Months Ago
- Triton is a new malware ‘deliberately’ designed to put lives at risk Today 3:23 PM
- ‘Into the Dark: I’m Just F*cking with You’ is one of the series’ best Today 1:54 PM
- Trump’s latest prop, a map of ISIS, gets memed Today 12:54 PM
- HBO sends fans on a global scavenger hunt for 6 Iron Thrones Today 11:51 AM
- The Awkward Family Photos game is Cards Against Humanity for meme lovers Today 11:50 AM
- London firefighters’ organization accuses ‘Peppa Pig’ of sexism Today 11:41 AM
- YouTuber accused of abusing her children to make kid-friendly content Today 11:20 AM
- Ari Fleischer’s Iraq War tweet isn’t going over well Today 10:54 AM
- Cop arrested for recording man’s genitals, forcing mentally ill man to twerk Today 10:37 AM
- MoviePass rebrands its unlimited plan, again Today 10:37 AM
- Former Alaska senator launches meme-filled 2020 primary campaign Today 10:17 AM
- The Shane Dawson cat controversy has resulted in these sex memes Today 10:06 AM
- Sarah Sanders mocks CNN reporter with ‘dear diary’ tweet Today 9:03 AM
- Know what you’re signing up for thanks to these dating site reviews Today 8:58 AM
The disappearing messages aren’t entirely disappearing.
Messaging app Signal has been praised for its high levels of privacy and security. Unfortunately, a flaw in the Signal Mac desktop app seems to have been violating the app’s trademark levels of secrecy.
Signal is a service that lets you chat with friends in real time and promises to never store your data. The app uses end-to-end encryption to ensure your messages are protected from prying eyes. It also doesn’t store metadata about group chats, such as who’s chatting in the group or the group title.
Signal also allows you to set messages to self-destruct, destroying any evidence they were ever sent—unless you’ve got notifications enabled in the Signal Mac desktop app. With the app’s default settings in place, a security researcher noticed that these messages don’t actually disappear—they’ll persist on your computer’s notification bar indefinitely, including information such as who sent the message and its contents.
#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are "disappearing" messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY
— Alec Muffett (@AlecMuffett) May 8, 2018
Motherboard confirmed that messages sent and self-destructed within the app itself continue to live on in the macOS notifications bar. The problem here, for those concerned about true messaging privacy, is that this means this Signal message data is stored on your Mac’s hard drive. This information can then be recovered at a later time, even if the messages were deleted within the Signal app.
According to Objective-See’s chief research officer Patrick Wardle, this data is stored in a database accessible under normal user permissions. This leaves it vulnerable to access by hackers, malware, or forensic experts employed by government agencies. The Signal iOS app doesn’t seem to suffer from this issue, according to Wardle.
Thankfully, there is a fix for the problem: In the Signal Mac app’s settings menu, head to Notifications and then edit the settings underneath to either “Only sender name” or “Neither name nor message.” Alternatively, you can disable the desktop app’s notifications altogether—but that minimizes some of the app’s utility. This won’t remove messages that are already stored on your Mac’s hard drive but will prevent future messages from being preserved.
Whisper Systems, the company behind the Signal app, hasn’t commented on the discovery.
- How to get faster Wi-Fi
- Everything you wanted to know about how the internet works
- The best privacy screens to protect your monitor and laptop
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.