- Review: Tyler Perry’s ‘A Fall From Grace’ is both nonsensical and utterly predictable Friday 6:48 PM
- Is Hulu censoring the Iran episode of Anthony Bourdain’s ‘Parts Unknown’? Friday 6:05 PM
- Trump admin celebrates Michelle Obama’s birthday by proposing rollback of her signature initiative Friday 4:01 PM
- TSA apologizes after agent grabs indigenous woman’s braids, says ‘giddyup’ Friday 3:28 PM
- Blue Bell ice cream licker pleads guilty Friday 2:54 PM
- 7 fortune-telling sites for when you’re bored Friday 2:21 PM
- Governor bans sex puns on free condom wrappers Friday 2:16 PM
- Is Justin Bieber’s ‘Yummy’ video secretly about Pizzagate? Friday 1:01 PM
- Woah Vicky rips out her hair in botched cultural appropriation attempt Friday 12:30 PM
- Here’s an exclusive look at ‘Weathering With You’ Friday 11:57 AM
- TikTok dudes are dipping their balls in soy sauce for ‘science’ Friday 11:49 AM
- Pete Buttigieg’s denial of fixing bread prices becomes its own meme Friday 11:10 AM
- Houston Astros get torched with buzzer memes after new revelation Friday 10:41 AM
- Teens are eating cereal out of each other’s mouths for clout Friday 10:34 AM
- Did Martha McSally plan her ‘liberal hack’ viral moment? Friday 10:32 AM
Messaging app Signal has been praised for its high levels of privacy and security. Unfortunately, a flaw in the Signal Mac desktop app seems to have been violating the app’s trademark levels of secrecy.
Signal is a service that lets you chat with friends in real time and promises to never store your data. The app uses end-to-end encryption to ensure your messages are protected from prying eyes. It also doesn’t store metadata about group chats, such as who’s chatting in the group or the group title.
Signal also allows you to set messages to self-destruct, destroying any evidence they were ever sent—unless you’ve got notifications enabled in the Signal Mac desktop app. With the app’s default settings in place, a security researcher noticed that these messages don’t actually disappear—they’ll persist on your computer’s notification bar indefinitely, including information such as who sent the message and its contents.
#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are "disappearing" messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY— Alec Muffett (@AlecMuffett) May 8, 2018
Motherboard confirmed that messages sent and self-destructed within the app itself continue to live on in the macOS notifications bar. The problem here, for those concerned about true messaging privacy, is that this means this Signal message data is stored on your Mac’s hard drive. This information can then be recovered at a later time, even if the messages were deleted within the Signal app.
According to Objective-See’s chief research officer Patrick Wardle, this data is stored in a database accessible under normal user permissions. This leaves it vulnerable to access by hackers, malware, or forensic experts employed by government agencies. The Signal iOS app doesn’t seem to suffer from this issue, according to Wardle.
Thankfully, there is a fix for the problem: In the Signal Mac app’s settings menu, head to Notifications and then edit the settings underneath to either “Only sender name” or “Neither name nor message.” Alternatively, you can disable the desktop app’s notifications altogether—but that minimizes some of the app’s utility. This won’t remove messages that are already stored on your Mac’s hard drive but will prevent future messages from being preserved.
Whisper Systems, the company behind the Signal app, hasn’t commented on the discovery.
- How to get faster Wi-Fi
- Everything you wanted to know about how the internet works
- The best privacy screens to protect your monitor and laptop
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.