<div dir="ltr">> Actually, Signal can encrypt everything end-to-end between you and your partner.<div><br></div><div>While I haven't reviewed every line of the source myself, all of Signal's stated guarantees and technical documentation have said that no, they cannot do this. Messages are encrypted with keys generated locally, which are never shared with OWS' server's, Apple's, or Google's.</div><div><br></div><div>Given everything I understand about Signal, Android, and iOS -- whether the popup notification shows the text of the message or not has no bearing on how the Signal message is sent through GCM, Apple APNS, or any other third party like Amazon SNS.</div><div><br></div><div>-- Eric</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 22, 2016 at 5:44 PM, Tony Arcieri <span dir="ltr"><<a href="mailto:bascule@gmail.com" target="_blank">bascule@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="">On Mon, Feb 22, 2016 at 2:38 PM, Nick Badger <span dir="ltr"><<a href="mailto:nbadger1@gmail.com" target="_blank">nbadger1@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><span><div>Can anyone confirm that this is, in fact, the app's behavior, and that it's not using the push server to call a local display or something? I'm not hugely familiar with mobile deployment, and I've never used the push servers. I know you could register a service on the phone, but I don't know if the notification could tie into it. Regardless, it strikes me as odd that a team as capable as Open Whisper would put such a large not-end-to-end hole in an app whose explicit purpose (for many) is end-to-end security.</div></span></div></blockquote><div><br></div></span><div>I'm like 99% sure this is the case (as an early Signal user) </div><div><br></div><div>When I first started using Signal, the push notifications always said "New Message"</div><div><br></div><div>The messages are sent encrypted over push notifications.</div><div><br></div><div>Repeat: (since I already posted this message and apparently people ignored me the first time) The messages are sent encrypted over push notifications.</div><div><br></div><div>As far as I know, if the local user of the phone has their settings configured to do so, the encrypted push notifications are decrypted *locally* on the phone *before* display.</div><div><br></div><div>Also in general as best as I have followed Signal development, the developers (primarily Frederic Jacobs) are extremely aware of these issues and doing a better job addressing them than any other iOS app available today.</div><div><br></div><div>Also Signal is open source, so if you're really curious, read the source code yourself:</div><div><br></div><div><a href="https://github.com/WhisperSystems/Signal-iOS" target="_blank">https://github.com/WhisperSystems/Signal-iOS</a><span class="HOEnZb"><font color="#888888"><br></font></span></div></div><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br><div>Tony Arcieri<br></div>
</font></span></div></div>
<br>_______________________________________________<br>
Messaging mailing list<br>
<a href="mailto:Messaging@moderncrypto.org">Messaging@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/messaging" rel="noreferrer" target="_blank">https://moderncrypto.org/mailman/listinfo/messaging</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><a href="https://konklone.com" target="_blank">konklone.com</a> | <a href="https://twitter.com/konklone" target="_blank">@konklone</a><br></div></div></div></div></div></div></div>
</div>