[messaging] encryption of Signal notification messages
captain.slim at gmail.com
Mon Feb 22 14:00:21 PST 2016
I'm sure this was all hashed out when the change to Signal notifications
was made, but I'm not a big fan of showing the name or the message in
notifications. It's fine that I can control what's displayed in *my*
notifications, but as the sender I also have an interest in what's
displayed in the recipient's notifications, and I have no control over
that. I'd like to know that when I send someone a message, only he can read
it, but when messages might be pushed to the lock screen of a locked phone,
I don't know that. If my communication partner's phone falls into the hands
of an adversary, I may send a message that incriminates me or him that the
adversary receives instead of the intended recipient.
I suppose I could always start off by saying, "Hey, are you there?" and
wait for a response before I say anything else, but that makes things a lot
more synchronous than they need to be.
On Mon, Feb 22, 2016 at 2:08 PM Jason Strange <jason at technowizardry.net>
> There are options to limit the information displayed in notifications (To
> "Name and message", "Name only", and "No name or message"), and if you have
> a Signal passphrase set, whenever Signal is locked, the notifications read
> as Locked Message. My Android is a little rusty, but you can review the
> notification system here to learn more:
> On 2/22/2016 11:02 AM, Tony Arcieri wrote:
> On Mon, Feb 22, 2016 at 10:21 AM, Ali Aydin Selcuk <
> aliaydinselcuk at gmail.com> wrote:
>> Message contents are visible from the notification bar, which should be
>> transmitted over Google's or Apple's push notification servers.
>> We just can't see how this is compatible with the end-to-end encryption
>> feature of Signal.
>> Are we missing something, or is there something fundamentally wrong here?
> I do not work for or speak for OWS, but that said...
> When Signal first launched, the push notification handler just displayed
> "New Message". This is annoying from a UX standpoint.
> I believe they later added support for decrypting messages within Signal's
> push notification handler.
> I believe it's also an option you can toggle on and off (so as to e.g.
> prevent someone who steals your phone from seeing these messages)
> Tony Arcieri
> Messaging mailing listMessaging at moderncrypto.orghttps://moderncrypto.org/mailman/listinfo/messaging
> Messaging mailing list
> Messaging at moderncrypto.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging