[messaging] encryption of Signal notification messages

Chris Johnson captain.slim at gmail.com
Mon Feb 22 14:00:21 PST 2016


I'm sure this was all hashed out when the change to Signal notifications
was made, but I'm not a big fan of showing the name or the message in
notifications. It's fine that I can control what's displayed in *my*
notifications, but as the sender I also have an interest in what's
displayed in the recipient's notifications, and I have no control over
that. I'd like to know that when I send someone a message, only he can read
it, but when messages might be pushed to the lock screen of a locked phone,
I don't know that. If my communication partner's phone falls into the hands
of an adversary, I may send a message that incriminates me or him that the
adversary receives instead of the intended recipient.

I suppose I could always start off by saying, "Hey, are you there?" and
wait for a response before I say anything else, but that makes things a lot
more synchronous than they need to be.

On Mon, Feb 22, 2016 at 2:08 PM Jason Strange <jason at technowizardry.net>
wrote:

> There are options to limit the information displayed in notifications (To
> "Name and message", "Name only", and "No name or message"), and if you have
> a Signal passphrase set, whenever Signal is locked, the notifications read
> as Locked Message. My Android is a little rusty, but you can review the
> notification system here to learn more:
>
>
> https://github.com/WhisperSystems/Signal-Android/tree/master/src/org/thoughtcrime/securesms/notifications
>
>
> On 2/22/2016 11:02 AM, Tony Arcieri wrote:
>
> On Mon, Feb 22, 2016 at 10:21 AM, Ali Aydin Selcuk <
> aliaydinselcuk at gmail.com> wrote:
>
>> Message contents are visible from the notification bar, which should be
>> transmitted over Google's or Apple's push notification servers.
>>
>> We just can't see how this is compatible with the end-to-end encryption
>> feature of Signal.
>>
>> Are we missing something, or is there something fundamentally wrong here?
>>
>
> I do not work for or speak for OWS, but that said...
>
> When Signal first launched, the push notification handler just displayed
> "New Message". This is annoying from a UX standpoint.
>
> I believe they later added support for decrypting messages within Signal's
> push notification handler.
>
> I believe it's also an option you can toggle on and off (so as to e.g.
> prevent someone who steals your phone from seeing these messages)
>
> --
> Tony Arcieri
>
>
> _______________________________________________
> Messaging mailing listMessaging at moderncrypto.orghttps://moderncrypto.org/mailman/listinfo/messaging
>
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160222/0f90a8a5/attachment.html>


More information about the Messaging mailing list