[messaging] encryption of Signal notification messages
watsonbladd at gmail.com
Mon Feb 22 16:21:23 PST 2016
On Feb 22, 2016 2:00 PM, "Chris Johnson" <captain.slim at gmail.com> wrote:
> I'm sure this was all hashed out when the change to Signal notifications
was made, but I'm not a big fan of showing the name or the message in
notifications. It's fine that I can control what's displayed in *my*
notifications, but as the sender I also have an interest in what's
displayed in the recipient's notifications, and I have no control over
that. I'd like to know that when I send someone a message, only he can read
it, but when messages might be pushed to the lock screen of a locked phone,
I don't know that. If my communication partner's phone falls into the hands
of an adversary, I may send a message that incriminates me or him that the
adversary receives instead of the intended recipient.
Tell your fellow conspirators to lock Signal and periodically verify.
> I suppose I could always start off by saying, "Hey, are you there?" and
wait for a response before I say anything else, but that makes things a lot
more synchronous than they need to be.
> On Mon, Feb 22, 2016 at 2:08 PM Jason Strange <jason at technowizardry.net>
>> There are options to limit the information displayed in notifications
(To "Name and message", "Name only", and "No name or message"), and if you
have a Signal passphrase set, whenever Signal is locked, the notifications
read as Locked Message. My Android is a little rusty, but you can review
the notification system here to learn more:
>> On 2/22/2016 11:02 AM, Tony Arcieri wrote:
>>> On Mon, Feb 22, 2016 at 10:21 AM, Ali Aydin Selcuk <
aliaydinselcuk at gmail.com> wrote:
>>>> Message contents are visible from the notification bar, which should
be transmitted over Google's or Apple's push notification servers.
>>>> We just can't see how this is compatible with the end-to-end
encryption feature of Signal.
>>>> Are we missing something, or is there something fundamentally wrong
>>> I do not work for or speak for OWS, but that said...
>>> When Signal first launched, the push notification handler just
displayed "New Message". This is annoying from a UX standpoint.
>>> I believe they later added support for decrypting messages within
Signal's push notification handler.
>>> I believe it's also an option you can toggle on and off (so as to e.g.
prevent someone who steals your phone from seeing these messages)
>>> Tony Arcieri
>>> Messaging mailing list
>>> Messaging at moderncrypto.org
>> Messaging mailing list
>> Messaging at moderncrypto.org
> Messaging mailing list
> Messaging at moderncrypto.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging