[messaging] encryption of Signal notification messages

Watson Ladd watsonbladd at gmail.com
Mon Feb 22 16:21:23 PST 2016


On Feb 22, 2016 2:00 PM, "Chris Johnson" <captain.slim at gmail.com> wrote:
>
> I'm sure this was all hashed out when the change to Signal notifications
was made, but I'm not a big fan of showing the name or the message in
notifications. It's fine that I can control what's displayed in *my*
notifications, but as the sender I also have an interest in what's
displayed in the recipient's notifications, and I have no control over
that. I'd like to know that when I send someone a message, only he can read
it, but when messages might be pushed to the lock screen of a locked phone,
I don't know that. If my communication partner's phone falls into the hands
of an adversary, I may send a message that incriminates me or him that the
adversary receives instead of the intended recipient.

Tell your fellow conspirators to lock Signal and periodically verify.

>
> I suppose I could always start off by saying, "Hey, are you there?" and
wait for a response before I say anything else, but that makes things a lot
more synchronous than they need to be.
>
>
> On Mon, Feb 22, 2016 at 2:08 PM Jason Strange <jason at technowizardry.net>
wrote:
>>
>> There are options to limit the information displayed in notifications
(To "Name and message", "Name only", and "No name or message"), and if you
have a Signal passphrase set, whenever Signal is locked, the notifications
read as Locked Message. My Android is a little rusty, but you can review
the notification system here to learn more:
>>
>>
https://github.com/WhisperSystems/Signal-Android/tree/master/src/org/thoughtcrime/securesms/notifications
>>
>>
>> On 2/22/2016 11:02 AM, Tony Arcieri wrote:
>>>
>>> On Mon, Feb 22, 2016 at 10:21 AM, Ali Aydin Selcuk <
aliaydinselcuk at gmail.com> wrote:
>>>>
>>>> Message contents are visible from the notification bar, which should
be transmitted over Google's or Apple's push notification servers.
>>>>
>>>> We just can't see how this is compatible with the end-to-end
encryption feature of Signal.
>>>>
>>>> Are we missing something, or is there something fundamentally wrong
here?
>>>
>>>
>>> I do not work for or speak for OWS, but that said...
>>>
>>> When Signal first launched, the push notification handler just
displayed "New Message". This is annoying from a UX standpoint.
>>>
>>> I believe they later added support for decrypting messages within
Signal's push notification handler.
>>>
>>> I believe it's also an option you can toggle on and off (so as to e.g.
prevent someone who steals your phone from seeing these messages)
>>>
>>> --
>>> Tony Arcieri
>>>
>>>
>>> _______________________________________________
>>> Messaging mailing list
>>> Messaging at moderncrypto.org
>>> https://moderncrypto.org/mailman/listinfo/messaging
>>
>>
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160222/a3c365d0/attachment.html>


More information about the Messaging mailing list