‘Disappearing’ Signal messages are stored indefinitely on Macs

“When it comes to protecting your messages and calls from snoops, many security experts point to the Signal app as one of the best options out there (and we at Motherboard generally agree),” Lorenzo Franceschi-Bicchierai reports for Motherboard. “But Signal isn’t perfect, and if you use the desktop client on a Mac, you might want to be careful about the app’s notifications—they may expose your private messages.”

“One of Signal’s best features is that messages can be set to ‘self-destruct,’ meaning there is no paper trail for conversations in the app. But with Signal’s default settings on a Mac, your friends’ messages appear — and live on — on the operating system’s notifications bar even if the message is set to self-destruct using Signal’s timer,” Franceschi-Bicchierai reports. “These notifications include the sender’s name and the message’s content.”

“Security researcher Alec Muffett noticed this issue on Tuesday, and warned his Twitter followers,” Franceschi-Bicchierai reports. “As it turns out, the data is stored on disk inside the operating system, according to Mac security researcher Patrick Wardle. Wardle found that the disappearing messages that have appeared as notification can be recovered later, even after they are gone within the Signal app.”

Read more in the full article here.

MacDailyNews Take:


  1. What the hell are people doing that they are so worried about their test messages?
    I’m all for privacy, and I applaud Apple for fighting back, but man, at what point are these cats just covering up something?
    The average person’s messages are inane, time-waste. OTOH, I watch enough true crime to wonder… :p

  2. So, is this a Signal problem or a Mac OS problem? If I dump my notifications from the interface, are they still buried on my drive?

    It’s time for a (friendly) confrontation between two computer security heroes, Moxie Marlinspike and Patrick Wardle. Have at it! ;-D

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.