“When it comes to protecting your messages and calls from snoops, many security experts point to the Signal app as one of the best options out there (and we at Motherboard generally agree),” Lorenzo Franceschi-Bicchierai reports for Motherboard. “But Signal isn’t perfect, and if you use the desktop client on a Mac, you might want to be careful about the app’s notifications—they may expose your private messages.”
“One of Signal’s best features is that messages can be set to ‘self-destruct,’ meaning there is no paper trail for conversations in the app. But with Signal’s default settings on a Mac, your friends’ messages appear — and live on — on the operating system’s notifications bar even if the message is set to self-destruct using Signal’s timer,” Franceschi-Bicchierai reports. “These notifications include the sender’s name and the message’s content.”
“Security researcher Alec Muffett noticed this issue on Tuesday, and warned his Twitter followers,” Franceschi-Bicchierai reports. “As it turns out, the data is stored on disk inside the operating system, according to Mac security researcher Patrick Wardle. Wardle found that the disappearing messages that have appeared as notification can be recovered later, even after they are gone within the Signal app.”
#HEADSUP: #Security Issue in #Signal. If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist — even if they are "disappearing" messages which have been deleted/expunged from the app. pic.twitter.com/CVVi7rfLoY
— Alec Muffett (@AlecMuffett) May 8, 2018
Read more in the full article here.