No, Signal has not been hacked.

Reply to No, Signal has not been hacked. on Fri, 10 Apr 2026 15:39:47 GMT

upofadown@mstdn.ca — Fri, 10 Apr 2026 15:39:47 GMT

Putting on my user hat...

OK. Signal has forward secrecy. So messages are gone after I receive them. Great!

Oh, you didn't turn on disappearing messages? Oh, right, then forensic tools like Cellebrite can get them. You have to turn on disappearing messages. The default is off.

Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default.

At what point does the usability get so bad that we can blame the messaging system?

This same app had a usability issue that turned into a security issue just last year:

End to End Encrypted Messaging in the News: An Editorial Usability Case Study

https://articles.59.ca/doku.php (my article)

Reply to No, Signal has not been hacked. on Fri, 10 Apr 2026 00:18:15 GMT

garretpolk@mastodon.gamedev.place — Fri, 10 Apr 2026 00:18:15 GMT

@HasSignalBeenHacked On Android I see the option under Settings -> Notifications -> Messages -> Show -> No name or message

Reply to No, Signal has not been hacked. on Thu, 09 Apr 2026 23:04:01 GMT

bardmoss@autistics.life — Thu, 09 Apr 2026 23:04:01 GMT

@HasSignalBeenHacked
I followed the steps, until it got to looking for "Notification Content". That selection does not exist on my copy of Signal.

Reply to No, Signal has not been hacked. on Thu, 09 Apr 2026 20:40:31 GMT

caitp@mstdn.social — Thu, 09 Apr 2026 20:40:31 GMT

@kete @jesterchen @HasSignalBeenHacked it's a part of the Signal app's settings, I'm not sure if that's what you're referring to, could be iOS-specific

Reply to No, Signal has not been hacked. on Thu, 09 Apr 2026 20:19:34 GMT

kete@mstdn.social — Thu, 09 Apr 2026 20:19:34 GMT

@caitp @jesterchen @HasSignalBeenHacked
I don't even have this option, Notification Content, in GrapheneOS.

Reply to No, Signal has not been hacked. on Thu, 09 Apr 2026 19:58:38 GMT

jesterchen@social.tchncs.de — Thu, 09 Apr 2026 19:58:38 GMT

@HasSignalBeenHacked And thanks for the list to the checklist above. I will share it.

Reply to No, Signal has not been hacked. on Thu, 09 Apr 2026 19:58:02 GMT

jesterchen@social.tchncs.de — Thu, 09 Apr 2026 19:58:02 GMT

@HasSignalBeenHacked thanks for your reply. As I said: usually I read articles first,...

The new link is behind a paywall, but what I can see leads to new questions: Do people really believe, data is lost as soon as I delete something? And this is not even asking about other places where data might be stored. If I delete files, usually they're not physically deleted, only the allocation get's destroyed... and yeah, what typical user does know something like that, I know... (and that is long before clear vs. purge vs. cryptographically destroy like in NIST SP 800-88r2 or such).

And as long as the device is unlocked, the encryption won't help.......

And I know how difficult it is to explain the "basics" of this. So thanks again for the clarification.

Reply to No, Signal has not been hacked. on Thu, 09 Apr 2026 19:52:23 GMT

caitp@mstdn.social — Thu, 09 Apr 2026 19:52:23 GMT

@jesterchen @HasSignalBeenHacked this is about the news that agencies were able to access the notification database for the device using digital forensic techniques, i.e. special tools that can access the iOS filesystem -- push notifications turn out to be held unencrypted in a database on the iOS filesystem, and are thus pretty easy for enforcement to get at.

But it doesn't mean that they are able to access the Signal application itself, if the device was off

Reply to No, Signal has not been hacked. on Thu, 09 Apr 2026 19:47:34 GMT

hassignalbeenhacked@infosec.exchange — Thu, 09 Apr 2026 19:47:34 GMT

@jesterchen Yeah, that’s a great point. However, here’s an article in the news today that folks are talking about. Someone deleted the signal app but the notifications were still retrievable.

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.

404 Media (www.404media.co)

Reply to No, Signal has not been hacked. on Thu, 09 Apr 2026 19:43:07 GMT

jesterchen@social.tchncs.de — Thu, 09 Apr 2026 19:43:07 GMT

@HasSignalBeenHacked uhm... if an attacker has access to the unlocked device...... why wouldn't he just open signal? (And no, I did actually not read the article, usually I do before asking stuff like that, but news like these have often bugged me in some CVE related disclosures as well.)