647
FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database
(www.404media.co)
this post was submitted on 09 Apr 2026
647 points (99.2% liked)
Technology
83666 readers
3936 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
End-to-end encryption is the final boss of false-sense-of-security.
Like, it's great and all, but it's not universal perfect privacy the way a lot of people seem to hold it up as if it were. You have to understand what it's actually defending against, and who might be blocked by that, and more importantly, who won't be. Because the list of potential adversaries it is actually useful against are becoming narrower and increasingly out-of-date.
Encryption alone prevents the messages being read in transit between you and Signal, and obviously that's fundamental basic security at this point. Signal being end-to-end encrypted prevents your messages being spied on by Signal, but ironically they're probably one of the most trustworthy actors in this whole chain, so the fact that it's protected from them, while commendable, is not particularly valuable security. They were probably not the ones going to spy on you in the first place. They have prevented themselves from being capable of doing so, and that's good, but if that's all you're worried about and you now think your privacy problems are solved, you're completely missing the point because instead of Signal themselves, you need to be worried about the guy currently standing over your shoulder with his camera filming.
Treat your phone and your Windows computer like they are permanently compromised with a rootkit taking continuous screenshots of everything you do and feeding that to their big tech overlords, because they might as well be.
For that matter, even Linux PCs still have their black box "intel management engine" or similar processor running constantly and potentially watching everything you do, although I don't believe they actually do that in any reasonable case, we need to understand they have both the capability and the motivation to be, at least in some cases, compromised by adversaries which may include (but are not limited to) tech companies and governments. You can't even trust your "dumb monitor" unless you've audited every chip inside it, you'll never know if it could be scanning everything on your screen and feeding it back through HDMI/DP back-channels or even through powerline networking. You also don't know if the same kind of things could be happening on the other side that you're sending/receiving from. Sure the network trip is protected, but that's hardly the only place you're vulnerable to interception.
That probably all sounds paranoid and extreme and improbable, and it is, but the point is end-to-end encryption does nothing to help you against any of that, so don't make the mistake of assuming you're 100% safe because it's end-to-end encrypted. The "end" is not what you think it is and it's not paranoid to at least understand that and accept the risk with the understanding.
I realize I am probably preaching to the choir here, and most of you probably understand this as well as I do. But I'm also pretty sure a lot of people truly believe it's more secure against eavesdropping than it actually is and that needs to change. The surveillance state is adapting and expanding rapidly and I fear they've started getting ahead of many of us. Beware, and plan carefully in the months and years ahead.
I understand the intent, but this is not phrased well.
It's extremely valuable security, because most companies, even if they don't want to spy on you might be compelled to by court order. And those companies often think their security is sufficient because they have good intentions, and they expect the government to have good intentions when they're going as far as getting a court order. (I also suspect more court orders are justified than not, but a few bad subpoenas spoil the bunch.) The fact that they physically are unable is quite important.
All your points about how things around that can fail are valid.
That's a fair criticism and an important clarification, I agree.
End-to-end encryption is the one of the most basic requirements for a communication system to be secure. Endpoint authentication is another. Message authentication is the third. After those 3 are fulfilled, further requirements can vary from system to system.
It's like electrical or building code. Just because it's compliant doesn't mean it's safe, but if it's not compliant it's almost certainly not safe. Necessary, not sufficient!
Exactly!
Is your keyboard app secure (yes seriously)? Does you device store notification details? Can your notifications be viewed without unlocking the device?
Those are all little concerns that need to be considered.
Ahem may introduce you to OpenBSD
Izzat anything like FreeBSD?
https://www.forbes.com/sites/amirhusain/2026/04/01/ai-just-hacked-one-of-the-worlds-most-secure-operating-systems/