alt Hacker NewsSo this is where we find out the one end of e2e is the phone and not the app.
Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.
So this is where we find out the one end of e2e is the phone and not the app.
Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.
Signal creates the notification, does it not? That's like claiming `echo "my_private_data" | notify-send` is insecure.
If piping encrypted content resulted in a plaintext notification then you'd have a right to be concerned.