FBI Extracts Deleted Signal Messages from iPhone Notification Database

404 Media reports (alternate site):

The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database….

The news shows how forensic extraction—­when someone has physical access to a device and is able to run specialized software on it—­can yield sensitive data derived from secure messaging apps in unexpected places. Signal already has a setting that blocks message content from displaying in push notifications; the case highlights why such a feature might be important for some users to turn on.

“We learned that specifically on iPhones, if one’s settings in the Signal app allow for message notifications and previews to show up on the lock screen, [then] the iPhone will internally store those notifications/message previews in the internal memory of the device,” a supporter of the defendants who was taking notes during the trial told 404 Media.

EDITED TO ADD (4/24): Apple has patched this vulnerability.

Tags: , , , ,

Posted on April 23, 2026 at 7:05 AM31 Comments

Comments

Gheese April 23, 2026 10:30 AM

The same essentially applies to Android, even GrapheneOS, IF the notification history is enabled (Settings > Notifications > Notification history).

I do not want to endorse or shame Android/iOS/GrapheneOS, I took this as a wake-up call, to check the settings on my devices.

Clive Robinson April 23, 2026 1:18 PM

@ Anonymous, ALL,

404 Media lets you see the article title.

Cut and paste this into DuckDuck or similar and you will usually get a link to MSM.

However the link appears locked to you (which is why I’ve not posted the one I got given).

But you will get other links like,

https://www.msn.com/en-us/news/technology/how-the-fbi-extracted-deleted-signal-messages-from-a-defendants-iphone/ar-AA20zeaP

That may work for others.

In this case it’s not the original 404 Media article but one that explains it.

Put simply what the FBI did was not by a failing of Signal but using it in the Apple OS.

Put simply “screen alerts” get put in a “Client Side Database” that is part of the OS and it can be scanned, as well as holding data in a persistent way.

I’ve warned in the past that “secure message apps” are not secure unless the system they are used in is secure. In this case the Apple OS is very far from secure hence once the app had produced “Client side plaintext” it was “snagged, tagged and bagged” by the OS and any place it copied the plaintext Database to.

I’ve mentioned several times in the past that neither Signal or WhatsApp are in any way “secure” when built into an “insecure system”

It’s why I advise doing message encryption/decryption off of the device that does “communications” by using an “Energy Gap”.

Judging by the comments I’ve had these past few days, it’s probably the right time for our host @Bruce to write a piece about the fact E2EE and Secure Messaging Apps really don’t give you any real “Privacy” and in all honesty they actually paint a big fat target on your back, even after you think you’ve removed them from your device…

In the past I’ve posted comments on this blog explaining the individual parts and why they can go wrong and ways to avoid them.

However in almost all cases the “Secure Privacy” is not “Convenient” so the average user goes about things the wrong way… Thus ends up on the sharp end of a very expensive court appearance that could lead to life imprisonment and the taking away of all assets they have. And in the US, UK, Australia and many other countries the legislation is quite deliberately stacked against you so you in effect “have no lawful defence”…

lurker April 23, 2026 1:50 PM

@Gheese, ALL

I’ve just been through the torture of a new phone, where everything is turned ON by default. It’s a tedious chore to turn off Notifications app by app, and some users won’t know or be bothered to do it. Android depends on the device maker’s ROM whether Notification History is global or by individual app,

Chris R April 23, 2026 2:23 PM

@Clive, secure messaging services exist to serve a more general audience that in practice will not jump through what you’re describing as an “Energy Gap” process to communicate with any degree of security; all that’ll be achieved by that is making any degree of secure messaging unattainable.

Signal, and other secure messaging services, exist on a continuum of security; they address many of the threats to user privacy that might exist, but are not and cannot be perfect. Your argument seems to suggest that unless perfection can be achieved, it only makes sense to simply not try and I just flat out reject that claim.

Clive Robinson April 23, 2026 5:36 PM

@ ALL,

Apparently Signal asked Apple to fix the issue…

And there is an update or two coming down the pipeline,

https://techcrunch.com/2026/04/22/apple-fixes-bug-that-cops-used-to-extract-deleted-chat-messages-from-iphones/

@ Chris R,

With regards your comment of,

“secure messaging services exist to serve a more general audience that in practice will not jump through what you’re describing as an “Energy Gap” process to communicate with any degree of security; all that’ll be achieved by that is making any degree of secure messaging unattainable.”

Very secure messaging has followed the “energy gap” principle between the “Communications End Point” and the “Security End Point” for longer than even very primitive computers have existed.

Prior to the use of computers maintaining an “energy gap” was trivial thus a high degree of security was easily possible. Later named by Claude Shannon (1949) as “Perfect Secrecy” it was not just possible, but easily achieved.

Thus became the “gold standard” by which all other systems were measured. Importantly it was also easily obtained and during WWII used for the protection of SOE and other “behind the lines” operators,

“Shannon didn’t just invent a new code; he established the mathematical laws that govern all codes. He gave us a way to measure security, defined what “unbreakable” truly means, and laid the foundation for the secure communication we rely on for everything from online banking to private messaging.

The Holy Grail: Defining Perfect Secrecy

The cornerstone of Shannon’s work is a concept called perfect secrecy. It’s the ultimate standard for security a system so strong that the encrypted message gives an attacker zero new information about the original message. Even with infinite computing power, the attacker is no closer to guessing the message than they were before.”

https://www.linkedin.com/pulse/what-perfect-secrecy-guide-claude-shannons-theory-encryption-qhvkc

As it is trivial to obtain such levels of security, one has to wonder why you think,

“Signal, and other secure messaging services, exist on a continuum of security; they address many of the threats to user privacy that might exist, but are not and cannot be perfect. Your argument seems to suggest that unless perfection can be achieved, it only makes sense to simply not try and I just flat out reject that claim.”

As I have said, repeatedly “perfect security” can be trivially obtained with just a “pencil, paper and match”. So your “Strawman Argument” of,

“unless perfection can be achieved”

Is an invented nonsense by you.

So people should ask why do you think that “a continuum of security” should be accepted?

“Just because computers are used”

It is that type of thinking that makes “insecure standard” by practice. Which has been the aim of “Authoritarian Guard Labour” working in right wing if not fascist environments since the 1970’s.

Which begs the second question,

“Why do you want to be an apologist for such people as the current US Executive administration and appointed leaders of the US DOJ, FBI, ICE and worse”?

When informing people how to avoid such is “trivially possible”?

Let’s be generous and say,

“Maybe you are not as informed as you think you are…”

Chris R April 23, 2026 6:33 PM

Whoa, cowboy.

Your creative use of quotation marks seems to cite me as saying several things I clearly didn’t write. I’d appreciate you not doing that if we cross conversational paths again.

I think it’s pretty clearly not going to profit me to try respond to what I’ll charitably call a polemic. I’ll leave you to it, except to note that a secure messaging system that requires wartime dedication to its usage is not one that real people in the real world will adopt, and is indistinguishable from not having one at all. So, I’ll stick to promoting messaging systems that have a realistic chance to improve the privacy of a much larger proportion of the population.

lurker April 23, 2026 7:50 PM

@Clive Robinson, [Chris R]

“As I have said, repeatedly “perfect security” can be trivially obtained with just a “pencil, paper and match”.”

Values of trivial are subjective to each user. For one message a day OTP could be worth the hassle. The opsec required to condense a conversation of six messages an hour down to one a day has a vanishingly small triviality.

Yes, we know the tradeoffs between security and convenience. But if Joe Sixpack knows too, does he care enough to do anything about it? Signal may be close enough for him.

When Steve Jobs introduced the iPhone he said “… the internet in your pocket.” What people are now finding out is that it also means “… your pocket on the internet.”

ismar April 24, 2026 1:02 AM

Here’s a good start for anyone wanting to build Clive’s secure system with separation of comms and encryption end points- Clive can comment on any shortcomings

📘 Manual: Hardened Simplex Encryption Link (v2.0)

Platform: Arduino Uno R4 Minima

This system creates a physical “Data Diode.” Data flows from the Red Node (Secure/Trusted) to the Black Node (Unsecure/Public) via a one-way optoisolated link. Backward communication is physically impossible.

🛠️ Phase 1: Hardware Bill of Materials

1. The “Red” Node (Sender)

  • Microcontroller: 1x Arduino Uno R4 Minima.
  • Input: 1x 4×4 Membrane Matrix Keypad.
  • Display: 1x 16×2 LCD with I2C Backpack.
  • Security: 1x 6N137 High-Speed Optoisolator.
  • Resistors: 1x 470$\Omega$ (Current limiter for Opto-LED).

2. The “Black” Node (Receiver)

  • Microcontroller: 1x Arduino Uno R4 Minima.
  • Resistors: 1x 10k$\Omega$ (Pull-up for signal stability).

3. General

  • 2x Breadboards and Jumper Wires.
  • 2x 100nF Ceramic Capacitors (Power decoupling).

📐 Phase 2: Wiring Diagrams

Node A: Red Sender

  1. Keypad: Connect 8-pin ribbon to Digital Pins 2 through 9.
  2. LCD: GND \rightarrow GND; VCC \rightarrow 5V; SDA \rightarrow Pin A4; SCL \rightarrow Pin A5.
  3. Optoisolator (The Gate):
    • Arduino TX (Pin 1) \rightarrow 470$\Omega$ Resistor \rightarrow Pin 2 of 6N137.
    • Arduino GND \rightarrow Pin 3 of 6N137.
  4. Decoupling: Place a 100nF capacitor between the 5V and GND pins on the breadboard.

Node B: Black Receiver

  1. Isolation Input:
    • Pin 8 of 6N137 \rightarrow Arduino B 5V.
    • Pin 5 of 6N137 \rightarrow Arduino B GND.
    • Pin 6 of 6N137 \rightarrow Arduino B RX (Pin 0).
  2. The Pull-up: Place the 10k$\Omega$ resistor between Arduino B 5V and RX (Pin 0). This ensures the line stays “High” when no data is being sent.

💻 Phase 3: Software Implementation

1. Libraries

Install via the IDE Library Manager:
* ArduinoCrypto (Rhys Weatherley)
* Keypad (Mark Stanley)
* LiquidCrystal I2C

2. Utilizing the Uno R4 TRNG

Unlike the old R3, the R4 can generate a unique Initialization Vector (IV) for every message. This prevents “Replay Attacks” where an attacker recognizes identical encrypted blocks.
Red Node Snippet:

#include // Unique to Uno R4
// ...
byte iv[12];
TRNG.read(iv, 12); // Fills IV with true random physical noise
// Use this IV in your AES-GCM encryption

3. The Transmission Protocol

Since there is no “Handshake,” the Red Node must broadcast its IV along with the ciphertext so the Black Node knows how to decrypt it.
The Data Packet: [0x02] + [12-byte IV] + [Ciphertext] + [16-byte Tag] + [0x03]

🔐 Phase 4: Final Hardening

1. Side-Channel Mitigation

The Uno R4 is faster, which means encryption happens in a shorter burst. To prevent an attacker from timing these bursts:
* Constant Time: Ensure you use the authenticated encryption modes in the Crypto library.
* Dummy Data: Program the Red Node to send random encrypted “noise” packets when no user input is detected. This masks the actual time you are typing.

2. Protection of Secret Keys

  • Flash Security: The Uno R4 Minima uses a Renesas RA4M1 chip. To lock the memory, you must use the Renesas Device Partition Manager (available via the Arduino IDE for R4). Set the “Access Control” to “Read Protected” to prevent key extraction.
  • Out-of-Band Update: The 128-bit Master Key must be manually updated on both boards via a secure, non-networked laptop every 30 days.

🏁 Operational Check

  1. Power both boards.
  2. Type “SECRET” on Keypad A.
  3. The Red LCD will show a hex string (Ciphertext).
  4. Laptop B (connected to Black Node) will display “SECRET” in the Serial Monitor.
  5. Unidirectional Test: Try typing in the Serial Monitor on Laptop B. Nothing will happen on Board A, confirming the Simplex Air Gap is functional.
    Your high-assurance hardware encryption link is now complete.

Weather April 24, 2026 1:03 AM

@lurker
In Nz most buyers of weed, evening if its a tinny will talk in code to there dealer, ‘im finishing at 3pm’ I’ll like 3 ounces ,they finish work at 5pm.

Generally there isn’t to many hawk’s, so the doves get fat, but its a hard fork this last year, maybe you or your friends, family might need it ,for something that is unfamiliar at the moment.

Think of number one. You

lurker April 24, 2026 2:05 AM

@Ismar

Nice recipe.
I could do that.
@Clive could do that.
We’ve both “worn the green.”
My ex-partner would have to get somebody else to cook it up.
Security risk:
Has somebody else made it clean? Even if yes, who will they tell that ex- is using it, thus speeding up the targetting process?

Walky April 24, 2026 3:48 AM

@Chris R

Don’t let Clive’s caustic language put you down.

When he reacts that way (basically always) it just means that he
knows that the OP was right and that he has no rational arguments
to prove otherwise. Most of his posts here exist only to brag about
how exceptionally great he is.

Long time readers of this blog know this, and just avoid triggering
these narcissistic kneejerks.

Clive Robinson April 25, 2026 8:23 AM

@ lurker, ALL,

With regards,

“Values of trivial are subjective to each user.”

Which is true as a “human capability” issue.

But I was talking as to the “technical method” being trivial, and can be done with pencil and paper and a match to add the final security (of burning the working paper) beyond recovery.

With the classic example of Shannon’s “perfect secrecy” as a cipher is the “One Time Pad”. Which when you strip it back is just a form or grid of paper with printed squares in which you write letters or numbers.

You have three rows per encryption or decryption going across the page (and as many groups of four lines go down the page).

Usually a paper OTP page/form is limited to ~250 characters for various reasons of practicality.

The top row of the three is “the keytext” written one letter per column. Beneath this the middle row is either the incoming ciphertext or the outgoing plaintext, depending on if you are decrypting a received message or encrypting a message to be sent. Again written as one letter per column under the corresponding key letter (you have to make allowance for “loss in the Shannon channel” but I’m not going to say anything more than your pencil should be “soft” like a 4B and have a rubber ontop, or you should have one handy).

Because the “mixing operation” is usually implicitly reversible ie Mod 2 or XOR operator it does not matter if you are decrypting an incoming cipher text, or encrypting an outgoing plaintext (not all mixing operations are implicitly reversible, in which case it makes the technical method slightly more complicated, but not by a lot[1]).

Thus the top two rows become column by column the input to the “mixing operation” and the output gets written in the third row column by column.

If all goes well on an encryption the third row is the correct ciphertext you then communicate to the second party (after crossing the energy gap [2)].

Likewise if all goes well on decryption the third row is the correct plaintext from the other party in the communications.

The important point to note is not the false statement of the “OTP is unbreakable” that is not true especially when errors or mistakes get into KeyMat generation (look up Project VENONA where the Russians mucked things up). The reality is that,

“All Messages of the ciphertext length and shorter are equiprobable.”

That said there are various tricks such as “stradling” that can be included which can flatten plaintext statistics and / or change the length of the plaintext. But also change the statistics of the ciphertext. All of which help hide any Key-Mat mistakes to a degree.

On of the failings of most other pencil and paper “hand ciphers” is that often the plaintext statistics leak through into the ciphertext. And it is this leakage much of cryptanalysis in pre 20th Century cryptanalysis has relied upon.

The thing about the “Perfect Secrecy” ciphers like the OTP is that if the Key-Mat is generated correctly then no plaintext statistics consistently leak through. However there is a downside to this, in that a cryptanalyst can spot this quite quickly, thus in effect just log it and move on to something more productive of their time. The problem is that it also “flags” the communicating parties and paints a target on their backs. The solution is simple and that is to use straddling on the ciphertext to add in fake non plaintext related statistics thus reduce the chance of getting “flagged” but also causing the cryptanalysis efforts / resources to be wasted by the third party opponent.

Which leads on to the realisation there is also a way to use straddling or similar to make a message “deniable” against second party betrayal to an opponent. Which in some cases makes crossing the “burden of proof” for a prosecutor to much effort, or in quite a few cases not possible (think protecting “Methods and Sources”).

[1] Without going into technical depth, all finite field mixing operations are “mapping functions” and can be written as a “lookup table” so you only need one table when the mixing operation is implicitly reversible, and two tables when it is not. All the operator has to do in the latter case is ensure they use the correct table.

[2] Explaining “energy gaps” can be easy or hard depending on who is listening and how much basic high school physics they still remember / understand.

Information is independent of energy/matter and thus physical forces etc (the question about “potential” is still open as far as I’m aware and was not taught at school or college/uni when I was there ;-). However to store, communicate, or process information you have to impress it onto or modulate energy / matter. The important point to note is that as energy/matter are in effect two sides of the same coin, stop the transfer of either and it stops the other, and the information can not be stored, communicated, or processed. When it comes to storage, it’s easiest to “gap matter”… for communication and processing it’s easiest to “gap energy” especially when “side channels” are considered. As storage implicitly involves communication and processing, gapping energy comes up when talking about stoping/reducing side/covert channels.

In the case of the One Time Pad you were effectively “gapping matter” because the communications device had no way to read the impressed information off of the piece of paper. IMPORTANTLY this is nolonger true for “smart devices” that come with cameras and inbuilt WiFi that can be used as a form of radar to read the movement of an operator hand holding a pencil or typing at a keyboard etc, hence “energy gapping” is almost always the way you have to go when electronic devices are involved and especially so with “Smart Devices” of virtually any kind.

Clive Robinson April 25, 2026 1:02 PM

@ ismar, lurker, ALL,

I’ve held off answering for a couple of reasons.

The first is easy to spot in this thread…

The second is that a few days back maqp posted that he had updated “tin-foil chat”. And I was hoping he’d drop a comment in this thread.

He developed TFC quite a few years back after chating with a few of the old “Usual Suspects” who used to freely post technical information and comment on each others ideas[1] (untill “the first problem” I’ve mentioned started getting worse and worse).

TFC is “spot on” for doing the task required with minimal changes and has all the software etc already developed and tested,

https://github.com/maqp/tfc

Go have a look and see what you think of it 😉

[1] One I remember is @figureitout being totally shocked when I pointed out that some “opto couplers” could be used in reverse. The reason being that “LEDs” can if you bias them correctly be used as “photodiodes”…

Thus any “front panel LED” you could illuminate with a laser etc, could be used in reverse to provide a “covert channel”. All you realy needed to do was modify “Motor Speed Control Software” that worked on the “back-EMF principle” where a DC motor also acted as a Generator that had an output proportional to it’s speed of rotation.

lurker April 26, 2026 5:12 PM

@Clive Robinson. Ismar, ALL

“TFC is “spot on” … ”

And we’re still back to WW2 opsec, hiding the extra 2 (tx/rx) machines in secret cavities for when the “telco” inspectors demand to see your equipment because they detected some of your traffic going via ToR. And crossing borders by conventional means obviously isn’t a use case for TFC.

But yes, it’s a good start.

Weather April 26, 2026 6:31 PM

@lurker All
I did post awhile back about a bank verification system, were you could hide data in plain sentences,
I=i+x x++
It could stop mithm and be any legit sentences.

Second point, your country voted for trump ,so suck it up for another 2 years.

Weather April 26, 2026 7:12 PM

@Clive Robinson, All
Sha256 is bias, the char from 0x00 to 0x7f have a signature 5 chars before the value, but when doing the full set to 0xff, it spreads out. For the keyboard character not good, for the whole range, alot more secure.

lurker April 26, 2026 8:09 PM

@Weather

Second point, not my country, mate! It’s still a puzzle to me how any country could vote for trump.

Winter April 27, 2026 12:54 AM

@lurker

It’s still a puzzle to me how any country could vote for trump.

If you watch some Fox News, USA’s most popular News channel, it gets more clear.

But then the question shifts to why Americans like this delusional channel so much?

It seems we are joined in our puzzlement by 2/3rds of Americans as shown by the current disapproval rates of the president.

Maybe it comes down to this very old aphorism: Every nation has the government it deserves.[1]

Now it is up to the people of the US to determine what they have done to deserve this president and amend their ways.

This is especially urgent as the current president is a new low in an impressive lineup of deteriorating office holders. This lineup leads to fears for even worse presidents.[2]

[1] Joseph de Maistre

[2] I sometimes think the movie Ideocracy was a prophecy.

Clive Robinson April 27, 2026 1:22 AM

@ lurker, ALL,

With regards,

“And we’re still back to WW2 opsec, hiding the extra 2 (tx/rx) machines in secret cavities”

There are three basic ways to hide something or somethings functionality.

1, In plain sight.
2, By duplicate functionality.
3, By hiding it away.

In the first case, Something like a “Data Diode” has a legitimate and unarguable use. Thus if you have a need for that use there is no reason to hide anything away. Simply make the need obvious in the design/usage. The fact it can do extra things is always true of all technology from a deer antler upwards.

The second case is something I discussed back in the early days of TFC with @figureitout. When I pointed out that an “optocoupler” was in reality an “optical network” component. The logic is fairly simple, an optocoupler of the right sort provides thousands of volts of “galvanic isolation” and is essential in any area where more than one phase of AC primary power might be found. Due to “load balancing” it is often the case that each floor or parts of a floor in “business premises” are wired on different “phases” as standard. Thus to “network up” requires “galvanic isolation” as a default “safety requirement”. By default opto-couplers are unidirectional thus also give the default “security requirment”. Due to the need for the same unidirectional high quality isolation in audio recording systems there was already a low cost fiber optic based opto-coupler called “TOSlink” short for Toshiba Link from the early 1980’s and still very much in use. It carries the Philips and other high end non professional and semi-professional digital audio S/PDIF signals. A side effect of this is low cost S/PDIF “electrical signals” out of DAT audio and similar equipment getting converted to Optical Signals with low cost devices available “off the shelf”,

https://www.maplin.co.uk/collections/toslink-cables-adapters

So “would be expected” in the “gear bag” of musicians and their audio / studio engineers and “roadies”.

Thus designing or re-programing audio equipment that does “data to optical” or “optical to data” gives you the required “dual use functionality” without any question.

Which brings us to the third case of “hiding it away” in the past on this blog I’ve described how to build the equivalent of a “Secure Compartmentalized Information Facility”(SCIF) cell or RF G-Cell anechoic chamber / RF-Cage with “household objects” in an easy to build/knockdown in seconds format. Like a collapsible “laundry drying rack” to provide physical structure and ordinary wool blankets and mylar emergancy blankets and tin-foil and “dry-goods” food containers.

Whilst the parts are not “perfect” when it comes to TEMPEST / EmSec OpSec. The idea is almost always “energy antenuation to below the noise floor”(-174dBm/hz) “done in steps”. So even in professional SCIF rooms or tents you are always looking at “a layered approach” using a variety of techniques and technologies.

Whilst traditionally “passive” more modern systems can also be “active” and use techniques not to dissimilar to “Spread Spectrum” techniques used in “Low Probability of Intercept”(LPI) systems in use from the 1970’s onwards. Put simply you in effect “modulate” any signals leaked into the environment with “random noise”, this spreads not just the energy but the information across a much greater bandwidth so dropping the Eb/N0 “into the grass” but also as with the One Time Pad making any information effectively protected by being “Equiprobable”. Officially such systems are required to protect telecommunications systems from “crosstalk”, “co-channel” and similar issues by “spreading the energy across the band”. It’s often called “whitening” from the use of “white noise”. One flip side of EmSec is “link budget” and you will find lots of references to the latter not the former. One of many such is,

https://www.satcomindex.com/blog/cn-cno-ebno-satellite-explained

The point is that whilst “EmSec Techniques” are “technically classified” in some parts of the world, communications is now an essential part of modern life as is interference from “man made noise”(QRM) which is now very strictly regulated under “Electro Magnetic Compatibility”(EMC) legislation almost entirely “world wide” now. Most books on EMC are just as useful as any supposedly secret TEMPEST design rules etc. Such is the universality of “The laws of nature”.

lurker April 27, 2026 4:38 AM

@Clive Robinson

The academic analysis is all very nice, but haven’t you often said

“A ToR user has a target painted on his back,”

and the TFC described in the github post has ToR built-in.

There are many administrations where TFC might seem like a good idea to communicate with friends. But Sun Tzu is also often misquoted as saying “Know your enemy.”[1] So even if ToR is not actually illegal, its use may arouse suspicion. And when “guard labour” is sent looking for trouble, it often finds it.

Maybe I’m over-thinking it when I find use cases that appear to be outside the TFC design brief.

[1] https://suntzusaid.com/book/3/18/

Clive Robinson April 27, 2026 7:19 AM

@ lurker,

TFC is an example of making a data diode that works close enough as an energy gap for most people to segregate plaintext “processing” from the weakness of the “communications end point”.

With regards Tor, or Signal or any other secure communications or secure messaging app I don’t use any of them.

And as you note have consistently advised not to use them as the “traffic” stands out and paints a target on your back to “traffic analysis” and the old “he’s got something to hide” nonsense of authoritarians.

But then to be fair, I don’t do Email or social media either in my private life… Which makes me unusual thus stand out in the opposite direction… So why do I do this? Well there are two main reasons,

1, They are all more trouble than they are worth, and to many people make errors with them.
2, They give other people the “illusion of security” and that causes them to make other mistakes that are not protected by the technology.

Why “the illusion of security?” you might ask.

Well consider there are three parts to any communications,

1, Actions in the real world.
2, Those Actions put into information as a message.
3, Transport of the message from a first party to a second or more parties.

In reality you are trying to do two things,

A, Keep the real world actions confidential.
B, Keep the act of communications confidential.

We normally only talk of the “CIA Triad” with regards information and it’s storage communication and processing. That is “Confidentiality”, “Integrity”, and “Authentication”. Which realy only apply at best to the “message”.

Back long before that in WWII someone who got Turing’s ideas from the hight of ivory towers and fluffy clouds down to the cold hard reality of “digging in and mining gold” was Gordon Welchman. He not only self taught himself the logic and mathmatics behind the Enigma from just looking at “intercepts” he realised that there was a way better way to make the “bomba” work, and came up with the “Diagonal Board” that made the bomba actually do what it was supposed to do.

But that was a side show compared to the reason he was looking at all the intercepts in a cold classroom and marking them up with coloured pencils (which Bletchley ended up using tens of thousands of). His assigned job due in the main to internal politics was to find another way to extract intelligence from the ciphertext because the Turing bomba was failing so badly.

What Gordon did was found a whole new way of applying known information to communications patterns and derive new information in effect immediately without the need for knowing the messages inside the ciphertext of the communications. What he came up with we now call a couple of things. The first is “Traffic Analysis” arguably much more usefull than “cryptanalysis” and secondly the still not much talked about even today, how to build images of “enemy actions in the real world” sometimes called “the order of battle”.

The trick Gordon came up with that was “oh so secret” was how to turn an order of battle into a not just an analytical tool but one that highlights the support systems, logistics and importantly weak points in the enemy forces that indicate further weaknesses and builds a “systems view” probably better than the enemy commanders have of their own forces.

After WWII Gordon went on to the US where he developed both communications and battle systems we still use today one of which he “fathered” we now call the Internet. Which has all the communications failings that traffic analysis exploits effectively “built in”…

As such Gordon did a great deal and in return in the end he was treated very badly by GCHQ and the NSA.

The point to remember is that the Internet and Tor in turn both have many of the bad aspects that Traffic Analysis and Systems Analysis build with. So in practice can exploit to give near real time assessment of an opponent if they do not take care to avoid the issues. If you look back on this blog you will find me detailing the failings of Tor and how to deal with some of them. As is so often the case I was told I did not know what I was talking about etc…

Yet here we are and only some of those Failings have been sort of addressed and Tor is as dangerous as ever to use, if not more so as people develop statistical and similar attacks using those weaknesses.

There is a funny side, the first person on this thread to take a poke at me thinks all the bad points that make Traffic Analysis and Systems Analysis work are acceptable…

Thinking like that is why journalists get killed and why this thread is actually here…

Again look back on this blog and you will find me making comment about secure messaging apps being “part of a system chain” and that a “chain is only as strong as it’s weakest link”. Which was why having the “security endpoint” before the effective “communications endpoint” was so dangerous as it exposed the user interface and thus the plaintext without having to break the crypto or other security measures… Something I’ve since pointed out is why E2EE on consumer and commercial devices is not in any way secure, and that “Client Side Scanning” is now the real game in town not “golden keys” or other encryption “backdoors”…

Something that this current thread is really actually all about, because all crypto on these consumer comms devices is already “broken by design” as I’ve said. And indicated Moxie Marlin spike was obviously well aware of…

And so he knew that Signal would fail to some variation of an “end run attack” that “reaches around the crypto” to the user interface and the plaintext…

But according to others I still don’t know what I’m talking about… yet here we are on a page detailing the proof I do know… It would be funny if it were not so serious and people were being actively harmed and killed because they made the mistake of believing the nonsense others totally wrong viewpoint and comments.

Next time you read about some journalist or their source being imprisoned, tortured, killed or disappeared think about what I and others have said and who’s advise should have been followed and who’s should have been ignored.

Also consider the notion of systems as chains with “weak links” and then consider AI systems in development that will eventually be able to find and exploit them all for the right fee…

Clive Robinson April 27, 2026 9:06 AM

@ lurker, ALL,

Woth regards Sun Tzu and what he did and did not actually say, much has changed with “the mists of time” and the problems of “lost in translation”.

However,

<

blockquote>‘Chang Yu said :

“Knowing the enemy enables you to take the offensive, knowing yourself enables you to stand on the defensive.”

He adds :

“Attack is the secret of defense; defense is the planning of an attack.”

<

blockquote>

Are two points that although dated do stand as foundations to all two or more party activities in most things not just war on a battlefield.

However there is the “defence spending conundrum” to also consider.

It’s often said in some variation of,

“You never know when you’ve spent to much, but almost always you eventually find out you’ve spent to little, when it’s to late to change it.”

It applies to not just spending but tactics and technology that change all the time.

An example was the French after “The Great War” they spent so much on building fortified entrenchments they nearly bankrupted themselves. And within a few years such entrenchments were pointless and the start of WWII involved the Germans simply ignoring the entrenchments and going around behind them,

https://en.wikipedia.org/wiki/Maginot_Line

There are lots of reasons given as to why they failed, but the reality is fixed mind set and political prevarication are to easy to see thus most often given. Where as the changes in technology and thus ways of fighting the changes gave rise to are not so often stated.

Oh and all to often you hear the old comment of,

“Winning generals plan to fight the last war they won again”

With the rider that,

“Defeated generals learn why the lost and plan accordingly.”

The important lesson about “static defences rarely work” is seldom said out loud, which is a shame.

Especially as there is an important lesson for all security in it.

As I said on this blog long ago and especially about CCTV, static systems will initially work then fail, because “people evolve”.

The first thing that happens is generally the brighter criminals move to somewhere there is no CCTV. The less bright thus become easier to apprehend thus get “taken out of the game”. This is why initially CCTV is successful. But the real reason there was street crime there has not changed. So some of the brighter criminals develop new tactics and come back. Because the new criminal tactics exploit where CCTV fails, the street crime starts to rise again because the reason it happened is still there it just gets exploited differently. The CCTV being effectively “static” nolonger works as it initially did.

Thus people in authority “double down” on the CCTV by adding “enhancements” like facial and other bio recognition and tracking systems.

Because the “same war is being fought” these CCTV enhancments initially work, but again the criminals out evolve them because they are “static”…

The thing is “static systems” quickly become obvious as do their failings and the defenders daftly enter an “arms race” they are always destined to loose.

Which begs the question of what “other harm” happens to society to justify the continuously way more expensive and proportionately less effective spending on the increasingly usless “enhancements”.

The latest step in the UK is because criminals went from “mopeds” that have to be not just registered but carry a visable identity to “E- bikes” that don’t require registration or carry visible ID.

It’s no secret that Met Police in London and other Police forces in the UK have been given instructions to “crush e-bikes” both figuratively and literally. Thus people behaving lawfully are having their e-bikes impounded and crushed before they can register a lawfull chalenge… The Police then basically use every scummy tactic they can to stop any legal action getting to court…

The real solution to the problem is to identify what is attracting the criminals in the first place and remove or nullify it… Not the “numpty nonsense” of harassing lawfully behaving often adolescents who will grow up basically regarding the police as “scum of the lowest order” which in the long term will not end well for society.

It’s just one example of why you hear,

Technology can not fix societal issues and problems.

I suspect as AI progresses we will hear this said more and more often, and it will be true. But… by the time the truth becomes obvious a lot of societies money will have been spent and wasted, and that has to be justified in any way possible. Thus technology advances used in societal roles will almost always,

“Turn to the dark side.”

Something we as society have to stop early on if our way of life is to progress naturally.

Jon Marcus April 30, 2026 6:50 PM

I do wonder why the FBI was so forthcoming in describing the method they used to retrieve the leaked text?

maqp May 8, 2026 4:42 AM

@Clive Robinson

Yeah wrt optocouplers, the black box design is hardly ideal, but so far I’ve had to find some balance in convenience and security. I had a brief discussion about this in 2013 with Douglas W. Jones wrt their design https://homepage.divms.uiowa.edu/~jones/voting/diode/evt06slides.pdf#page=7 His advice was to avoid using >2 pronged components to reduce the chance of more complex logic being hidden in. He was absolutely right. The issues just came down to practicality: the poor and ever-diminishing support for RS232 in modern computers and the possibility to power on data diode from the receiving device’s RTS/TxD/DTR pins when those did not carry sufficient voltages, if they were usable at all. Also I couldn’t find reliable LED/photodiode pair, at least for decent baudrates.

Then I moved to Sancho_P’s TTL-data diode which was easier to implement and figured that if the user is targeted under HW interdiction attack by NSA when ordering from say Digikey, they’re probably in a world of trouble from the most powerful intelligence establishment doing targeted attacks. At that point you’ll want to replace USB-cables etc. every time you get back home, and even then you’re dealing with Van Eck phreaking etc. You’re just not winning that fight.

AFAIK, optocouplers don’t generally work in reverse. The LED might be a weak transducer but the photo diode will emight the single bit of light when it burns to ashes inside the IC. External light rarely passes the package, and optocouplers aren’t generally packaged in EPROM style windowed ICs.

@lurker

And we’re still back to WW2 opsec, hiding the extra 2 (tx/rx) machines in secret cavities for when the “telco” inspectors demand to see your equipment

I’ve seen some really cool TFC integrations over the years of everything fitted into single PELI case, with three displays, two keyboards and visible data diode circuit. That project would look epic as a cyberpunk movie prop, as a personal cyberdeck project, or as a military comms utility. But it would a) 100% not get you past airport security even if you explained what it was, and b) would raise all the eyebrows in the world if some secret police came knocking. I wish I had the permission to share the picture(s).

But back to the real world: The extra machines can be disassembled into two laptops lying around in about five seconds. Hiding the data diode assembly gets more complex. A nice part about TFC is its using Tor onion services for communication, which hides the geolocation of the user from most nation state actors. It’s harder to bust down the door if all the attacker has to go with is random Tor traffic, or ideally, a compromised Tails instance with no user data, no laptop registration details, and all traffic is just generic, encrypted TFC traffic.

TFC’s bread board data diode can be deconstructed into individual wires and components and smuggled in as generic “Electronics hobby components”. If you throw in some high voltage components into the same bag, the presence of optocouplers to control those while protecting the expensive controller side from voltage spikes, are more than well justified. This will apply to both airport luggage and what you have lying around at home.

If the attacker can bust down the door then all TFC has to offer you is the /wipe command that shreds all data from the devices and powers the devices down. You’re SoL but may the FDE protect your dissident peers at that point.

TFC might seem like a good idea to communicate with friends.

The rationale is mostly: If you land in trouble for using Tor, you’ll probably land in trouble for using anything that protects your privacy, including Signal. If endpoint exploitation is in your threat model, you really have no other options aside models with weaker endpoint security guarantee, like airgapped PGP or TFC’s Qubes configuration if Tor is fine. If TFC is not protecting you, I doubt there’s anything that will. So you either self-censor and become complicit, or you grab the pitchforks as a people. No piece of good enough privacy tech solves the good enough privacy tech being is now illegal problem. That requires the general solutions used to fix fascist regimes.

But there’s still plenty of places and contexts where TFC is legal and useful to protect from the overreaching big brother, foreign nation state actors with no jurisdiction in your country etc.

Clive Robinson May 8, 2026 6:12 AM

@ maqp, lurker,

With regards,

“But back to the real world: The extra machines can be disassembled into two laptops lying around in about five seconds. Hiding the data diode assembly gets more complex.”

The simple solution “don’t have reason to hide it” just have it publicly visable as something else “by name”.

It’s why “way back” I thought about how to make the data diodes “dual use” to “walk past customs inspection” etc.

It’s why I told @figureitout about simplified “Galvanic Isolation” systems that could be easily “reconfigured” just by how you plug the “optical fiber side together”. With the fiber optic cables “unplugged” the “data diodes” are just “isolators” that split a “4 wire to two optical fiber” interface.

At the time “digital audio” was becoming “the thing” and was seen on the backs of high end CD Drives and DAT recorders[1]. It’s still very much around for “home studio / cinema / theater surround sound” and in audio recording studios as “Sony / Philips Digital Interface Format”(S/PDIF SPDIF) over fiber cables as “Toshiba Link”(TOSLINK),

https://hifiwalker.com/blogs/dap-reviews-comparisons/spdif-port-digital-audio-connection-guide

And you can buy the bit’s quite easily with TOSLINK cables being sold at “PC Outlets” as “Optical Audio” cables etc,

‘https://www.howtogeek.com/241828/what-is-the-optical-audio-port-and-when-should-i-use-it/

So not really suspicious back then or today, which is why I suggested @Figureitout look into building a simple system using TosLink parts.

Using a modern low cost Single Board Computer as an “interface controller” would be equally as easy these days, and if done right could be “sold as a product” published as a “Hack-a-day” project and “table top demonstrated” on demand as an “Optical Audio Switching System”.

[1] If you dig out the original specs on SP/DIF you will find that the data protocol had a rather lame way to stop you copying “high quality CD digital audio” onto a DAT tape. There was a single bit, that would be set by the CD Player… Back last century it took me about three days to acquire and build parts to make “that bit” entirely under my external control… It took untill the 486 / Pentium age for PC’s to be able to do similar…

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.