How the FBI Read Signal Messages Without Breaking Signal | April 14, 2026
A court case revealed that deleted Signal messages can survive somewhere Signal has no control over: your phone's notification database.
On Our Radar 🎯
The FBI Found a Suspect's Signal Messages in a Place Signal Can't Touch
The FBI successfully extracted deleted Signal messages from a suspect's iPhone. The good news is that Signal wasn't compromised. In fact, there was no attack against Signal itself. What the FBI accessed was something almost no one thinks about: The iOS notification database.
Here's how it works: When Signal sends you a message, iOS processes a notification. If previews are enabled, that content gets stored in a local notification database. So when investigators had physical access to the device, they were able to access previous incoming messages that appeared through Signal notifications—no need to break encryption. In fact, Signal had already been removed from the device completely!
Fortunately, the fix here is straightforward, and it's something we've recommended before: disable message content in notification previews. On iOS, go to Settings → Notifications → Show Previews → Never. This prevents the notification database from storing actual message content. Similarly, Signal has notification preview settings if you want to handle it within the Signal ecosystem.
It's also important to acknowledge these concerns expand beyond Signal on iOS:
- Any application with message previews are victim to this same attack on iOS.
- Android's notification system also stores message content in local databases. While it hasn't been demonstrated yet in course cases, the underlying architecture is similar enough that it's safe to assume the attack can be replicated on Android.
- Finally, both mobile operating systems process notification content through Apple & Google servers, which can be handed over to governments.
What you can do: My takeaway isn't that Signal failed. It's that good tools require good habits around them. Even in light of this story, I'll still be using Signal with notifications and previews completely enabled, as these are very high threat model concerns. But if you feel this attack could jeopardize your safety, some more options to explore:
- Disable notification previews for your messaging app(s).
- Apple's Lockdown Mode & Google's Advanced Protection Program are powerful tools to consider for endpoint security.
- Finally, visit our Signal hardening guide which covers maximum privacy and security configurations for Signal:
Bits & Bytes 🤖
~ France Is Ditching Windows for Linux!
France announced plans to migrate government systems away from Windows toward Linux, explicitly citing a desire to reduce reliance on US tech infrastructure.
Our take: I think it's wonderful to see more people around the world reclaim their digital freedom and escape the gatekeepers controlling the digital landscape. If you've been with us a while, this is the kind of win we love because it doesn't make mainstream news the way it should.
~ WireGuard's Developer Can't Ship Updates...Because of Microsoft
Speaking of gatekeepers...the developer behind WireGuard, the open-source VPN protocol, found themselves unable to push software updates because Microsoft locked their account. No breach, no policy violation explained, just a locked account creating a hard stop on critical infrastructure updates. The worst part is this also impacted Veracrypt and Windscribe VPN.
Our take: It's an argument for decentralized distribution that writes itself. We did far more coverage for this in dedicated content with full takes 😄
~ Wisconsin Rejects Age Verification Bill!
Wisconsin's governor rejected a bill that would have required age verification! Age verification mandates sound protective on the surface, but the implementations consistently require collecting sensitive identity data from every user, including adults, with significant privacy and democratic implications.
Our take: A huge win! Not every state is moving in the same direction, and the pushback matters. We will continue tracking these updates as they come, and we even covered this story when it broke:
This Week on Techlore 📺
Big week with lots of new faces, so I want to welcome anybody who recently joined our fight 🙏 I did some reactions to a commentary piece involving Meta's AI glasses and the creepy implications in public spaces:
Why Meta’s Smart Glasses Are Called “Pervert Glasses” And Why That Should Scare You
I came across a solid piece by a journalist, not a privacy advocate, not a tech skeptic, just a regular person who decided to spend a day wearing Meta’s Ray-Ban smart glasses. After using them, she reported back that these glasses didn’t just make her feel like a creep, they
Henry Fisher
I did deeper coverage on Microsoft's ban of privacy-first developers and what prompted these problems, as well as the lack of response from Microsoft:
Microsoft’s Silent Lockout: Why WireGuard, VeraCrypt & Windscribe Can No Longer Update Windows Users
In more news not on my 2026 bingo card...Microsoft silently suspended the developer accounts for WireGuard, VeraCrypt, and Windscribe—three of the most important open source security tools that are consistently recommended to our audience. and none of these developers were notified. Not an email, not a warning, nothing.
Henry Fisher
Last week's Surveillance Report featured VPNs exposing you to more spying, North Korea's open source hijack, Android malware hitting 2.3 million device via Google Play, and many other critical stories:
VPNs Could Expose You to NSA Spying, North Korea’s Open-Source Hijack, Android Malware Hits 2.3 Million Devices via Google Play, and the EU Ending Chat Control
Techlore Surveillance Report: Weekly News for Your Digital Freedom
Henry Fisher
We invited Organic Maps on to Techlore Talks to discuss the privacy considerations of Apple & Google maps and what a true alternative can look like:
How Organic Maps Built an Open Source, Offline-First Maps App That Doesn’t Track You
Techlore Talks brings you in-depth conversations with the experts at the forefront of digital rights, privacy and security.
Tori
And finally, I shared my first reactions to Firefox's new, 50GB free VPN, now live in the Firefox browser:
Firefox’s Free Built-In VPN: First Impressions, Live Tests, and What You’re Actually Getting
This one I didn’t see coming...Mozilla just shipped a free VPN built directly into Firefox. No app, no subscription, just 50 gigabytes a month of IP protection baked into the browser right out of the box. The setup is straightforward. It requires a Mozilla account, which I assume is
Henry Fisher
Action Item ✅
Audit your endpoint security this week. Open your messaging apps one by one...Signal, WhatsApp, iMessage, whatever you use...and check your privacy & security settings. A quick five-minute audit goes further than most people expect. I'll see you all in the next Digital Rights Digest 🫡
Written by
Know Your Rights. Protect Your Freedom.
Digital Rights Digest—threats to your freedom and how to fight back. A five-minute weekly read, 100% free.
