Signal-ios: Screenshot Alerts

+1
Good idea.

Or simply a message saying "screenshot taken"

The idea here is that it is more insightful for the user to know which part of the chat (or media) was taken.

Note: Anybody with bad intent would just recompile the code on their device removing the screenshot detection code. I agree this raises the bar in terms of skills necessary for an adversary but it won't give you any guarantees since we can't enforce any of this. If you're in an adversarial threat-model, it won't do much for you.

Agree @FredericJacobs that there is no 100% guarantee. But for 99,99% of the average user it would be a nice feature. ;-)

True :-) @JohanDoe

Possibly you could have a check that ensures the feature is activated, and if isn't warns the chat partner that it has been deactivated

If you are nefarious enough to want to hack the source to disable screenshot notifications, can't you also hack the code the pretend to the client that your version behaves normally?

@jniegsch : Technology doesn't work that way. It can be spoofed.

@FredericJacobs : I know that, however the messages are sent over a server, so you could implement a check. For example when someone signs up or activates it on a new version, the user would need to be authenticated via the server. A part of this authentication could be to check if the source code is complete and without an issue. I agree technology can be spoofed and if you really want to you can, however this would make it harder making sure that the average user and users who are very adept with programming could not spoof with the system. I might be wrong but I think it would work

@jniegsch you're wrong, it wouldn't work. The server has no way of checking "if the source code is complete and without an issue". I could compile my own version of Signal which simply disables the screenshot alert feature and talks to the server identically in every other way. There is no way the server could enforce that the client is untampered.

The feature could be added and would work for people on non-jailbroken iPhones running the official App Store version of Signal. However, one of the participants (who wants to secretly take screenshots) could use a jailbroken iPhone with a MobileSubstrate tweak that disables screenshot detection, or they could simply compile their own modified version of Signal from source without this feature.

People might also distribute a modified version of Signal via Cydia or other sources without screenshot alerting, so it's not only technically advanced users that would be able to cheat this feature, anyone with a jailbroken iPhone could.

Hence if such a feature is introduced, it would give users a false sense of security that they would always be alerted if the remote party screenshots their conversation. This is a guarantee that Signal can't really give, hence it's better not to promise this in the first place.

Even if this feature could be made perfectly secure, have you considered that a user could simply use a 2nd phone to take a photo of the screen?...

This is an end to end secure messenger app that takes security seriously, not Snapchat.

I think many users would welcome it if they had the freedom to decide whether they want to use this extra service or not. So, you can write down a short description: "The screenshot alert function can't protect you against xxx, yyy, ..., and photos taken by another device."

I think it was previously acknowledged in this thread that this feature cannot be 100% guaranteed and circumvented in several ways. That's not the point anymore in my view.

For 99,9% of the Signal target audience it would be useful, in particular in combination with a self destruction feature for messages (*). And given the privacy goals of Signal and the target audience profile (non tech, privacy minded) I think these feautures have a good business case, subject to disclaimer as suggested by @Zahlentheorie

(*) yes - same circumvention issues with this feature. ;-)

So good to have @JohanDoe in this conversation. :+1:
The idea of self-destruction sounds really really good -- I would love it --, but I think there will be more problems than solutions founded.

What about copy-paste? I want notifications of that too.

No that's a joke. In all seriousness this is a really bad feature request, it complicates the app and muddles the UI contract with the end-user. It would be better if Signal just had a warning at the top of each chat that said something along the lines of:

"Remember: no third parties can read this and you can plausibly deny anything said here if shared without your permission."

Why does Wikipedia state that Signal has screenshot protection if it does not (https://en.m.wikipedia.org/wiki/Comparison_of_instant_messaging_clients)

I understand that nothing can be guaranteed with that feature (like the self destructing messages) although I discard the "give false sense of security" argument which could be addressed with correct warnings.

I feel that discarding this and self destructing messages are obstacles to the development of Signal adoption over Telegram. Also correct warnings in Signal apps could make aware Telegram (or others app) users that those kind of feature offer no real guarantees.

Double win (or loss) according to me.

Why does Wikipedia states that Signal has screenshot protection if it does not (https://en.m.wikipedia.org/wiki/Comparison_of_instant_messaging_clients)

The Android version does.

I feel that discarding this and self destructing messages are obstacles to the development of Signal adoption over Telegram .

There's no data backing up this claim. Feature requests should be justified with data and logic not with biased hunches, especially those with dubious benefits and real costs.

Where is the herd of people of dropping signal because it doesn't have screenshot notification support? https://twitter.com/search?q=Signal+screenshot https://www.google.com/search?q=signal+screenshot

Feature requests should be justified with data and logic

Where's the logic in having this feature in the Android client but not in iOS ?

There's no data backing up this claim.

I said that I felt this way, I wasn't proclaiming anything.

I installed both Telegram and Signal and my biased-hunches-full-self felt that if I were not aware of the security concerns about Telegram I would choose it over Signal mostly because I like self destructing messages and screenshot protection features. I thought it might interest you to know that and as I don't consider myself that different from others it might be that other people feel the same (most of them most likely not aware of previously mentioned existing Telegram security concerns).

A famous Finnish man said (in substance) that you can't do security without trust.

If I would trust someone it would include the fact that he uses an unaltered version of the software that enforces every security features there is. In that case I think that those two features become another interesting security layer.

In the other case then I would not say anything that I wouldn't want to see disclosed to the world because no matter how secure is the protocol, without trust I can't consider anything I would write to someone else to be secured.

Regards.

Should we close this issue now? It is a feature request and it seems to be not doable in iOS.

I mean it certainly is doable https://developer.apple.com/documentation/uikit/uiapplication/1622966-userdidtakescreenshotnotificatio

https://stackoverflow.com/questions/13484516/ios-detection-of-screenshot#18158483

(though I don't really see the point of the feature)

We no longer track feature requests on GitHub, only bugs with existing functionality. Please see https://github.com/signalapp/Signal-iOS/blob/master/CONTRIBUTING.md for details.

The forum would be a better place to discuss new features: https://community.signalusers.org/