According to reports from users, Signal’s “disappearing messages” (self-destructing messages) are not actually disappearing on macOS machines.
Signal’s Disappearing Messages
Signal's developers introduced the disappearing messages feature two years ago, which was a good complement to the app’s end-to-end encryption, leading to increased user privacy.
Signal’s best privacy feature remains end-to-end encryption, because that’s what’s actually keeping the messages private and limited to the people in the conversation. Not even the Signal team can see those messages, nor can anyone who may hack its servers.
Without end-to-end encryption, disappearing messages wouldn’t offer too much privacy, because both the Signal team or malicious parties hacking its servers could get those messages. However, when the two features are used together, the users are first guaranteed that their messages are private, and then that any hacker who may attempt to hack their own devices won’t have too big a window to steal those messages. Disappearing messages can be set from 5 seconds to 1 week.
Why macOS Stores Signal’s Messages
The issue here seems to be related to macOS’ notification system, which copies the messages you get from Signal (and presumably from other messengers, too). That means that even if you set the messages to disappear in one hour or one day, you may still see the messages in the Notification Center several days later, as Alec Muffet, the user who first noticed this issue, claimed happened to him.
The Notification Center was introduced in OS X 10.10 (Yosemite) to help you “catch up on notifications you missed,” as Apple said at the time. Signal, like other messengers, integrates with the Notification Center so that users can see the messages they receive even when their app is not open in the foreground.
This macOS feature essentially nullifies the disappearing messages feature of Signal.
Fixing Signal's Disappearing Messages On macOS
Apple could probably update its Notification Center so that when the user or the app itself deletes the messages, then they also disappear from the Notification Center.
However, in the meantime, Signal's developers should be able to code the same thing into their app, or simply disable the integration with the Notification Center altogether, if nothing else works.
Using the Notification Center for an app such as Signal is also a little risky, because in the future Apple may start syncing those messages to its cloud servers, as it tries to offer more convenience features to users.
At that point, Signal’s end-to-end privacy guarantees would be as weakened as they are in iMessage, where everyone’s messages are uploaded to Apple’s servers by default as “backup.” However, that also means Apple, malicious actors hacking Apple’s servers, or law enforcement can gain access to those messages.
