Pavel Durov, Telegram’s co-founder, warned that push notification systems create a persistent privacy vulnerability: notification databases can be used to recover message text even after a user deletes messages or uninstalls an app.
Durov referenced a 404 Media report that the U.S. Federal Bureau of Investigation reportedly recovered deleted Signal messages by accessing an iPhone’s notification database. He stressed that simply turning off notification previews does not eliminate the risk, because message content can still be exposed when the people you message have notifications enabled.
Cointelegraph contacted Signal about the FBI report but had not received a response by the time of publication.
The episode illustrates how end-to-end encryption can be undermined not by breaking the crypto itself but by exploiting metadata and auxiliary data generated by apps — notification logs among them. Durov argues this practical attack vector strengthens the case for decentralized messaging architectures that minimize or eliminate centralized collection and storage of such data.
Interest in decentralized and peer-to-peer messaging has grown since 2025 amid geopolitical tensions, connectivity blackouts and civil unrest. Some apps, like Bitchat, use Bluetooth mesh networking to relay messages without relying on the internet or central servers; during a national social media ban in Nepal in September 2025, more than 48,000 people reportedly downloaded Bitchat to communicate.
Users also turn to VPNs and related tools to evade national firewalls and bans on privacy-focused apps. Durov noted that government efforts to force adoption of surveillance-capable messaging often backfire, driving broader VPN use and continued uptake of banned platforms. He pointed to Telegram’s enduring popularity in Iran, where he says over 50 million users have downloaded the app despite long-standing restrictions.
These developments highlight a recurring tension: strong encryption protects message contents, but auxiliary data like notification logs can still leak information. That gap shapes how users, developers and policymakers approach privacy and censorship resistance in hostile or censored environments.