Comment by tptacek
2 years ago
No, it's not. Traffic analysis is potent, but it is not a literal SQL database of who has talked to who when.
2 years ago
No, it's not. Traffic analysis is potent, but it is not a literal SQL database of who has talked to who when.
Signal's "sealed sender" feature means it doesn't even know who sent you the message (all they can see is an IP address):
https://signal.org/blog/sealed-sender/
Signal or any surveillor surrounding their servers (with or without Signal's cooperation) almost certainly has enough timing/traffic-shape info to reconstruct who-to-who logs.
"Sealed sender" (and some of Signal's other tactics) just demonstrate: Signal's main & disclosed codepaths aren't stockpiling the canonical metadata via the same blatant & undenied mechanisms of other services. Sufficiently sophisticated outside attackers, or insider threats, can construct nearly-equivalent logs via other means. (And: Signal seems reluctant to make choices, like truly ditching phone numbers as account IDs, that could limit these 'shadow' leaks.)
> all they can see is an IP address
That is precisely the, ahem, signal metadata.
Yep, whoever gets hold of those records can cross-reference logs from the same time to narrow down or even outright identify Signal chat participants.
So the problem is the same: trusting the server. At least small Matrix servers aren't huge targets for attacks, since they don't serve so many users.
Also on Matrix you can run your own server.
Signal doesn't know who's talking to you, it's called sealed sender:
https://signal.org/blog/sealed-sender/
Which is irrelevant when Amazon has all IP addresses.
5 replies →