1. Signal, where an attacker with granular access to AWS's global network logs could perform traffic analysis to match timings between sender and recipient IP addresses, which would work for some portion, and narrow things down for some other portion. The attacker would then need to combine that with data from mobile networks and other ISPs to link the sender/recipient IPs at a given timestamp with a subscriber.
2. Other messaging platforms, including Matrix, where they can just check the server's database to get a table of what user messaged what other user at a given time.
On Matrix, that assumes the attacker knows where the server is or that it even exists. Whereas on Signal it’s pretty obvious where the server is, given there’s only one logical server.
Which is irrelevant when Amazon has all IP addresses.
So the two things we're comparing are:
1. Signal, where an attacker with granular access to AWS's global network logs could perform traffic analysis to match timings between sender and recipient IP addresses, which would work for some portion, and narrow things down for some other portion. The attacker would then need to combine that with data from mobile networks and other ISPs to link the sender/recipient IPs at a given timestamp with a subscriber.
2. Other messaging platforms, including Matrix, where they can just check the server's database to get a table of what user messaged what other user at a given time.
On Matrix, that assumes the attacker knows where the server is or that it even exists. Whereas on Signal it’s pretty obvious where the server is, given there’s only one logical server.
3 replies →