Or, at least, they can.
Recently I finally found a friend to join me on Signal. They asked something about whether Signal is truly secure and private, such as whether it is safe from US government surveillance. I said to him: “Well, it’s end-to-end encrypted, so they don’t know What We’re talking, but they definitely know we’re talking to each other.”
I say this because Signal uses our phone numbers as ID. So, Signal will know that phone number A is talking to phone number B, and if they can figure out that phone number A is mine, and phone number B is my friend’s (usually not too hard to figure out with some OSINT or some governments help), then Signal will know that my friend and I are talking, even if they don’t know what we’re talking about.
This is a limitation of end-to-end encryption, which I’ve talked about before. End-to-end encryption provides confidentiality of data, but not anonymity or protection from de-identification of metadata.
However, I was surprised when my friend told me that no, Signal doesn’t actually know who is talking to whom because of this feature called “Sealed Sender”.
“Wow! Really?! Great!” I thought. But then I started reading how Sealed Sender actually works, according to no one but Signal itself, and I found that this feature is technically very complex, and completely useless,
ʕ ಠ ᴥಠ ʔ: Wow! seriously?! Not cool!
One-way anonymity for two-way communication
While Sealed Sender is quite complex under the hood, it results in one-way anonymity. This means that, when phone number A sends a message to phone number B, Signal will not know that the message is coming from phone number A and will only know that the message is to be sent to phone number B.
It does this in a way that is similar to snail mail without the return address: the letter inside the mail envelope may tell the recipient who the sender is, but the mail envelope itself only tells the post office who the recipient is so that it can be delivered to them. If the post office does not or cannot open the envelope to read the letter, they will not know who the sender is. Later, when the recipient wants to send a reply to the sender, they can do the same thing.
ʕ·ᴥ·ʔ: Hmm, okay. This way it feels like it’s anonymous.
Well, yes, it is, but only when there is only one message to send. The problem arises when many messages are being sent back and forth in this manner.
Keeping the snail mail analogy in mind, what happens when two pen pals keep sending mail to each other from their homes without including return addresses in their envelopes? The Postal Service may not know who is actually sending each piece of mail, but over time, they will. Address in Lower ManhattanOne-way mail continues to be received from the post office at 3630 East Tremont Avenue, New York, bronxNew York; And Address B in the Bronx One-way mail continues to be received from the post office at 350 Canal Street, lower Manhattan,
ʕ´•ᴥ•`ʔ: Oh. Then the Postal Service will be absolutely sure that whoever lives at address A and address B is talking to each other.
Absolutely. This is the extent of one-way anonymity: It only works one way! Once you start having two-way communication, with replies going back and forth, one-way anonymity is useless.
two pieces of metadata
With many messages sent back and forth over time, and knowing the signal Recipient phone number only In each message, it would be very difficult for Signal to figure out who is talking to whom when their servers are receiving thousands of messages every second from different senders, with each message being delivered to thousands of different recipients. But, the signal doesn’t know Recipient phone number only of each message; They also know the IP address of each sender. And this is where the snail mail analogy fails, because IP addresses are too specific Than post offices.
Signal messages, as we all know, are sent over the Internet, and the Internet sends data using IP addresses. Sealed Sender protects only the sender’s phone number; It does not protect the sender’s IP address. So, if you’re sending Signal messages to your super secret pen pal from your home, and you’re not using a VPN or Tor, Signal knows that the messages being sent to your pen pal’s phone number are coming from your home IP address (not the post office, your home).
Even if you are using a method to hide your real IP address, you still have to use Some? IP address to communicate over the Internet, and Signal will see it Same IP address keeps sending messages to the same phone numberThis is easy enough to detect that all these different messages for the recipient are coming from the same sender, Sure, it’s possible that you’re using the IP address of a VPN server or Tor exit node with other Signal users sending messages at the same time, but that’s extremely unlikely, More likely: Even when you use a VPN or Tor, Signal can easily tell that whatever sealed-sender message you’re sending to your pen pal is coming from one person: you,
And if your pen pal replies, the reply will contain his IP address (the same IP address Signal sent your messages to) and your phone number. And then, when you want to receive a reply, you have to connect to Signal’s servers using your IP address (the same IP address you previously used to send your messages to your pen pal). Just like that, with two messages, Signal figured out which phone number (yours) was talking to the other phone number (your pen pal’s). If they ever try to find out who owns these two phone numbers, they can ask your telecom, or simply search on Facebook and Twitter.
You cannot avoid using an IP address on the Internet; They are a necessity on the Internet. But you can use a VPN or Tor to hide your real IP address with a fake IP address that is not associated with your identity. But you can’t do that with phone numbers. The phone number is either linked to your identity or it is not; There is no hiding possible unless you use a service like MySudo, which is not available to most of us (US and Canada only as of the time of this writing). If you’re lucky enough to be able to buy a prepaid SIM without ID, great, you and your friend just need to buy a few SIM cards that aren’t tied to your identity. If purchasing a prepaid SIM without ID is not an option, your phone number must be tied to your identity, and Signal can use these hidden phone numbers in combination with secret or hidden IP addresses to find out who is calling who, Sealed despite the sender’s promisesAs long as two-way talks are going on.
Which raises an interesting question: Why does Signal need a phone number?
ʕ´•ᴥ•`ʔ: Hey, that’s an interesting question…
Signal works over the Internet, and the Internet needs IP (Internet Protocol) addresses to figure out where a message should go. But sending messages over the Internet does not Phone number required; This is a requirement when using SMS or cellular calls or mobile data, but not to use the internetAnd yet, the “privacy-protecting” Signal app requires you to use a phone number to send and receive messages,,,
ʕ⚆ᴥ⚆ʔ: Hmmmm…
it’s always a two way street
it gets worse. I keep repeating this: two-way communicationDoesn’t work with sealed sender two-way communicationBut, I’m kind of lying, The truth is: Signal already knows who is calling which phone number, even with sealed senders and only one-way communication.
ʕ ಠ ᴥಠ ʔ: What?!
Do these check marks look familiar to you? (Excuse the pixelation.)
ʕ·ᴥ·ʔ: Hmm, yes. Aren’t those check marks that appear for at least a second whenever I send a Signal message? This is what is shown after the single check mark, and before they both turn white, to indicate that my message was read, right?
This is correct. The single check mark indicates that your Signal message was sent to Signal’s servers, the two check marks above indicate that your Signal message has been delivered to the recipient, and the two white check marks indicate that the recipient has read your Signal message.
Now, the thing about the two check marks above is that your Signal app only shows them when your phone receives a “delivery receipt” from the recipient’s phone. Whenever your pen pal receives a message from you, their Signal app sends a delivery receipt from their phone to your phone via Signal’s servers. This is what their Signal app does automatically and instantlyAnd none of you can turn it off. You can turn off read receipts (two white check marks) and the typing indicator, but you can’t turn off first answer: Delivery Receipts.
The delivery receipt is – important – Also “protected” by using a sealed sender, but what was it that I’ve been saying the whole time what’s wrong with a sealed sender?
ʕ·ᴥ·ʔ: It only works one-way…
ʕ • ᴥ • ʔ: It works only one way…
ʕ º ᴥ º ʔ: …and the delivery receipt automatically makes it two-way.
Absolutely. And you can’t turn it off. Go understand why.
Some options and work in progress
So if you can’t trust Signal, who can you trust? Well, if you just need a private text-based communication channel that won’t falsely advertise its privacy guarantees to you, Proton Mail and Tutanota (now called Tuta) are great. But if you want private voice-based communication, this will be a problem. WhatsApp is worse than Signal, Telegram is worse than WhatsApp, Wire requires an email address to use it (another unnecessary requirement), and most of the rest can’t be trusted because they’re not open-source.
You can use Jitsi for voice communication, but you have to use a separate service for text communication. You can use Matrix for both text and voice, but it’s a software and communications protocol, so you’ll have to set up your own server to run it. You can use Elementor, which runs Matrix Server, but you’ll have to trust Amazon and Cloudflare with your metadata, making this a messy solution to the privacy problem.
What leaves us is a service that is still a work in progress: SimpleX. It does not ask for any global identifiers like phone numbers or email addresses. Unlike Signal, it at least tries, To make sure he doesn’t know who is talking to whomIt does this with the use of proxies through which you randomly send your messages to reach your recipient (the technical details of which are too complex to get into here), Of course it’s open-source and end-to-end encrypted, otherwise I wouldn’t mention it, it even goes so far Allows you to use Tor With this, or any SOCKS proxy. really that’s great; The most technically amazing communication platform I have ever seen.
But, it is not complete. It’s a bit slow, and messages sometimes don’t arrive in the right order or at all. Voice calls… are tricky, especially when using Tor. It is still a young, developing project, although it is making great progress in improving itself, including security audits.
Time will tell what the outcome will be, but at least I can say one thing: we have found a viable option.
Hey, Kuma!
ʕ •̀ᴥ•́ ʔ: Where have you been for the last 11 months?!
I actually started writing this article months ago and got busy again.
ʕ ಠ ᴥಠ ʔ: Well, at least hit me up with some tips and tricks from time to time.
I’ll try, friend, but real life comes before imaginary friends.
ʕ •̀ᴥ•́ ʔ: I know I’m imaginary, but do you have customers?
I have no idea’. Maybe they should give me a hint by signing up below!
Or not; My RSS feed in the site menu. Unlike Signal, I don’t require you to sign up with a global identifier.