Improving Signal’s Sealed Sender - NDSS Symposium https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/
The Signal messaging service recently deployed a emph{sealed sender} feature that provides sender anonymity by cryptographically hiding a message’s sender from the service provider. We demonstrate, both theoretically and empirically, that this one-sided anonymity is broken when two parties send multiple messages back and forth; that is, the promise of sealed sender does not emph{compose} over a conversation of messages. Our attack is in the family of Statistical Disclosure Attacks (SDAs), and is made particularly effective by emph{delivery receipts} that inform the sender that a message has been successfully delivered, which are enabled by default on Signal. We show using theoretical and simulation-based models that Signal could link sealed sender users in as few as 5 messages
>Tmk there's no way around that other than buying a burner phone+sim that you give away immediately afterwards.
There are companies that allow you to rent a number temporarily for SMS verification. Alternatively you could get a virtual number.
I haven't used any of those services as I registered for Signal before cancelling my phone plan and taking out my SIM so they can't location track me.
>Consequently your location data and by virtue of that your real world identity is intrinsically linked to your conversations and social network.
How so? Signal doesn't have access to your location; the phone company does (if you have a SIM). The phone company doesn't have access to your conversations; Signal does (and only the metadata).
- replies
- 1
- announces
- 0
- likes
- 0