paulmillr on Nostr: It's possible to deduce who messages whom (timing / correlation attack). All user ...
It's possible to deduce who messages whom (timing / correlation attack). All user contacts are uploaded to Signal servers (they say it's stored in SGX - which may be broken). Groups also store some data on Signal servers. And - most important - Signal relies on phone numbers.
Published at
2023-12-21 15:38:05Event JSON
{
"id": "a30ef8e6ca914f4306f70153f2c2ab7de02347c62245ee5fc72fc3e1b8878319",
"pubkey": "7cb13cde0670e590f02cbe9ea0fcf1e05edbc5cc8a409731fa5436440181cf1d",
"created_at": 1703173085,
"kind": 1,
"tags": [
[
"p",
"7cb13cde0670e590f02cbe9ea0fcf1e05edbc5cc8a409731fa5436440181cf1d"
],
[
"p",
"7bdef7bdebb8721f77927d0e77c66059360fa62371fdf15f3add93923a613229"
],
[
"p",
"c31e22c3715c1bde5608b7e0d04904f22f5fc453ba1806d21c9f2382e1e58c6c"
],
[
"e",
"3830b0cdfec195f5e7b7e3623dd1ae7a64ed1641b68291780b6a3dfb3bed78ea",
"root"
],
[
"e",
"d1dde0500e44f40d536086b1a00152ef75e339691a4a7ecd873f6009da3d7611",
"",
"reply"
]
],
"content": "It's possible to deduce who messages whom (timing / correlation attack). All user contacts are uploaded to Signal servers (they say it's stored in SGX - which may be broken). Groups also store some data on Signal servers. And - most important - Signal relies on phone numbers.",
"sig": "1d6a40df6ed3b5eadbd96107f1588c98250c26d776a5af5ff0ba814af2c419afc81362bc9dfe412906527b3549a0e1b677b76ebeafbe2075a7717f88f196827c"
}
