Hannah on Nostr: I think there is often a misconception on how contact discovery works in Signal. ...
I think there is often a misconception on how contact discovery works in Signal.
Signal uses the social graph of phone numbers in a way convenient to the user but with as little information leakage as possible.
TL;DR Signal does know which phone numbers have been using Signal with a bit of brute force computing. It does not know a users' contacts or social graph.
The rough outline is (AFAIK, correct me if I am wrong):
Signal knows which phone numbers are registered. That's all the information they store regarding phone numbers not encrypted by your account key/PIN.
(AFAIK they only store a hash - but it can be reversed with some brute forcing as the phone number space is pretty small)
Signal will ask the server if phone numbers in your phone book are registered with Signal. (you can deactivate this) It does not send the whole phone numbers - just a truncated hash, so Servers do not know which phone numbers exactly are in your address book.
This is done in a secure enclave protected by Intel SGX to ensure the server code does not save the phone numbers anywhere. (Prevents signal servers from building a social graph)
SGX in this case allows the client to verify the server is actually running the source code published and to protect from memory snooping from the host OS.
This means if you trust Intel SGX, you can be sure your social graph and your contacts' phone numbers are not leaked.
See https://signal.org/blog/private-contact-discovery/ (actual contact discovery is superseeded by a newer iteration of this)
Signal could be a bit clearer on how the own phone number is associated with an account - but that seems to be very limited as well:
"The only information Signal maintains that is encompassed by the subpoena for any particular user account, identified through a phone number, is the time of account creation and the date of the account’s last connection to Signal servers. That is all. We have provided the information responsive to the subpoena in Signal’s possession in Attachment A."
https://security.stackexchange.com/questions/272982/does-signal-store-mobile-phone-numbers-server-side-in-plain-text
Signal uses the social graph of phone numbers in a way convenient to the user but with as little information leakage as possible.
TL;DR Signal does know which phone numbers have been using Signal with a bit of brute force computing. It does not know a users' contacts or social graph.
The rough outline is (AFAIK, correct me if I am wrong):
Signal knows which phone numbers are registered. That's all the information they store regarding phone numbers not encrypted by your account key/PIN.
(AFAIK they only store a hash - but it can be reversed with some brute forcing as the phone number space is pretty small)
Signal will ask the server if phone numbers in your phone book are registered with Signal. (you can deactivate this) It does not send the whole phone numbers - just a truncated hash, so Servers do not know which phone numbers exactly are in your address book.
This is done in a secure enclave protected by Intel SGX to ensure the server code does not save the phone numbers anywhere. (Prevents signal servers from building a social graph)
SGX in this case allows the client to verify the server is actually running the source code published and to protect from memory snooping from the host OS.
This means if you trust Intel SGX, you can be sure your social graph and your contacts' phone numbers are not leaked.
See https://signal.org/blog/private-contact-discovery/ (actual contact discovery is superseeded by a newer iteration of this)
Signal could be a bit clearer on how the own phone number is associated with an account - but that seems to be very limited as well:
"The only information Signal maintains that is encompassed by the subpoena for any particular user account, identified through a phone number, is the time of account creation and the date of the account’s last connection to Signal servers. That is all. We have provided the information responsive to the subpoena in Signal’s possession in Attachment A."
https://security.stackexchange.com/questions/272982/does-signal-store-mobile-phone-numbers-server-side-in-plain-text