• Arthur BesseA
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    3 years ago

    Signal’s “sealed sender” feature is insufficient to actually protect metadata. Since that feature was implemented, the server ostensibly doesn’t know which user a message is from, but it still knows the IP address that sent it and in most cases there is only one signal user (who must identify themselves to receive incoming messages) using a given IP at a given time. AWS is very cooperative with law enforcement (not to mention intelligence agencies) so it is unlikely that they are not correlating senders and receivers of Signal messages.