• 1 Post
  • 6 Comments
Joined 1 year ago
cake
Cake day: August 30th, 2023

help-circle



  • HappyKittenOPtoPrivacySignal: Guide to Avoid Privacy Mistakes
    link
    fedilink
    arrow-up
    2
    arrow-down
    9
    ·
    1 year ago

    Thanks for the reply but please check the article:

    Sealed Sender is Flawed

    Signal has a flawed system called “Sealed Sender”, which encrypts the metadata of who sent the message inside the encrypted packets. However, cybersecurity researchers from the University of Colorado Boulder, Boston University, George Washington University, and U.S. Naval Academy, found that Sealed Sender could be compromised by a malicious cloud host in as few as 5 messages to reveal who is communicating with who. In this paper published by NDSS, headed by Ian Martiny, these researchers found that Signal’s “read receipts”, which lets the sender know that the receiver got the message can be used as an attack vector to analyze traffic because it sends data packets right back to the sender. Therefore, our recommendation to increase metadata protection is turn off read receipts, which can be toggled in the security settings.

    Source used: Improving Signal’s Sealed Sender Ian Martiny∗, Gabriel Kaptchuk†, Adam Aviv‡, Dan Roche§, Eric Wustrow∗ ∗, {ian.martiny, ewust}@colorado.edu †Boston University, kaptchuk@bu.edu ‡George Washington University, aaviv@gwu.edu §U.S. Naval Avademy, roche@usna.edu

    https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/ & Paper PDF: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-4_24180_paper.pdf


  • HappyKittenOPtoPrivacySignal: Guide to Avoid Privacy Mistakes
    link
    fedilink
    arrow-up
    4
    arrow-down
    6
    ·
    1 year ago

    Thanks for the reply but please check the article:

    Sealed Sender is Flawed

    Signal has a flawed system called “Sealed Sender”, which encrypts the metadata of who sent the message inside the encrypted packets. However, cybersecurity researchers from the University of Colorado Boulder, Boston University, George Washington University, and U.S. Naval Academy, found that Sealed Sender could be compromised by a malicious cloud host in as few as 5 messages to reveal who is communicating with who. In this paper published by NDSS, headed by Ian Martiny, these researchers found that Signal’s “read receipts”, which lets the sender know that the receiver got the message can be used as an attack vector to analyze traffic because it sends data packets right back to the sender. Therefore, our recommendation to increase metadata protection is turn off read receipts, which can be toggled in the security settings.

    Source used: Improving Signal’s Sealed Sender Ian Martiny∗, Gabriel Kaptchuk†, Adam Aviv‡, Dan Roche§, Eric Wustrow∗ ∗, {ian.martiny, ewust}@colorado.edu †Boston University, kaptchuk@bu.edu ‡George Washington University, aaviv@gwu.edu §U.S. Naval Avademy, roche@usna.edu

    https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/ & Paper PDF: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-4_24180_paper.pdf