Signal rolls out a new privacy feature making it harder to know a sender’s identity

Signal, regarded as the gold standard of end-to-end encrypted messaging apps, is rolling out a new feature that will further protect the identities of message senders.

“While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is,” Signal revealed in a blog post Monday.

Dubbed “sealed sender,” the messaging app will soon store a sender’s information inside the envelope of an encrypted message. In order to remove the sender’s “from” information from the message’s envelope, Signal will encrypt the message, and then include a short-term certificate on the envelope of the encrypted message that can be used to prove a sender’s identity, which includes the sender’s phone number, public identity key and an expiry time. Then, that envelope is encrypted. Once it’s delivered, the recipient’s device will validate that certificate and decrypts the message as it normally would.

Sounds fancy, but in reality nothing changes at the surface level — the app will send your messages securely over an end-to-end encrypted connection. But behind the scenes at the service level, the new handoff mechanism makes the service more resistant to metadata.

The new feature will be enabled by default when it rolls out in a future release.

Since its inception, Signal hasn’t collected or stored data. By engineering the service so that it can deliver messages while cutting itself out of the loop, the app maker can’t turn over data to governments when they come knocking with a warrant. That point was proven two years ago when the FBI demanded that Signal turn over all the data it had on one particular user.

Signal responded with all the data it had — a timestamp of when the account was created and its last connection date. The information was effectively useless to prosecutors.

“These protocol changes are an incremental step, and we are continuing to work on improvements to Signal’s metadata resistance,” the blog post said. “In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development.”

In other words, your data was never stored — but now it can’t be.

The new feature will be enabled by default in a future version of Signal. It’s heading into beta in the next few days.



Powered by Blogger.