• Pup Biru@aussie.zone
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    10 months ago

    that’s all not necessarily true

    for starters: https://signal.org/blog/sealed-sender/

    but also perhaps more academically because signal (i believe) doesn’t do this, so it’s more a comment on the information that the server “must know”

    signal uses the double ratchet protocol to derive shared keys between users already. if we extend this a little further to exchange a separate shared identifier for use in retrieving conversaiton data, and a place to store that data the the only information that the server gets is a couple of initialisation messages, and the rest is entirely opaque - there’s no way to know (other than tracing e2e messages based on IP address, and there are mitigations for that too) who is communicating with who, at what rate, etc

    there are other ways to validate things like rate limits, etc that don’t involve identity directly, or at least don’t trust any single party with all data

    • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
      link
      fedilink
      arrow-up
      2
      ·
      10 months ago

      If you’re arguing that it is possible to build a system that uses a server for routing while keeping clients anonymous, then that is the case. However, what we’re talking about here is whether a malicious actor would be able to intentionally harvest metadata about the users. And my point was that since only the people operating the Signal server know what it’s actually doing, it becomes a trust based system. You have to trust that Whisper Systems is a good actor and they’re not harvesting your information.