How does sealed sender work? I couldn't find details. The explanations I saw seemed to start from the assumption that Signal doesn't keep logs of messages moving through their system.
The short version is: Traditionally, Bob needed to “log in” to be able to send a message to Alice’s inbox.
With Sealed Sender, Alice gives Bob a credential that allows him to message her from now on without logging in.
Only Alice can tell that the message she received is from Bob.
There’s some subtlety around bootstrapping these credentials and preventing abuse which means that not every message can be sent as Sealed Sender, but the vast majority are. Read the blog post for the authoritative explanation.
There’s an option in the app settings to make visible which of your messages were sent without identifying your client to the server if you’re curious.
Ah thanks, okay, I'm not sure I'm missing anything in that case.
But if so, doesn't signal still know that alice and bob are communicating because it's transferring messages between them? Even if Bob doesn't log in IP B is still sending payloads that eventually get delivered to IP A, and if law enforcement later asks signal for logs they could be correlated.
Indeed, at some point in time a byte has to move from point A to point B, and unless you random VPN to a different location the source and destination IPs can be identified.
Even if they can't read it, a hostile government won't care.
There is only so much you can do against a really determined adversary thats well funded.
I just want a Signal that doesn't tie everything back to a phone number.
I arrange to tell Alice in an encrypted chat that I will be doing a drop on X url after Y time and to watch it.
Alice comes picks up the drop. Done.
PS: This is another great use for cryptocurrency. When you don’t want to use account-based charging, then you allow anyone to prepay for the resources with crypto.
No, if you're doing something sensitive that can get you or other people arrested, locked up, hurt or killed, you should not be using Signal for that. You should reconsider using a phone or computer at all. If you must, you must be desperate and I pity the situation you must be in, and I hope you really understand what your risk profile is, what technology can address actually it, and if that technology actually exists.
States can use metadata from Signal and ISPs to confirm that party A was in contact with party B and at what times, for example, in charges of criminal conspiracy. If one device on any end of the chats is compromised or confiscated, chats and identities are exposed. Once both devices are confiscated, messages are decrypted on both ends of the Signal app and authorities can grab the message content they used the metadata to get a warrant/subpoena/order for.
Similarly, Signal can be gag ordered to keep a record of phone numbers linked to identities if it already doesn't exist in their implementation. Signal and/or Google/Apple/ISPs/carriers can be compelled to follow wiretap laws and collect more data on specific users, push special updates to them, etc.
It's an app that forces the use of cell phone numbers linked to real identities in order to use it, clients have servers hardcoded, clients make direct connections to servers, etc. Just the first fact alone should be a red flag if your well-being depends on privacy.
