Conversation

Notices

jesse squires 🏴 (jsq@mastodon.social)'s status on Thursday, 07-Dec-2023 18:45:53 JST jesse squires 🏴

Question for security nerds:
With the recent revelations about governments spying on push notifications, doesn’t that circumvent Signal’s “sealed sender” feature?
If you can spy on APNS traffic, then you can easily see who is messaging whom. Right?
https://signal.org/blog/sealed-sender/

In conversation about a year ago from mastodon.social permalink
- Frederic Jacobs (fj@mastodon.social)'s status on Thursday, 07-Dec-2023 18:45:53 JST Frederic Jacobs
  in reply to
  
  @jsq Hi Jesse!
  Before talking about Sealed Sender specifically, it's worth calling out that Signal does not send any push content other than a flag that says: “Connect to the Web Socket” and retrieve some messages”. The content is then fetched and decrypted in a Notification Service Extension and then displayed as a local notification to the user.
  https://github.com/signalapp/Signal-iOS/blob/b1027b670ea145073b12e5fb5c281a2facd3b61b/SignalNSE/NotificationService.swift#L105
  APNS therefore never sees, even the Sealed Sender-encrypted ciphertexts, of the incoming messages.
  In conversation about a year ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    https://github.com/signalapp/Signal-iOS/blob/b1027b670ea145073b12e5fb5c281a2facd3b61b/SignalNSE/NotificationService.swift#L105
- Aral Balkan (aral@mastodon.ar.al)'s status on Thursday, 07-Dec-2023 18:45:53 JST Aral Balkan
  in reply to
  - Frederic Jacobs
  @fj @jsq But they can see who is talking to whom, right? (The metadata the NSA and CIA use to kill people, according to General Michael Hayden.)
  
  In conversation about a year ago permalink

Public

Notices

Feeds