Home » » Signal rolls out a new privacy feature making it harder to know a sender’s identity

Signal rolls out a new privacy feature making it harder to know a sender’s identity

No comments

Signal, regarded as the gold standard of end-to-end encrypted messaging apps, is rolling out a new feature that will further protect the identities of message senders.

“While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is,” Signal revealed in a blog post Monday.

Dubbed “sealed sender,” the messaging app will soon store a sender’s information inside the envelope of an encrypted message. In order to remove the sender’s “from” information from the message’s envelope, Signal will encrypt the message, and then include a short-term certificate on the envelope of the encrypted message that can be used to prove a sender’s identity, which includes the sender’s phone number, public identity key and an expiry time. Then, that envelope is encrypted. Once it’s delivered, the recipient’s device will validate that certificate and decrypts the message as it normally would.

Sounds fancy, but in reality nothing changes at the surface level — the app will send your messages securely over an end-to-end encrypted connection. But behind the scenes at the service level, the new handoff mechanism makes the service more resistant to metadata.

The new feature will be enabled by default when it rolls out in a future release.

Since its inception, Signal hasn’t collected or stored data. By engineering the service so that it can deliver messages while cutting itself out of the loop, the app maker can’t turn over data to governments when they come knocking with a warrant. That point was proven two years ago when the FBI demanded that Signal turn over all the data it had on one particular user.

Signal responded with all the data it had — a timestamp of when the account was created and its last connection date. The information was effectively useless to prosecutors.

“These protocol changes are an incremental step, and we are continuing to work on improvements to Signal’s metadata resistance,” the blog post said. “In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development.”

In other words, your data was never stored — but now it can’t be.

The new feature will be enabled by default in a future version of Signal. It’s heading into beta in the next few days.



from www.tech-life.in
Share:

No comments:

Post a Comment

Search This Blog

Blog Archive

Powered by Blogger.

Edo raises $12M from Breyer Capital to measure TV ad effectiveness

Edo , an ad analytics startup founded by Daniel Nadler and actor Edward Norton, announced today that it has raised $12 million in Series A f...

Blog Archive

Recent Posts

Unordered List

  • Lorem ipsum dolor sit amet, consectetuer adipiscing elit.
  • Aliquam tincidunt mauris eu risus.
  • Vestibulum auctor dapibus neque.

Sample Text

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation test link ullamco laboris nisi ut aliquip ex ea commodo consequat.

Pages

Theme Support

Need our help to upload or customize this blogger template? Contact me with details about the theme customization you need.