I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

  • Arthur Besse@lemmy.ml
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    6 months ago

    it’s being answered in the github thread you linked

    The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to “unsealed sender”.

    That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does “enable sealed sender indicators”).

    This can be separated into two separate questions:

    1. For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
    2. For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?

    The strongest possibly-true statement i can imagine about sealed sender’s utility is something like this:

    For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.

    This is a vastly weaker claim than saying that “by design” Signal has no possibility of collecting any information at all besides the famous “date of registration and last time user was seen online” which Signal proponents often tout.