Although messages ship via secure messaging services, similar Signal, WhatsApp, as well as Telegram, are fully end-to-end encrypted equally they transmit across their servers, each message leaves behind around of the metadata information that reveals who sent the message to whom as well as when.
The novel feature, dubbed "Sealed Sender," announced yesteryear Signal is going to farther trim the amount of information that is accessible to the society itself.
However, you lot should authorities annotation that Signal never stores metadata or logs of information on its users similar who sends messages to each other as well as when, exactly the novel characteristic would protect the sender’s identity inward illustration the communication is somehow intercepted.
How Does the Signal's Sealed Sender Feature Protect Metadata?
According to a blog post published yesteryear Signal on Monday, the Sealed Sender characteristic uses an encrypted "envelope" containing the sender's identity as well as the message ciphertext, which is as well as therefore decrypted at the terminate of the recipient alongside their ain identity keys.
"While the service ever needs to know where a message should hold upwardly delivered, ideally it shouldn't bespeak to know who the sender is," Signal developer Joshua Lund said. "It would hold upwardly amend if the service could handgrip packages where alone the finish is written on the outside, alongside a blank infinite where the 'from' address used to be."
The whole procedure tin flaming hold upwardly summarized inward the next steps:
- The app encrypts the message using Signal Protocol, equally usual.
- Include the sender certificate as well as encrypted message inward an envelope.
- Encrypt the envelope using the sender as well as recipient identity keys.
- Without authenticating, ship the encrypted envelope to the Signal server along alongside the recipient's delivery token.
- The message recipient tin flaming as well as therefore decrypt the envelope yesteryear validating the identity fundamental to know the sender of the message.
It should hold upwardly noted that since the novel technique eliminates the company's might to validate sender's certificate that was existence used to forbid abuse as well as spoofing, the service has introduced additional workarounds that notwithstanding let users to verify who sent the incoming messages.
Besides protecting the Sender's identity, the society is too finding ways to encrypt IP addresses as well as other sensitive metadata information that could hold upwardly revealed yesteryear analyzing users' network traffic.
The Sealed Sender characteristic volition hold upwardly enabled yesteryear default inward the upcoming version of Signal.
