Oddbean new post about | logout
paulmillr | 9 months ago (raw) | root | parent | reply | flag +2 
 It's possible to deduce who messages whom (timing / correlation attack). All user contacts are uploaded to Signal servers (they say it's stored in SGX - which may be broken). Groups also store some data on Signal servers. And - most important - Signal relies on phone numbers.
Newton | 9 months ago (raw) | root | parent | reply | flag 
 How do you "may be bedlam broken" SGX, @paulmillr? This is an extremely crucial claim for us, Signal users. Please help us understand.
paulmillr | 9 months ago (raw) | root | parent | reply | flag +3 
 Please check out this writing https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
Newton | 9 months ago (raw) | root | parent | reply | flag 
 Thank you very much. Gonna check it. 🫂
Newton | 9 months ago (raw) | root | parent | reply | flag 
 Read it thoroughly. Interesting and technically detailed. But ultimately it's a "may be" hypothesis. It's good to be cautious, even paranoid, but I didn't agree with the wholesale implication of the Signal app. Thank you very much for the link. 🫂
vnprc | 8 months ago (raw) | root | parent | reply | flag 
 I disabled my PIN after reading this.