Monday, 29 October 2018

Signal's new "Sealed Sender" will hide your identity from Signal

A new feature on the encrypted messaging platform Signal, "Sealed Sender," will hide your identity from Signal itself, so that if the company is ever compromised, it will not be able to reveal who sent messages to whom.

Sealed Sender is cleverly implemented to fight spam and abuse; you can turn Sealed Sender on selectively, only allowing sealed messages where you and the other party appear in one another's address books (and you can also block sealed messages from specific individuals, even if they appear in your address book and vice-versa).

Signal uses Amazon Web Services for hosting, and says that it is still working on finding a viable way to encrypt IP addresses and other metadata that could theoretically allow an attacker to perform certain types of user traffic analysis. And encrypted messaging still isn't a magic bullet, especially if you leave message threads on your device. But Green emphasizes that every incremental step is valuable. The difficulty of developing the technical frameworks for these steps is one reason WhatsApp cofounder Brian Acton donated $50 million in February to support Signal's development. The more of a barren data wasteland it is inside of Signal, the better.

Signal Has a Clever New Way to Shield Your Identity [Lily Hay Newman/Wired]