Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform


https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

Signal has moved the ball on e2e for the masses, but it's centralized arch makes it a honeypot for metadata collection & timing correlation attacks. p2p networks w/ plausible deniability bloom filters like @waku & mixnets like @nymproject make attacks like this harder w/ the tradeoff of higher bandwidth & latency.

Building uncompromising web3 communication at scale.

https://waku.org
Part of the @logos-stack .

The next generation of privacy infrastructure.

Software Engineer @ Cadence Design Systems. B4: Stanford EE / Illinois ECE

Agree that Signal is awesome except for it's centralized arch. In addition to honeypot for metadata collection, Signal also doesn't have a cryptographically provable identity to verify initial messages sent to a new contact.

A team of us are experimenting with adding Signal-like e2ee messaging to Bluesky which, like FC, has a DID that can bootstrap secure messaging.