I guess? This is an anonymity feature no other mainstream messenger has in the first place. The idea behind sealed sender is that clients can send messages through Signal's service without authenticating directly to the server. It's not, like, part of the core E2E mechanic of Signal; I'm not even sure it was ever out of beta.
The suggested fix was pretty complicated and had some drawbacks (see section VII-B). Signal probably did not agree that it was worth it. It's a hard problem and it just might be the case that no one has of yet come up with a workable solution.
FYI I don't think Signal cares much about anonymity (sadly). I've seen several discussions on their forums where admins have even been hostile to people asking for it. I love Signal, but its community is toxic and I really wish the devs would move a bit faster. I know it is a tall order, but that's what Moxie argued in his "The Ecosystem is Moving" talk (we can't have decentralized because you have to move fast and adapt). There's a lot of low hanging fruit that Signal just seems to ignore.
However much they care or don't care about it, the salience of this NDSS paper is that Signal has a relatively complex anonymity feature that no other mainstream messenger has (the ability to cryptographically authenticate a message that can be delivered via the service without the client authenticating to the server), and it's susceptible to some straightforward network timing analyses.
There may be any number of other reasons to believe that Signal doesn't care enough about anonymity, but with respect to this paper, the most you can say is that they don't get full credit for an extra credit anonymity project they did.
Oh, I use Signal and still push my friends and family to use it. I'm not arguing against it. You're right that it is still a great app that does things others don't.
As to anonymity, I'm more frustrated with the community being hostile against other community members asking and pushing for it. I do understand that the community isn't the signal team, but it is their official community so it does set the tone. Especially since they specifically note that that's the only community they pay attention to. (e.g. GitHub bug reports should be on community)
As for non-anonymity stuff, there are quite a lot of extremely low hanging fruit that is weirdly not available but highly asked for. Like having to go to https://signalstickers.com/ to get stickers? This should clearly be accessible through the app (or they should be hosting their own). Delayed messages are thankfully here but took forever. For some reason forwarding messages on phone vs computer has different behavior (I can edit from the computer; the preferred method). Still can't find messages associated with media. Can't star/favorite messages. These are very important features that each could be done in less than a weekend so it just seems odd.
I do want to see Signal be more used and I want to see it grow. I love it and advocate for it, but that also doesn't mean I'm not going to be critical of it when it is having issues.
Shooting for the extra credit is the assignment. Nobody uses Signal as an actual chat app, there's far better chat apps including Telegram. The presented hyper-emphasis on anonymity is their only value.
To my knowledge they don't emphasize anonymity at all. Instead they emphasize privacy.
The distinction being that anonymity is when nobody knows who you are and privacy is when nobody knows what you said. You can technically have both but most systems make a compromise of one or the other.
My impression is that since around 2020 Signal devs have been trying as quietly as possible to tell people that the service can no longer be trusted and everyone should switch to something else. First they started keeping sensitive user data in the cloud which upset and alienated a bunch of users, they've also refused to update their privacy policy to reflect that fact, then they added the weird crypto thing which upset more users, and killing off the ability to handle SMS/MMS as well as secure communications, one of their best features, seems like yet another attempt drive away users. Maybe going years without fixing important features with known vulnerabilities is just another hint being left to ward off anyone who really needs their communications secure.
I loved signal and recommended it to many people over the years, but I ditched it after they started collecting and insecurely storing user data in the cloud, and I'm still disappointed in what it has turned into. The folks behind Signal had a great project once and I hope someone outside of the US steps up to give us a real replacement one of these days.
Me and my family ditched Signal this week after 2 years of struggle. The calls refusing to ring on our 3 different brands of Android phones, only to be greated by a missed call notification later, despite disabling all the battery optimization features on each phone meant the app was unusable for us.
It always rings on the PC app, but on our phones it's always hit or miss. Only once you open the app when someone is calling you, does it finally decide to ring.
Googling around it seems many are impacted by this bug which has been around since forever, but no fix has been implemented and since the dev team seems mostly iOS focused, I doubt it will ever be. The lack of supporting linking to Android tablets is another blow for us when iPad support has been available since forever.
Shame. I respect Signal and its devs for doing what they did, but we need more than a barebones messaging app with focus on stickers and stories instead of fixing jarring bugs and missing Android features, so it looks like it's back to WhatsApp for us. It may be part of Zuck's empire but it has never ever let us down in any situation.
Largely the same situation here. When it’s iOS/macOS users only we use Signal and it’s great, but for anything involving Android users we switch back to WhatsApp because Signal is so unreliable.
Signal has claimed [0] that the only two pieces of information they store are two integers, "Last connection date" and "Account Creation date". Has that changed?
Yes it changed a while ago. They are now storing exactly the kinds of information they loved to brag about being able to say they couldn't hand over because it wasn't being kept in the first place.
Specifically, they now keep your name, your phone number, your photo, and worst of all a complete listing of everyone you have been contacting using Signal and all of it is kept in the cloud.
Security concerns were raised very early (https://community.signalusers.org/t/proper-secure-value-secu...) and to their credit Signal did make it possible to create pins longer than 4 characters, but they still called them pins (which in most people's mind is a 4 digit number) still allowed short/simple pins, and in the end everyone's data is still sitting forever in a leaky SGX enclave and can still be brute forced.
If you are a signal user and you had no idea this data collection was happening that should tell you everything you need to know about how trustworthy Signal is. The truth is they went out of their way to be confusing about all of this leading to tons of people having the wrong idea. (for example see this whole thread, but especially the point made by this guy about their communications https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...)
My guess is that some three letter agency showed up and forced them to start collecting data. It'd explain why they collected the data, refused to make it optional, were so unclear in communications rolling it out, and why they seem to be trying to scare away their own users ever since.
At this point I consider the fact that the very first sentence of their privacy policy has been a lie since 2020 to be a huge dead canary. It's not like people haven't asked them to update it (https://community.signalusers.org/t/can-signal-please-update...)
The "sealed sender" feature talked about in the article.
They did make some changes to protect against this one: https://sgaxe.com/files/SGAxe.pdf when it started to get attention, but there will be other exploits to get SGX protected data.
As always, the best way to secure private information is not the collect it and keep it in the cloud in the first place.
Just so we're clear: this is (a) a feature no other mainstream messenger has, meaning that the worst implication of it is that Signal is no more anonymous than alternatives, and (b) is a pretty straightforward traffic analysis attack. The server is oblivious to the identities of senders, but recipients reply to senders and can be correlated.
> Just so we're clear: this is (a) a feature no other mainstream messenger has, meaning that the worst implication of it is that Signal is no more anonymous than alternatives
No more anonymous than some alternatives, although likely no more than mainstream alternatives, but while also leaving users with a false sense of security since this feature was supposed to prevent the exact thing it's allowing.
> is a pretty straightforward traffic analysis attack.
"straightforward" traffic analysis attacks that expose people who would normally be protected by VPNs and/or TOR, but now aren't purely because of how Signal works.
I mean, not only did these researchers find and disclose the flaw for free, they also came up with and tested solutions to the problem but still signal is like "nah, we'll keep it broken!"
