Conversation

Notices

Embed this notice
Frederic Jacobs (fj@mastodon.social)'s status on Thursday, 07-Dec-2023 18:46:11 JST Frederic Jacobs
in reply to
- jesse squires
@jsq Hi Jesse!
Before talking about Sealed Sender specifically, it's worth calling out that Signal does not send any push content other than a flag that says: “Connect to the Web Socket” and retrieve some messages”. The content is then fetched and decrypted in a Notification Service Extension and then displayed as a local notification to the user.
https://github.com/signalapp/Signal-iOS/blob/b1027b670ea145073b12e5fb5c281a2facd3b61b/SignalNSE/NotificationService.swift#L105
APNS therefore never sees, even the Sealed Sender-encrypted ciphertexts, of the incoming messages.
In conversation Thursday, 07-Dec-2023 18:46:11 JST from mastodon.social permalink
Attachments
1. No result found on File_thumbnail lookup.
  
  https://github.com/signalapp/Signal-iOS/blob/b1027b670ea145073b12e5fb5c281a2facd3b61b/SignalNSE/NotificationService.swift
- Embed this notice
  Aral Balkan (aral@mastodon.ar.al)'s status on Thursday, 07-Dec-2023 18:46:11 JST Aral Balkan
  in reply to
  - jesse squires
  @fj @jsq But they can see who is talking to whom, right? (The metadata the NSA and CIA use to kill people, according to General Michael Hayden.)
  
  In conversation Thursday, 07-Dec-2023 18:46:11 JST permalink
- Embed this notice
  jesse squires (jsq@mastodon.social)'s status on Thursday, 07-Dec-2023 18:46:12 JST jesse squires
  
  Question for security nerds:
  With the recent revelations about governments spying on push notifications, doesn’t that circumvent Signal’s “sealed sender” feature?
  If you can spy on APNS traffic, then you can easily see who is messaging whom. Right?
  https://signal.org/blog/sealed-sender/
  
  In conversation Thursday, 07-Dec-2023 18:46:12 JST permalink

Public

Notices

Feeds