Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://friedcheese.us/objects/eeb6cb27-d88e-4a4d-8e0e-1e59aba0da26">feld (feld@friedcheese.us)'s status on Friday, 11-Apr-2025 09:05:07 JST</a><a href="https://friedcheese.us/users/feld" title="feld@friedcheese.us"><img src="https://gnusocial.jp/avatar/274913-48-20241012191855.webp" width="48" height="48" alt="feld" style="position: absolute; left: 0; top: 0;">feld</a><div><a href="https://shitposter.world/objects/9110c8b6-aa86-4af4-82f2-c142b3e0e28e" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><a href="https://shitposter.world/users/sun">@sun</a> Basically you hand Signal a message without any authentication and they deliver it. The recipient decrypts it and can tell from the signature inside it was from you. <br><br>Anyone intercepting the traffic can't tell if two messages were from the same sender just by looking at any cryptographic signatures / key IDs that are exposed (it's a second monumental task to figure out who the signatures really belong to, unless you've really targeted your traffic interception to be close to the suspect you're surveilling)<br><br><a href="https://signal.org/blog/sealed-sender/">https://signal.org/blog/sealed-sender/</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4875978#notice-9550307">In conversation</a><time datetime="2025-04-11T09:05:07+09:00" title="Friday, 11-Apr-2025 09:05:07 JST">about 5 days ago</time> <span>from <span><a href="https://friedcheese.us/objects/eeb6cb27-d88e-4a4d-8e0e-1e59aba0da26" rel="external" title="Sent from friedcheese.us via ActivityPub">friedcheese.us</a></span></span><a href="https://friedcheese.us/objects/eeb6cb27-d88e-4a4d-8e0e-1e59aba0da26">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: signal.org</div><h5><a href="https://signal.org/blog/sealed-sender/">Technology preview: Sealed sender for Signal</a></h5><div> from <span>@signalapp</span></div></header><div>In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, ...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
feld (feld@friedcheese.us)'s status on Friday, 11-Apr-2025 09:05:07 JSTfeld
in reply to
- dilbert 1
@sun Basically you hand Signal a message without any authentication and they deliver it. The recipient decrypts it and can tell from the signature inside it was from you.

Anyone intercepting the traffic can't tell if two messages were from the same sender just by looking at any cryptographic signatures / key IDs that are exposed (it's a second monumental task to figure out who the signatures really belong to, unless you've really targeted your traffic interception to be close to the suspect you're surveilling)

https://signal.org/blog/sealed-sender/
In conversationabout 5 days ago from friedcheese.uspermalink
Attachments
1. Domain not in remote thumbnail source whitelist: signal.org
  Technology preview: Sealed sender for Signal
  from @signalapp
  In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, ...

Public

Embed Notice

HTML Code

Corresponding Notice