The original claim was about phone numbers disclosing social graphs, but now we’re getting into network traffic analysis for a global passive adversary and a compromised device?
If you’re worried about traffic analysis use a mixnet like Nym. If you don’t trust your device, then get a device you trust.
No, it’s two claims: before signal servers and on your isp provider side sits nsa sniffing device (likelihood 99%), which trivially can reconstruct social graph without specifically designed obfuscations on server side (something like nym, exactly, but for signal servers themselves, with random delays and obfuscatory traffic).
Second claim is all messages are encrypted doesn’t exclude possibility of keyboard input->app internals middleman backdoor, likelihood of it existing unknown (hi, nsa), with pegasus infection 100% at least.
Basically, you are fucked with state adversary, and shouldn’t use phone for anything not serving to appear normal, and while signal can provide necessary tools to message each other, you should assume it to be transparent and appearing in some court if things go wrong. (But crucially transparent to very advanced adversary, not bumblefuck from local police, so it’s not a call to rely on messages which are so trivial to intercept with sim card duplication for 1k-5k bucks, and unencrypted for traffic interception)
https://signal.org/blog/sealed-sender/
The original claim was about phone numbers disclosing social graphs, but now we’re getting into network traffic analysis for a global passive adversary and a compromised device?
If you’re worried about traffic analysis use a mixnet like Nym. If you don’t trust your device, then get a device you trust.
No, it’s two claims: before signal servers and on your isp provider side sits nsa sniffing device (likelihood 99%), which trivially can reconstruct social graph without specifically designed obfuscations on server side (something like nym, exactly, but for signal servers themselves, with random delays and obfuscatory traffic).
Second claim is all messages are encrypted doesn’t exclude possibility of keyboard input->app internals middleman backdoor, likelihood of it existing unknown (hi, nsa), with pegasus infection 100% at least.
Basically, you are fucked with state adversary, and shouldn’t use phone for anything not serving to appear normal, and while signal can provide necessary tools to message each other, you should assume it to be transparent and appearing in some court if things go wrong. (But crucially transparent to very advanced adversary, not bumblefuck from local police, so it’s not a call to rely on messages which are so trivial to intercept with sim card duplication for 1k-5k bucks, and unencrypted for traffic interception)