When the client performs contact discovery, encrypted identifiers from the address book are transmitted over a secure connection directly to the enclave running the discovery service. Signal developers have been working on running a contact discovery service in such an SGX enclave. Intel SGX allows application developers to protect certain pieces of code and data from disclosure or modifications by placing them in a secure area of execution in the memory called an “enclave.” The solution seems to lie in Intel’s Software Guard Extensions (SGX) technology. In order to prevent this, Signal developers have been trying to find a way to implement truly private contact discovery. However, there is always the possibility that someone – including hackers or a government agency – modifies the code on Signal servers and starts logging contact discovery requests. In theory, this should not be a problem as Open Whisper Systems does not log contact discovery requests and makes the Signal source code publicly available in order to prove it. While the verification relies on truncated SHA256 hashes of the phone numbers and not cleartext data, these hashes can in most cases be cracked. While communications through Signal are protected against both hackers and government snooping, there is one feature that can still be improved from a privacy standpoint, namely contact discovery.Ĭurrently, when a user signs up for Signal, the phone numbers in their device’s address book are compared to entries in a database on Open Whisper Systems servers to determine which contacts use the messaging app.
Senate for official use by staff members. Signal has become highly popular with individuals who value their privacy, and it was recently approved even by the U.S.
Open Whisper Systems announced this week that it’s working on a new private contact discovery service for its privacy-focused communications app Signal.
0 kommentar(er)
