Email or username:

Password:

Forgot your password?
Top-level
Hannah

@cholling @Mer__edith @echo_pbreyer I think there is often a misconception on how contact discovery works in Signal.

Signal uses the social graph of phone numbers in a way convenient to the user but with as little information leakage as possible.

TL;DR Signal does know which phone numbers have been using Signal with a bit of brute force computing. It does not know a users' contacts or social graph.

The rough outline is (AFAIK, correct me if I am wrong):

Signal knows which phone numbers are registered. That's all the information they store regarding phone numbers not encrypted by your account key/PIN.
(AFAIK they only store a hash - but it can be reversed with some brute forcing as the phone number space is pretty small)

Signal will ask the server if phone numbers in your phone book are registered with Signal. (you can deactivate this) It does not send the whole phone numbers - just a truncated hash, so Servers do not know which phone numbers exactly are in your address book.

This is done in a secure enclave protected by Intel SGX to ensure the server code does not save the phone numbers anywhere. (Prevents signal servers from building a social graph)

SGX in this case allows the client to verify the server is actually running the source code published and to protect from memory snooping from the host OS.

This means if you trust Intel SGX, you can be sure your social graph and your contacts' phone numbers are not leaked.

See signal.org/blog/private-contac (actual contact discovery is superseeded by a newer iteration of this)

Signal could be a bit clearer on how the own phone number is associated with an account - but that seems to be very limited as well:

"The only information Signal maintains that is encompassed by the subpoena for any particular user account, identified through a phone number, is the time of account creation and the date of the account’s last connection to Signal servers. That is all. We have provided the information responsive to the subpoena in Signal’s possession in Attachment A."

security.stackexchange.com/que

5 comments
cholling

@scatty_hannah @Mer__edith @echo_pbreyer Thanks for the explainer. I'm glad to hear that Signal takes measures to ensure that neither they nor third parties can access my contacts, but their app still reads my contacts, and as I recall (it's been years since I signed up for Signal) this contact- reading is opt-out rather than opt-in.

Also, I believe the ability to have a Signal account not tied to a phone number is a relatively recent development?

cholling

@Mer__edith @scatty_hannah @echo_pbreyer The app still has to have access to my contacts in order to generate the hashes. The *server* may not be able to read my contacts, but the *app* absolutely can. Otherwise there's no way it would be able to show me a list of my contacts that are on Signal.

Hannah

@Mer__edith @cholling @echo_pbreyer the linked text does say: "Clients transmit the encrypted identifiers from their address book to the enclave."

That would imply the *app* does need to read contacts.

Signal, *the company* and/or server operator will not be able to get access to those, though - as long as SGX is not broken.

Also a SGX breakage would not leak *previously* submitted identifiers, except when an attacker did know of a way to attack SGX before it gets known by the general public.

Hannah

@Mer__edith @cholling

Don't get me wrong, I think the approach Signal takes is very reasonable and probably a reason for its success.

It is good practical/*usable* security and users who need more privacy will face a lot of hurdles in operational security most of their communication partners probably won't take on - so it usually becomes a moot point.

Large adoption base is the biggest privacy preserving factor - and Signal is doing good there *because* of its tradeoffs.

Everyone of our communication partners who do have our phone number and still use WhatsApp, etc. will give a part of our social graph to those companies, no matter how good *our* operational security is.

@Mer__edith @cholling

Don't get me wrong, I think the approach Signal takes is very reasonable and probably a reason for its success.

It is good practical/*usable* security and users who need more privacy will face a lot of hurdles in operational security most of their communication partners probably won't take on - so it usually becomes a moot point.

Go Up