|
Top-level
 @scatty_hannah @Mer__edith @echo_pbreyer Thanks for the explainer. I'm glad to hear that Signal takes measures to ensure that neither they nor third parties can access my contacts, but their app still reads my contacts, and as I recall (it's been years since I signed up for Signal) this contact- reading is opt-out rather than opt-in. Also, I believe the ability to have a Signal account not tied to a phone number is a relatively recent development? 4 comments
@Mer__edith @scatty_hannah @echo_pbreyer The app still has to have access to my contacts in order to generate the hashes. The *server* may not be able to read my contacts, but the *app* absolutely can. Otherwise there's no way it would be able to show me a list of my contacts that are on Signal. @Mer__edith @cholling @echo_pbreyer the linked text does say: "Clients transmit the encrypted identifiers from their address book to the enclave." That would imply the *app* does need to read contacts. Signal, *the company* and/or server operator will not be able to get access to those, though - as long as SGX is not broken. Also a SGX breakage would not leak *previously* submitted identifiers, except when an attacker did know of a way to attack SGX before it gets known by the general public. |
Gregory's Server
@cholling @scatty_hannah @echo_pbreyer No, the app does not read your contacts. See: https://signal.org/blog/private-contact-discovery/