Gregory's Server@Mer__edith @cholling @echo_pbreyer the linked text does say: "Clients transmit the encrypted identifiers from their address book to the enclave."
That would imply the *app* does need to read contacts.
Signal, *the company* and/or server operator will not be able to get access to those, though - as long as SGX is not broken.
Also a SGX breakage would not leak *previously* submitted identifiers, except when an attacker did know of a way to attack SGX before it gets known by the general public.
@Mer__edith @cholling
Don't get me wrong, I think the approach Signal takes is very reasonable and probably a reason for its success.
It is good practical/*usable* security and users who need more privacy will face a lot of hurdles in operational security most of their communication partners probably won't take on - so it usually becomes a moot point.
Large adoption base is the biggest privacy preserving factor - and Signal is doing good there *because* of its tradeoffs.
Everyone of our communication partners who do have our phone number and still use WhatsApp, etc. will give a part of our social graph to those companies, no matter how good *our* operational security is.
@Mer__edith @cholling
Don't get me wrong, I think the approach Signal takes is very reasonable and probably a reason for its success.
It is good practical/*usable* security and users who need more privacy will face a lot of hurdles in operational security most of their communication partners probably won't take on - so it usually becomes a moot point.