> How? In Signal's design nobody ends up knowing this except the sender and recipient.
The most obvious one is fairly basic traffic correlation using the IPs and timing information. You can figure out which IPs are communicating with which recipients (because the recipient of a message is necessarily public to the server, the device connects to the Signal servers to send the message, and everything is routed through servers controlled by a single party) as well as the IPs of recipients. When combined with timing information and the knowledge that users are only going to be able to talk to at most a few people simultaneously, you find that two people in the same IP-based social graph sending messages with the other person as a recipient at the same time are probably talking to each other.
I'm not saying that Signal is doing this, I'm just saying that it is possible because of the design. This is basically the same reason why single-node VPNs cannot protect your anonymity against internal (and some external) threats and why something like Tor is needed to solve the problem. And note that this isn't even a slightly controversial statement -- it's even mentioned in the blog post announcing the "sealed sender" feature[1]:
> In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development.
We could argue about what "additional" means in this context, but given the design of the service I'm pretty sure they're just referring to their logging policies and Intel SGX usage.
> what you're doing is basically like dressing in head-to-foot desert camouflage gear to stand in Times Square
I don't understand the point you're making. If I'm talking in a public room, then obviously the messages are public. But if I'm only talking with folks on the same homeserver as me (or on homeservers they run) then only our homeservers know about our communications. Without tools like Ricochet there isn't (as far as I know) a way to get more metadata protection as easily. Don't get me wrong, it definitely isn't perfect and I wish it provided more protection -- but it is practically no worse than Signal in this respect (and it is significantly better for rooms that don't have :matrix.org users in them -- which is something I explicitly mentioned in my original comment).
> The most obvious one is fairly basic traffic correlation using the IPs and timing information.
That is made very difficult by Signal's volume. The more people use Signal and the more things they use it for, the harder it becomes to discern a meaningful pattern.
> I don't understand the point you're making.
No I sort of gathered, which is why I used the Times Square camouflage analogy. You stand out because you've gone out of your way to "protect yourself". That traffic correlation you were so excited might be possible for Signal is instead trivial for your personal homeserver with its handful of users.
You've gone out of your way to make yourself less safe because of a misunderstanding of the threat. It's very common.
The most obvious one is fairly basic traffic correlation using the IPs and timing information. You can figure out which IPs are communicating with which recipients (because the recipient of a message is necessarily public to the server, the device connects to the Signal servers to send the message, and everything is routed through servers controlled by a single party) as well as the IPs of recipients. When combined with timing information and the knowledge that users are only going to be able to talk to at most a few people simultaneously, you find that two people in the same IP-based social graph sending messages with the other person as a recipient at the same time are probably talking to each other.
I'm not saying that Signal is doing this, I'm just saying that it is possible because of the design. This is basically the same reason why single-node VPNs cannot protect your anonymity against internal (and some external) threats and why something like Tor is needed to solve the problem. And note that this isn't even a slightly controversial statement -- it's even mentioned in the blog post announcing the "sealed sender" feature[1]:
> In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development.
We could argue about what "additional" means in this context, but given the design of the service I'm pretty sure they're just referring to their logging policies and Intel SGX usage.
> what you're doing is basically like dressing in head-to-foot desert camouflage gear to stand in Times Square
I don't understand the point you're making. If I'm talking in a public room, then obviously the messages are public. But if I'm only talking with folks on the same homeserver as me (or on homeservers they run) then only our homeservers know about our communications. Without tools like Ricochet there isn't (as far as I know) a way to get more metadata protection as easily. Don't get me wrong, it definitely isn't perfect and I wish it provided more protection -- but it is practically no worse than Signal in this respect (and it is significantly better for rooms that don't have :matrix.org users in them -- which is something I explicitly mentioned in my original comment).
[1]: https://signal.org/blog/sealed-sender/#the-future-is-in-tran...