-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation of the privacy impact of contact and message syncing #459
Comments
This issue is probably going to get closed, because questions like this belong to one of these places Whisper Systems knows the phone numbers of your contacts (or their hashes) simply because your phone sends them to the server periodically to let you know who of your firends uses Signal. Your contacts are not stored on the server though. Obviously they have to be stored on your phone and desktop otherwise you wouldnt be able to reach your contacts. The sync between the Desktop and the Phone is performed in an end to end encrypted way so no additional information is shared with the server. Here is a mail from moxie regarding this question https://lists.riseup.net/www/arc/whispersystems/2015-12/msg00007.html . Whisper Systems never sees the content of your messages because they are always end to end encrypted. When you have the Desktop version it communicates with your phone in an end to end encrypted way. @riyapenn It would be nice to have the official answers to these questions in the "Desktop" and "Security" sections of the support forum. |
Thanks for that explanation! In case you write an official FAQ entry for this, maybe mention that Whisper Systems does not store one hash for each contact, but the set bits of a Bloom filter - so technically it's k hashes per contact. If it is still true that you use the Bloom filter technique, which I read quite some while ago... In any case it should be sufficiently hard for Whisper Systems or any adversary party to calculate the phone numbers of my contacts (both those using Signal and those who don't) from the hashes Signal sends them. When sending messages, the Whisper Systems server knows that it has to send messages for me to two endpoints (desktop and mobile)? And when I send a message from my mobile, this Signal adds an additional destination address, so that it also will be sent to the desktop client? Thus Whisper Systems does not store the message history, not even in e2e encrypted form? |
No, WS does NOT see your list of contacts. It only sees the number of the individual you are sending a message to when you send it. On December 6, 2015 11:01:51 PM GMT+08:00, Kirill Streltsov notifications@github.com wrote:
|
The best place to ask questions is http://support.whispersystems.org/ |
Is there any documentation of the privacy impact of contact and message syncing?
Specifically, I would like to know:
The text was updated successfully, but these errors were encountered: