|
|
|
|
|
|
by tialaramex
2380 days ago
|
|
|
SheinhardtWigCo's central idea is that if someone receive a packet over the network it has an IP address in it, and that's the sender's "identity" and so the Signal servers can't avoid knowing Alice's "identity" when she does this, and then they can collect such data to try to re-assemble group membership in terms of IP address "identities". For example let's say a packet arrives from 10.20.30.40 [[ all IPs used are from 10/8 as examples I am aware that Signal probably rejects packets claiming to be from an RFC1918 network ]] which contains proof that group #1 member #4 has authorised adding a new member #8 SheinhardtWigCo believes this tells us that this identity (10.20.30.40) is a member of this group, group #1 and they suppose that Signal's server could in fact store this, and then perhaps later tell some Spooks a list of such members of group #1 and it could do this on a vast scale, so that it would be able to say for any "identity" (IP address) the list of all identities (IP addresses) which seem to be members of groups which that identity is also a member of. Now, I don't think Spooks would find that very useful, but there you go, that's what SheinhardtWigCo thinks is a big problem here. [ Edited to clarify early paragraph ] |
|
|