[Calvin02]

I don't think that's accurate.

Pretty sure both work the same way regarding metadata. Think about it: if Signal didn't know that A was messaging B, how would they route that message to B's phone? A has to be able to find B's ip address someway. B can't broadcast its ip address to all the Signal users -- that would be a huge security hole.

It probably works like this: 1) A sends encrypted message + B's phone number to the server 2) server looks up the ip address for B's phone number 3) server routes the message there.

Also, both WhatsApp and Signal hash the contacts data the same way. Signal does seem to go a bit further, however.

WhatsApp's implementation: https://www.whatsapp.com/legal/information-for-people-who-do... Signal's implementation: https://signal.org/blog/private-contact-discovery/

[nicce]

WhatsApp contact uplod mechanism continues here [1].

It means, that if the contact list contains numbers which have not accepted WhatsApp ToS, their content is stored only as hash. When the user starts using WhatsApp, their number and hash is being mapped.

Vaguely described as

> Each cryptographic hash value is stored on WhatsApp’s servers, linked to the WhatsApp users who uploaded the corresponding phone numbers before they were hashed so that we can more efficiently connect you with these contacts when they join WhatsApp.

Which means that WhatsApp knows the numbers of the WhatsApp users, and how they interact together.

Signal does not know numbers or how these contatcs interact.

It is described here [2]. Number is only needed for creating the unique hash. Server knows only the recipient, not the sender.

[1]: https://faq.whatsapp.com/423109552047857/?locale=en_US&refsr...

[2]: https://signal.org/blog/sealed-sender/

[topdancing]

> Signal does not know numbers or how these contatcs interact.

> It is described here [2]. Number is only needed for creating the unique hash. Server knows only the recipient, not the sender.

Signal does know everyone's numbers as everybody is logged into a Signal account on the server end (this is how your client fetches messages for your number). That same account and IP are also used when you send a message.

On top of that fact, sealed sender has been known to be broken for some time now: https://www.ndss-symposium.org/ndss-paper/improving-signals-...

[pvg]

Pretty sure both work the same way regarding metadata.

They don't, that's covered pretty extensively in the many technical writeups of various Signal features. It's one of the main value propositions of Signal, that it doesn't work like most secure messengers especially when it comes to metadata.

[josh2600]

https://signal.org/blog/sealed-sender/

Worth reading.

[Calvin02]

Interesting! I hadn’t heard about this. This would make it so that Signal could say that they don’t know the message pair.

[jbc1]

Have a look at what they reply to subpoenas with.

https://signal.org/bigbrother/cd-california-grand-jury/

[topdancing]

This is just a marketing gimmick, it's been broken as a technology since its inception: https://www.ndss-symposium.org/ndss-paper/improving-signals-...

[quonn]

The server does not really store IPs, since mobile phones are likely behind CGNAT.

In theory, B could publish a new public key as identity per target user.

I see two main problems: First, push notifications do require the server to actually identify the user and second efficiency: The client would like to maintain a single long connection instead of many short lived requests with pseudonyms.

Of course there would still be some timing patterns …

[jhoechtl]

> Think about it: if Signal didn't know that A was messaging B, how would they route that message to B's phone?

There is no need for signal to know because their servers are not involved to transport the message but only ip routing infrastructure in between and of course the two parties. That's P2P

[Calvin02]

Signal is not P2P. Signal servers relay messages to/from clients.

[jhoechtl]

Thank you, TIL. I really thought their protocol is P2P