|
If you think WhatsApp leaves a lot of metadata on the table for analysis, try doing a Matrix chat. You get a plaintext view of which device used which key to send which message ID to which room/person. If the message is a reply, you get the message ID your new message is a reply to in plaintext as well. Without even looking at things like HTTP headers, this is what the metadata an E2EE-encrypted message (with verified+cross-signed keys) looks like, with specific identifiers censored just in case: {
"type": "m.room.encrypted",
"sender": "@.......:jeroenhd.nl",
"content": {
"algorithm": "m.megolm.v1.aes-sha2",
"ciphertext": "AwgAEqAC/..........",
"device_id": "EDNM......",
"sender_key": "+rKR.......",
"session_id": "H3Oyob........",
"m.relates_to": {
"m.in_reply_to": {
"event_id": "$5qFg........"
}
}
},
"origin_server_ts": 17507.......,
"unsigned": {
"membership": "join",
"age": 127,
"transaction_id": "m17507........."
},
"event_id": "$_KBk.......",
"room_id": "!.........:jeroenhd.nl"
}
Unlike on platforms like Whatsapp, these message envelopes are available to anyone with access to either a session token or the user's password. The E2EE keys require a bit of extra verification, but you don't need those to build a pretty solid who-talks-to-who-when network even in encrypted chatrooms.I understand why they implemented some of the metadata this way, but the encryption-stapled-to-unencrypted-messaging approach just leaves a lot to be desired. Signal, on the other hand, leaks pretty much nothing. |