[jlund]

GCM payloads are fully encrypted. Google would be able to tell that you are a TextSecure user who is receiving a message, but they cannot tell who the message is coming from nor can they look at its contents (obviously).

[avn2109]

But crucially, this will still be vulnerable to timing attacks, if I'm not mistaken.

[tptacek]

What's the specific timing attack you're considering here?

[nialo]

There may not be the traditional byte at a time comparison type timing attack, but maybe this is still vulnerable to timing correlation attacks in the same sense that tor is. That is, Google or someone monitoring Google's network can look at all the messages and see who is talking to whom by matching up timing and encrypted message bodies.

[e12e]

I'm guessing: I send a message, you receive a message -> possible to infer (with some confidence) that I messaged you?

(I don't know if that would be feasible, but I suppose that's what avn2109 meant).

[ie: not a timing attack, but traffic analysis]

[avn2109]

Good point. I did indeed mean traffic analysis, not "timing attack."