Messaging apps are now becoming more and more secure to make it difficult or rather impossible for anyone to access your conversations. Switching to end-to-end encryption although offered a stronger layer of protection but still the unencrypted metadata like sender/receiver information, message sending time, etc., wasn’t secured enough and could be exploited by an attacker.
This problem has been addressed by Signal, a popular instant messaging app. The Signal app will be introducing a new future to keep the sender’s identity completely hidden so as to discourage potential attackers from attempting to intercept conversations.
Reportedly, Signal is currently testing a new feature “Sealed Sender,” which has been designed to ensure that the metadata remains inaccessible to potential adversaries and attackers as minimal metadata will be accessible to its servers. Sealed Sender’s beta version was released this Monday, which will remove a majority of the sender information that is available in the plain-text format on message headers.
In their blog post, Signal app’s developer Joshua Lund stated that:
“While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is. It would be better if the service could handle packages where only the destination is written on the outside, with a blank space where the ‘from’ address used to be.”
The new feature will be enclosing user information inside the encrypted message. Senders can retrieve short-lived sender certificates, which are also enclosed in the encrypted envelope. These certificates contain information like the sender’s phone number, expiration timestamp, and public key.
The sender’s validity can be verified after decrypting the sender certificate but since it cannot be decrypted until it arrives on the receiver’s device, therefore, Signal’s servers cannot get the information about the sender. To further prevent exploitation by attackers, delivery tokens are derived from the profile key of the sender.
Prior to transmitting a message to strip the “from” part of the address header, the user has to verify that he or she has access to the delivery token. The valid token can be created only by the person or group that is currently present in the recipient’s contacts list. The recipient can easily block a sender if spam messages are received. If any recipient wants to receive sealed-sender messages from someone who’s not listed in the contacts, he or she can select an optional setting that doesn’t require verification through a delivery token.
Through Sealed Sender, Signal app aims to minimize its interference in user communications, which will help the company in dealing with law enforcement more convincingly. Usually, messaging app contain private data that law enforcement agencies often need and companies are required to provide.
However, this feature will make it quite difficult for Signal to cooperate with authorities as it will have to revert to the old client software and the law enforcement would need to wait for their investigation to progress until the target installs the update.
But, Signal will keep on mapping the sender’s IP address even under this new feature, and this means potentially sensitive data would still be vulnerable to some extent. This also includes recipient IDs and message time. However, by removing the “from” information from the headers the company has certainly raised the bar when it comes to data privacy.