Or, at the very least, they can.

Recently I got a friend to finally join me on Signal. He asked something about whether or not Signal is truly secure and private, like if it was safe from US government surveillance. I told him: “Well, it’s end-to-end encrypted, so they don’t know what we’re talking about, but they definitely know that we’re talking to each other.”

I said that because Signal uses our phone numbers as ID’s. So, Signal would know that Phone Number A is talking to Phone Number B, and if they can figure out that Phone Number A belongs to me, and Phone Number B belongs to my buddy (usually not too hard to figure out with some OSINT or the assistance of certain governments), then Signal would know that my buddy and I are talking, even if they don’t know what we’re talking about.

This is a limit of end-to-end encryption, which I’ve talked about before. End-to-end encryption provides confidentiality of data, but not anonymity or protection from identifying metadata.

However, I was surprised when my friend got back to me saying that, no, Signal actually doesn’t know who’s talking to who because of this feature called “Sealed Sender“.

“Woah! Seriously?! Cool!” I thought. But then I started reading how Sealed Sender actually works, according to none other than Signal themselves, and I found that this feature is very technically complex, and totally useless.

ʕ ಠ ᴥಠ ʔ: Woah! Seriously?! Not cool!

One-way anonymity for two-way communications

While Sealed Sender is pretty complicated under the hood, the result of it is one-way anonymity. That means that, when Phone Number A sends a message to Phone Number B, Signal won’t know that the message is coming from Phone Number A and will only know that the message is to be delivered to Phone Number B.

It does this in a way that’s very similar to snail mail without a return address: the letter inside the mail envelope might tell the recipient who the sender is, but the mail envelope itself tells the post office only who the recipient is so that it can be delivered to them. If the post office doesn’t or can’t open the envelope to read the letter itself, then they don’t know who the sender is. Later on, when the recipient wants to send a reply to the sender, they can do the same thing.

ʕ·ᴥ·ʔ: Hm, okay. This kind of sounds like it’s anonymous.

Well, yes, it sort of is, but only when there’s only one message to be sent. The problem comes up when multiple messages are being sent back-and-forth like this.

Sticking with the snail mail analogy, what happens when two pen pals keep sending mail to each other from their homes without including return addresses in their envelopes? The postal service might not know who exactly is sending each piece of mail but, over time, they would know that Address A in Lower Manhattan, New York, keeps on getting one-way mail from the post office in 3630 East Tremont Avenue, the Bronx, New York; and Address B in the Bronx keeps on getting one-way mail from the post office in 350 Canal Street, Lower Manhattan.

ʕ´•ᴥ•`ʔ: Oh. Then the postal service would be pretty sure that whoever is living at Address A and Address B are talking to each other.

Exactly. That’s the limitation of one-way anonymity: it works only one way! Once you start doing two-way communications, with replies going back-and-forth, then one-way anonymity is useless.

Two pieces of metadata

With multiple messages being sent back-and-forth over time, and with Signal knowing only the recipient phone number of each message, it would be pretty hard for Signal to figure out who’s talking to who when their servers are getting thousands of messages every second from different senders, with each message being conveyed to thousands of different recipients. But, Signal doesn’t know only the recipient phone number of each message; they also know the IP address of each sender. And this is where the snail mail analogy fails, because IP addresses are much more specific than post offices.

Signal messages, as we all know, get sent over the internet, and the internet sends data around using IP addresses. Sealed Sender only protects the sender’s phone number; it does not protect the sender’s IP address. So, if you’re sending Signal messages to your super secret pen pal from your house, and you aren’t using a VPN or Tor, then Signal knows that the messages being sent to your pen pal’s phone number are coming from your house’s IP address (not a post office, your house).

Even if you are using some method of masking your real IP address, you still have to use some IP address in order to communicate on the internet, and Signal will see that the same IP address keeps on sending messages to the same phone number. That’s enough to easily figure out that all of these different messages meant for the recipient are coming from the same sender. Sure, maybe you’re using the IP address of a VPN server or Tor exit node that has other Signal users sending messages at the same time, but that’s extremely unlikely. More likely: Even when you use a VPN or Tor, Signal can easily tell that every Sealed Sender message you’re sending to your pen pal are coming from one person: you.

And if your pen pal replies, the reply will have his IP address on it (the same IP address Signal sent your messages to) and your phone number on it. And then, when you want to receive the reply, you have to connect to Signal’s servers using, again, your IP address (the same IP address you used to send your messages to your pen pal earlier). Just like that, with two messages, Signal figured out which phone number (yours) is talking to which other phone number (your pen pal’s). If they ever decide to try and figure out who own these two phone numbers, they could ask your telecoms, or simply search Facebook and Twitter.

You can’t avoid using IP addresses on the internet; they are a necessity on the internet. But you can use a VPN or Tor to mask your real IP address with a fake one that’s not tied to your identity. But you can’t do that with phone numbers. A phone number is either tied to your identity or it isn’t; there is no masking possible, unless you use a service like MySudo which isn’t available for most of us (US and Canada only, as of this writing). If you’re fortunate enough to be able to buy a prepaid SIM without ID, then great, all you and your pen pal have to do is buy some SIM cards that aren’t tied to your identities. If buying a prepaid SIM without ID ain’t an option, then your phone number has to be tied to your identity, and Signal can use these unmasked phone numbers, in combination with masked or unmasked IP addresses, to figure out who’s talking to who, despite Sealed Sender’s promises, as long as there’s a two-way conversation going on.

Which brings up an interesting question: Why does Signal require phone numbers?

ʕ´•ᴥ•`ʔ: Hey, that is an interesting question…

Signal works over the internet, and the internet requires IP (internet protocol) addresses in order to figure out where a message should go. But sending messages over the internet does not require phone numbers; that’s a requirement when using SMS or cellular calls or mobile data, but not for using the internet. And yet, the “privacy-protecting” Signal app requires you to use a phone number to send and receive messages…

ʕ⚆ᴥ⚆ʔ: Hmmmm…

It’s always a two-way street

It gets worse. I keep repeating this: two-way communication. Sealed Sender doesn’t work with two-way communication. But, I’ve kind of been lying. The truth is: Signal already knows which phone numbers have been talking to which, even with Sealed Sender and only one-way communication.

ʕ ಠ ᴥಠ ʔ: What?!

Do these check marks look familiar to you? (Forgive the pixelation.)

ʕ·ᴥ·ʔ: Hm, yeah. Aren’t they the check marks that show up for at least a second whenever I send a Signal message? This is what’s shown after the lone check mark, and before they both turn white to indicate that my message was read, right?

That’s right. The lone check mark indicates that your Signal message was sent to Signal’s servers, these two check marks above indicate that your Signal message has been delivered to the recipient, and the two white check marks indicate that the recipient has read your Signal message.

Now, the thing about the two check marks above is that your Signal app only shows them when your phone has received what’s called a “delivery receipt” from the recipient’s phone. Whenever your pen pal gets a message from you, their Signal app sends a delivery receipt from their phone, through Signal’s servers, to your phone. Their Signal app does this automatically and instantly, and neither of you can turn it off. You can turn off read receipts (the two white check marks) and typing indicators, but you can’t turn off the very first reply: delivery receipts.

The delivery receipt is – ahem – also “protected” using Sealed Sender, but what was it that I’ve been saying this whole time is wrong with Sealed Sender?

ʕ·ᴥ·ʔ: It works only one-way…

ʕ   • ᴥ •   ʔ: It works only one-way…

ʕ   º ᴥ º   ʔ: …and the delivery receipt automatically makes it two-way.

Exactly. And you can’t turn it off. Go figure why.

Some alternatives and a work in progress

So if you can’t trust Signal, who can you trust? Well, if all you need is a private text-based communication channel that won’t falsely advertise their privacy guarantees to you, Proton Mail and Tutanota (now called Tuta) are pretty good. But if you want private voice-based communication, then that’s gonna’ be a problem. WhatsApp is even worse than Signal, Telegram is even worse than WhatsApp, Wire requires an email address to use it (another unnecessary requirement), and most of the rest can’t be trusted because they aren’t open-source.

You could use Jitsi for voice communications, but you’d have to use a separate service for text communications. You could use Matrix for both text and voice, but that’s a software and communication protocol, so you’d have to set up your own server running it. You could use Element, which runs Matrix servers, but you’d have to trust Amazon and Cloudflare with your metadata, making this a rather messy solution to a privacy problem.

What that leaves us with is a single service that is still a work in progress: SimpleX. It asks for no global identifiers like phone numbers or email addresses. It at least tries, unlike Signal, to make sure that it doesn’t know who’s talking to who. It does this with the use of proxies that you randomly send your messages through to get to your recipient (the technical details of which are too complicated to get into here). Of course it is open-source and end-to-end encrypted, otherwise I wouldn’t be mentioning it. It even goes so far as to allow you to use Tor with it, or any SOCKS proxy. It’s pretty cool, actually; the most technically amazing communications platform I’ve ever seen.

But, it ain’t perfect. It’s kinda’ slow, and messages sometimes don’t come in in the right order or don’t come in at all. Voice calls are… iffy, particularly when using Tor. It is still a young, developing project, though it has been making great strides in improving itself, including getting a security audit.

Time will tell how it turns out, but at least I can say one thing: we’ve got a viable alternative.

Hey, Kuma!

ʕ •̀ᴥ•́ ʔ: Where have you been for the past 11 months?!

I actually started writing this article months ago and then got busy again.

ʕ ಠ ᴥಠ ʔ: Well at least visit me with some tips and tricks every once in a while.

I’ll try, buddy, but real life comes first before imaginary friends.

ʕ •̀ᴥ•́ ʔ: I know I’m imaginary, but are your subscribers?

I dunno’. Maybe they should give me a hint by signing up below!

Or don’t; my RSS feed’s in the site menu. Unlike Signal, I don’t need you to sign up with a global identifier.