Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are fully end-to-end encrypted as they transmit across their servers, each message leaves behind some of the metadata information that reveals who sent the message to whom and when.
The new feature, dubbed "Sealed Sender," announced by Signal is going to further reduce the amount of information that is accessible to the company itself.
However, you should note that Signal never stores metadata or logs of information on its users like who sends messages to each other and when, but the new feature would protect the sender's identity in case the communication is somehow intercepted.
How Does the Signal's Sealed Sender Feature Protect Metadata?
According to a blog post published by Signal on Monday, the Sealed Sender feature uses an encrypted "envelope" containing the sender's identity and the message ciphertext, which is then decrypted at the end of the recipient with their own identity keys.
"While the service always needs to know where a message should be delivered, ideally it shouldn't need to know who the sender is," Signal developer Joshua Lund said. "It would be better if the service could handle packages where only the destination is written on the outside, with a blank space where the 'from' address used to be."
The whole process can be summarized in the following steps:
- The app encrypts the message using Signal Protocol, as usual.
- Include the sender certificate and encrypted message in an envelope.
- Encrypt the envelope using the sender and recipient identity keys.
- Without authenticating, send the encrypted envelope to the Signal server along with the recipient's delivery token.
- The message recipient can then decrypt the envelope by validating the identity key to know the sender of the message.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
It should be noted that since the new technique eliminates the company's ability to validate sender's certificate that was being used to prevent abuse and spoofing, the service has introduced additional workarounds that still allow users to verify who sent the incoming messages.
Besides protecting the Sender's identity, the company is also finding ways to encrypt IP addresses and other sensitive metadata information that could be revealed by analyzing users' network traffic.
The Sealed Sender feature will be enabled by default in the upcoming version of Signal.