No one would use a secure messaging service like Signal if you couldn’t find out who else was on it — but how can you trust Signal and others not to snoop when you submit your contacts for it to check against its list of users? You shouldn’t have to — it should be impossible. That’s the intention of an update to the app that makes contact discovery even more private.
It’s not that Signal or someone else was collecting this info to begin with — it’s encrypted the whole way, so really it’s already pretty safe. But say Signal were to be hacked or secretly taken over by the NSA. If this evil-twin Signal looked really closely, it could probably figure out who certain users were searching for monitoring for known hashes. That info could be used to de-anonymize users.
Signal’s Moxie Marlinspike, who hinted at this upcoming feature at Disrupt last week, writes up the team’s approach to making sure that even that far-flung possibility is impossible.
The technical details I’ll leave to him to explain for obvious reasons, but the gist is this: Conceivably, Signal’s servers could be surreptitiously logging every tiny action being taken, from which user info is being accessed to the exact location in memory where a response is written.
Think of it like this: Even if what someone is reading or writing is hidden from you, if you watch closely you can tell where the pencil is and what movements it’s making. If you know the list is alphabetical, and that the first name is X letters long, that narrows it down considerably.
This kind of ultra-low-level attack, on the level of RAM monitoring and so on, has to be considered or you risk underestimating your adversary.
Fortunately, fast becoming a standard in chips is a “secure enclave” that can perform certain operations or store certain data that’s inaccessible to the rest of the OS. Apple has one for Touch ID and Face ID, for instance, so the rest of the OS never sees your biometric information — and therefore can’t give it up to hackers or three-letter agencies.
By using this enclave and carefully manicuring its technique in querying the main database, Marlinspike and the team made it possible for users to check their address book against the main Signal list without anyone but the users themselves seeing the list or results. The enclave also checks to make sure Signal’s servers are running the code they’re supposed to be.
There are still a few opportunities for this hypothetical evil Signal to snoop, but they’re decidedly limited — much more so than before. That reduces the amount of trust you have to place in them — though you still need to trust the secure enclave, the encryption method, and so on. But the fewer links in the trust chain, the better.
This feature hasn’t rolled out to everyone yet; it’s still a “beta technology preview,” but is planned to roll out after testing in the next couple of months.