hi, i’m daniel. i’m a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.
Best intro ever.
Signal instantly dismissed my report, saying it wasn’t their responsibility and it was up to users to hide their identity: “Signal has never attempted to fully replicate the set of network-layer anonymity features that projects like Wireguard, Tor, and other open-source VPN software can provide”.
However, I did a quick test using two Signal accounts and it appears that images from unknown numbers are not auto-downloaded; you have to accept the message request first. This heavily mitigates the issue and honestly I understand Signal’s stance given the context.
Additionally if you’re concerned about this you can disable media auto-download, even from contacts, in Settings -> Data and storage (though that doesn’t help for progile pictures, if it turns out the caching service used for those is also vulnerable).
No matter what the weakest point of Signal is its cloud infrastructure and usage of phone numbers. If you’re worried about these kinds of attacks it’s in your best interest not to use Signal or any other chat provider with a complex cloud deployment.
it’s in your best interest not to use Signal or any other chat provider with a complex cloud deployment.
Okay, so what is it? What are you using instead? Manually writing ciphertext via physical mail yourself? Afterall, your computer used “a complex cloud deployment” to get to the state it’s in, so it cannot be trusted.
yeah, this should not be understood as a Signal-specific attack. geo location is a topic where privacy defenses are just woefully inadequate across the board. as a privacy person I can attest that using a VPN won’t necessarily help, though it will help against this specific type of attack.
Kind of surprised by this response. Signal already generates link previews through a proxy specifically to avoid this kind of thing.
If I am understanding their article correctly, they are mostly talking about downloading assets from the original source through the anonymizing proxy system they have setup, not their own content which is the core issue here. I wonder if their fix for this would be to just use that same proxy to access their own cdn’ed content as well.
Signal instantly dismissed my report, saying it wasn’t their responsibility and it was up to users to hide their identity: “Signal has never attempted to fully replicate the set of network-layer anonymity features that projects like Wireguard, Tor, and other open-source VPN software can provide”.
Not only have they never attempted it, they also seem to have no interest in doing so in the future either. I offered to start work on integrating tor routing into the app for text and data flows. Never heard anything back:
Yeah I was also thinking about their past blogs mentioning the proxy-ing. They also do the same thing for GIFs (which is mentioned in the article you linked but worth also pointing out here for visibility).
Just tried it again but using a custom profile picture on the other account, and it appears not to download the profile picture until you tap on it. But I’m now realizing that the placeholders for the supposedly-not-downloaded images and profile picture are blurred versions of the originals. So if the blurred version is also cached, that would mean that this in indeed a zero-click (or one-click if the caching for profile pictures isn’t vulnerable) on Signal. I might check it out later.
Often the blurred version in apps like this are constructed using techniques like BlurHash, where a tiny blurred version is delivered inline as part of the backend response to provide an immediate fallback. This issue for Signal Desktop seems to imply this is how this is done. In that case there’s no publicly cached response which can be used to side channel attack in the way described in the article.
Locating someone to within 250 miles one time is often useless. However I can think of two relevant exceptions:
With a known person (think a stalker) you might be able to say “if they’re in New York, they could be anywhere in the city, but they’ve gone back to Iowa, I bet they’re visiting a family member.”
For deanonymizing a whistleblower or political target, tracking their movements over time can be very informative. Sure, “you’re within 200 miles of DC” is tend millions of people, but if you’re spotted in DC, then San Francisco, then Texas on a certain range of days, you start to get the kind of information that could narrow down a list of a few hundred or thousand people to a single one.
I’m fairly sure that journalists for ‘respectable’, mainstream news orgs like the BBC have entered countries like Russia before illicitly, without permission from that country’s government. I’m sure they would very much not want to be geolocated even to an accuracy of ~250miles. Same for entering a country legally but moving to another part of it for which you don’t have permission (which I think is sometimes a thing in countries at war, or governed by repressive regimes.)
i think it’s not so much that it’s a small area on its own, it’s that it’s a massive reduction from ??somewhere in the world??
for de-anonymization and especially doxxing, being able to intersect other information you know with a reduced area like this can make a big difference.
Agreed, I’m not seeing the seriousness of this attack. All it tells you is “this user is probably closer to this Cloudflare data center than any other Cloudflare data center”. Wouldn’t this be defeated by even the most basic VPN?
Cool attack. TL;DR (please correct me if I misunderstood something):
Cloudflare has lots of data centers all over. The data centers will tell you whether a resource is cached there or not. Generate a new resource (so it’s un-cached everywhere) backed by Cloudflare, have the victim load the resource, and then query Cloudflare data centers to see which of them now has the resource cached. This gives an estimate of the victim’s location.
Can you articulate how that helps? Do you just mean that you use a client that doesn’t do things like media fetching/link previews/etc.? (So you’re just skipping the feature this attack is exploiting…)
I think in order to prevent an e2e XMPP client with the same features as, say, signal, from having this problem, you’d need to use tor, proxy your requests for those images/previews/etc through protective server, or do something similarly nonstandard.
all of these potential pitfall features can be manually disabled (with a setting) in almost every xmpp client. also its best is to run prosody (xmpp server) with mod_onions or mod_s2sout_override on your own computer as a daemon this way ur traffic is encrypted by tor and or tls and or wireguard and not relying e2ee messages at all. the data at rest is inside of your house and you can let your friends use the server inside your house as well to talk to you.
what drives me nuts is theres so many competing standards for e2ee that arent even fully mature yet theres so many transport encryption methods that have been around for more than a decade. if you own your nat just port forward don’t rely on a sketchy amazon cloudflare azure platform to keep your data safe.
Yeah even if there are some issues with omemo (which is debatable) Signal is not pushing any sort of standards for developers to re-implement they’re creating a brand that users will flock to. Encrypting your messages on a consolidated service isn’t secure at all though you still leak size and type of message.
Keep in mind though if you run your own server hopefully close to you and not on a VPS the data is in encrypted by TLS and OMEMO so there’s two guarantees instead of one compared to Signal.
Signal’s direction has been deviating in the last years, but you have to give them credit for the Signal Protocol. It is/was used by WhatsApp, FB Messenger and Instagram, a dead app called Secure Chat, Google Allo (dead) and Messages (i.e. the RCS encryption extension, pre-MLS), and Skype.
So they very much have historically prioritized reach of encryption more so than reach of their app/brand.
It’s, IMO, the most important development in E2E & perfect forward secrecy to reach the masses. TLS is the only other tech I can think of with similar impact.
Yes, unfortunately that blog omits the biggest problem with XMPP+OMEMO: The huge amount of stuff that isn’t encrypted and so is visible to either server operator. This includes:
Every presence message you send or receive.
Most info-query messages, including most things built on Personal Eventing via PubSub (PEP), which includes most publish-subscribe things.
Any message where you don’t enable OMEMO.
Any message where the server at either end does a downgrade attack (Conversations will put the text in a red bubble if this happens after OMEMO is enabled, but sending a fake messsge saying ‘on a new phone, OMEMO not working’ will probably get most users to accept this).
XMPP exposes presence and some metadata, apps like WhatsApp, Telegram, or Signal inherently tie messages to phone numbers, contacts, and centralized servers. OMEMO’s end-to-end encryption protects message content, and while metadata exposure is a trade-off, it’s often less invasive than mainstream alternatives. Also AES-GCM block sizes reveal message length whereas packets have padded information and an MTU.
There’s clearly a problem here as Cloudflare says consumers are responsible for protecting themselves against these types of attacks, while consumers (ex. Discord) are putting the blame on Cloudflare.
This is very important. Obviously the expectations between the two aren’t clear and needs to be explicit.
I don’t really understand the “deanonymization” part. In my understanding Signal never tried to anonymize. In a best case situation it would be pseudonymous. In the past Signal was called TextSecure and the most common use case was sending messages over text, which doesn’t seem anonymous at all.
Isn’t the overall promise E2E encryption, and not anonymization? Am I misunderstanding something?
Also given that push notifications are used isn’t it rather simple for eg. Google to know who sends to whom?
I agree it would be nice, I just think “deanonymization attack” doesn’t really fit for Discord or Singal, because anonymziation isn’t a claimed feature.
And to add one more layer regarding anonymity. A lot of anonymity can be broken with big network protocol, especially in more “real time” situations. For example by disconnecting computer or power networks and seeing if connections drop, retry, etc. This can and has been done in more precise ways, both on network and power level. There are reports of police simply asking for power to be switched off short term for a suspect and watch them drop off a chat.
But yeah, still something that should be better handled/fixed. Still no excuse for not doing this. And certainly not trying to defend Discord or Signal.
I just really hope nobody thinks Discord provides them with good anonymity.
I just really hope nobody thinks Discord provides them with good anonymity.
Discord is infamous for sexual predators, which I assume don’t use their real name there, so this is an obviously widespread belief, or at least “anonymous enough” (though that doesn’t make sense, it’s binary).
More generally, plenty of people think pseudonymity is the same as anonymity, both lay and tech savy people.
I’ve had to explain this to someone working in data mining (analytics): despite using a separate ID for tracking data compared to the account’s primary ID, it is very much not anonymous. I got the response you’d expect from someone working in such a job; deflection and moving goalposts.
This highlights why it’s important for certain sensitive use cases to use Signal behind Tor. Using Tor would mean that the cache serving the content would be the one closest to the Tor exit node, not the closest one to the end user.
It’s still pseudo anonymous because you’re not making a full tor circuit to connect to Signal and using the same account and traffic pattern out of the exit.
Spectre all over again? Next time I add any kind of cache I’d be thinking what kind of info is gonna be leaked through it. What content is more popular? Where are the most active users located? How often do different parts of the app deployed, when and how many active teams may this identify?
Cloudflare possesses great power. In a sense, they control what the end user ultimately sees. You are prevented from browsing the website because of Cloudflare.
Cloudflare can be used for censorship.
You cannot view cloudflared website if you are using minor browser, which Cloudflare may think it is a bot(because not many people use it).
You cannot pass this invasive “browser check” without enabling JavaScript. This is a waste of five(or more) seconds of your valuable life.
Cloudflare also automatically block legit robots/crawlers such as Google, Yandex, Yacy, and API clients. Cloudflare is actively monitoring “bypass cloudflare” community with an intent to break legit research bots.
Cloudflare similarly prevents many people who have poor internet connectivity from accessing the websites behind it (for example, they could be behind 7+ layers of NAT or sharing the same IP, for example public Wi-Fi) unless they solve multiple image CAPTCHAs. In some cases, this will take 10 to 30 minutes to satisfy Google.
In the year 2020 Cloudflare switched from Google's reCAPTCHA to hCaptcha as Google intends to charge for its use. Cloudflare told you they care in your privacy(“it helps address a privacy concern”) but this is obviously a lie. It is all about money. "hCaptcha allows websites to make money serving this demand while blocking bots and other forms of abuse"
From user's perspective, this doesn't change much. You are being forced to solve it.
Many humans and software are being blocked by Cloudflare every day.
Cloudflare annoys many people around the world. Take a look at the list and think whether adopting Cloudflare on your site is good for user experience.
What is the purpose of the internet if you cannot do what you want? Most people who visit your website will just look for other pages if they can't load a webpage. You may be not blocking any visitors, but Cloudflare's default firewall is strict enough to block many people.
Best intro ever.
Kind of surprised by this response. Signal already generates link previews through a proxy specifically to avoid this kind of thing.
However, I did a quick test using two Signal accounts and it appears that images from unknown numbers are not auto-downloaded; you have to accept the message request first. This heavily mitigates the issue and honestly I understand Signal’s stance given the context.
Additionally if you’re concerned about this you can disable media auto-download, even from contacts, in Settings -> Data and storage (though that doesn’t help for progile pictures, if it turns out the caching service used for those is also vulnerable).
Anyway, great writeup, fun to read.
No matter what the weakest point of Signal is its cloud infrastructure and usage of phone numbers. If you’re worried about these kinds of attacks it’s in your best interest not to use Signal or any other chat provider with a complex cloud deployment.
Okay, so what is it? What are you using instead? Manually writing ciphertext via physical mail yourself? Afterall, your computer used “a complex cloud deployment” to get to the state it’s in, so it cannot be trusted.
You don’t need a phone number to sign up any longer.
You don’t need to share your phone number with other people anymore.
Phone number still needed to sign up.
Ah, then I was misinformed. It’s a bummer…
I just downloaded the app and couldn’t get past the phone number screen. So this appears to be untrue.
ah, thanks for your testing
yeah, this should not be understood as a Signal-specific attack. geo location is a topic where privacy defenses are just woefully inadequate across the board. as a privacy person I can attest that using a VPN won’t necessarily help, though it will help against this specific type of attack.
If I am understanding their article correctly, they are mostly talking about downloading assets from the original source through the anonymizing proxy system they have setup, not their own content which is the core issue here. I wonder if their fix for this would be to just use that same proxy to access their own cdn’ed content as well.
Not only have they never attempted it, they also seem to have no interest in doing so in the future either. I offered to start work on integrating tor routing into the app for text and data flows. Never heard anything back:
https://community.signalusers.org/t/use-an-anonymizing-overlay-network/62670/1
Yeah I was also thinking about their past blogs mentioning the proxy-ing. They also do the same thing for GIFs (which is mentioned in the article you linked but worth also pointing out here for visibility).
Signal’s security FAQ shows a profile picture in the message request screen. Is that not the case for you? Is it shown in the conversation list screen?
IIRC it was shown before, maybe the docs are outdated.
Just tried it again but using a custom profile picture on the other account, and it appears not to download the profile picture until you tap on it. But I’m now realizing that the placeholders for the supposedly-not-downloaded images and profile picture are blurred versions of the originals. So if the blurred version is also cached, that would mean that this in indeed a zero-click (or one-click if the caching for profile pictures isn’t vulnerable) on Signal. I might check it out later.
Often the blurred version in apps like this are constructed using techniques like BlurHash, where a tiny blurred version is delivered inline as part of the backend response to provide an immediate fallback. This issue for Signal Desktop seems to imply this is how this is done. In that case there’s no publicly cached response which can be used to side channel attack in the way described in the article.
I love how he wrote only that first paragraph in all lowercase.
for reference: this is the same individual who found the zendesk vulnerability
It’s surprising to me that a privacy oriented protocol like signal isn’t sending the images in-band.
That seems like an extremely risky design decision.
Hm I was wondering whether this was
It is the latter apparently
I don’t want to be dismissive, since there is maybe some real world consequence I haven’t thought of, but it doesn’t seem that severe to me
It apparently relies on the granularity of Cloudflare data centers. I think there are probably many worse things going on with Cloudflare than this.
I doubt they will ever have a cache every 1 mile :)
Locating someone to within 250 miles one time is often useless. However I can think of two relevant exceptions:
With a known person (think a stalker) you might be able to say “if they’re in New York, they could be anywhere in the city, but they’ve gone back to Iowa, I bet they’re visiting a family member.”
For deanonymizing a whistleblower or political target, tracking their movements over time can be very informative. Sure, “you’re within 200 miles of DC” is tend millions of people, but if you’re spotted in DC, then San Francisco, then Texas on a certain range of days, you start to get the kind of information that could narrow down a list of a few hundred or thousand people to a single one.
I’m fairly sure that journalists for ‘respectable’, mainstream news orgs like the BBC have entered countries like Russia before illicitly, without permission from that country’s government. I’m sure they would very much not want to be geolocated even to an accuracy of ~250miles. Same for entering a country legally but moving to another part of it for which you don’t have permission (which I think is sometimes a thing in countries at war, or governed by repressive regimes.)
If your location is that sensitive, use Orbot to tunnel your traffic through TOR.
You’re not wrong, but (to speak to the usefulness of this bug) this kind of research is definitely helpful to demonstrate why you’re not wrong.
i think it’s not so much that it’s a small area on its own, it’s that it’s a massive reduction from ??somewhere in the world??
for de-anonymization and especially doxxing, being able to intersect other information you know with a reduced area like this can make a big difference.
Agreed, I’m not seeing the seriousness of this attack. All it tells you is “this user is probably closer to this Cloudflare data center than any other Cloudflare data center”. Wouldn’t this be defeated by even the most basic VPN?
Cool attack. TL;DR (please correct me if I misunderstood something):
Cloudflare has lots of data centers all over. The data centers will tell you whether a resource is cached there or not. Generate a new resource (so it’s un-cached everywhere) backed by Cloudflare, have the victim load the resource, and then query Cloudflare data centers to see which of them now has the resource cached. This gives an estimate of the victim’s location.
this is why I use xmpp tbh
Can you articulate how that helps? Do you just mean that you use a client that doesn’t do things like media fetching/link previews/etc.? (So you’re just skipping the feature this attack is exploiting…)
I think in order to prevent an e2e XMPP client with the same features as, say, signal, from having this problem, you’d need to use tor, proxy your requests for those images/previews/etc through protective server, or do something similarly nonstandard.
all of these potential pitfall features can be manually disabled (with a setting) in almost every xmpp client. also its best is to run prosody (xmpp server) with mod_onions or mod_s2sout_override on your own computer as a daemon this way ur traffic is encrypted by tor and or tls and or wireguard and not relying e2ee messages at all. the data at rest is inside of your house and you can let your friends use the server inside your house as well to talk to you.
what drives me nuts is theres so many competing standards for e2ee that arent even fully mature yet theres so many transport encryption methods that have been around for more than a decade. if you own your nat just port forward don’t rely on a sketchy amazon cloudflare azure platform to keep your data safe.
[Comment removed by author]
https://soatok.blog/2024/08/04/against-xmppomemo/
As far as I know, xmpp has some much larger issues with security than this sort of attack.
That said, I’m not sure if it goes contrary to your security model.
Yeah even if there are some issues with omemo (which is debatable) Signal is not pushing any sort of standards for developers to re-implement they’re creating a brand that users will flock to. Encrypting your messages on a consolidated service isn’t secure at all though you still leak size and type of message.
Keep in mind though if you run your own server hopefully close to you and not on a VPS the data is in encrypted by TLS and OMEMO so there’s two guarantees instead of one compared to Signal.
Signal’s direction has been deviating in the last years, but you have to give them credit for the Signal Protocol. It is/was used by WhatsApp, FB Messenger and Instagram, a dead app called Secure Chat, Google Allo (dead) and Messages (i.e. the RCS encryption extension, pre-MLS), and Skype.
So they very much have historically prioritized reach of encryption more so than reach of their app/brand.
It’s, IMO, the most important development in E2E & perfect forward secrecy to reach the masses. TLS is the only other tech I can think of with similar impact.
See Signal Protocol Usage and RCS Encryption on Wikipedia
[Comment removed by author]
I don’t see any actual security issues mentioned in that blog, it just goes over OMEMO not being default and clients taking time to update?
Yes, unfortunately that blog omits the biggest problem with XMPP+OMEMO: The huge amount of stuff that isn’t encrypted and so is visible to either server operator. This includes:
XMPP exposes presence and some metadata, apps like WhatsApp, Telegram, or Signal inherently tie messages to phone numbers, contacts, and centralized servers. OMEMO’s end-to-end encryption protects message content, and while metadata exposure is a trade-off, it’s often less invasive than mainstream alternatives. Also AES-GCM block sizes reveal message length whereas packets have padded information and an MTU.
Great and [factual analysis with good recommendations in this thread]. TLDR:
This is very important. Obviously the expectations between the two aren’t clear and needs to be explicit.
I don’t really understand the “deanonymization” part. In my understanding Signal never tried to anonymize. In a best case situation it would be pseudonymous. In the past Signal was called TextSecure and the most common use case was sending messages over text, which doesn’t seem anonymous at all.
Isn’t the overall promise E2E encryption, and not anonymization? Am I misunderstanding something?
Also given that push notifications are used isn’t it rather simple for eg. Google to know who sends to whom?
I agree it would be nice, I just think “deanonymization attack” doesn’t really fit for Discord or Singal, because anonymziation isn’t a claimed feature.
And to add one more layer regarding anonymity. A lot of anonymity can be broken with big network protocol, especially in more “real time” situations. For example by disconnecting computer or power networks and seeing if connections drop, retry, etc. This can and has been done in more precise ways, both on network and power level. There are reports of police simply asking for power to be switched off short term for a suspect and watch them drop off a chat.
But yeah, still something that should be better handled/fixed. Still no excuse for not doing this. And certainly not trying to defend Discord or Signal.
I just really hope nobody thinks Discord provides them with good anonymity.
Discord is infamous for sexual predators, which I assume don’t use their real name there, so this is an obviously widespread belief, or at least “anonymous enough” (though that doesn’t make sense, it’s binary).
More generally, plenty of people think pseudonymity is the same as anonymity, both lay and tech savy people.
I’ve had to explain this to someone working in data mining (analytics): despite using a separate ID for tracking data compared to the account’s primary ID, it is very much not anonymous. I got the response you’d expect from someone working in such a job; deflection and moving goalposts.
This highlights why it’s important for certain sensitive use cases to use Signal behind Tor. Using Tor would mean that the cache serving the content would be the one closest to the Tor exit node, not the closest one to the end user.
It’s still pseudo anonymous because you’re not making a full tor circuit to connect to Signal and using the same account and traffic pattern out of the exit.
If you use Tor in Transparent Proxy Mode, then you’re using Tor for everything–including connecting to Signal itself.
This is what I do for my OPSEC-friendly Signal account.
it seems strange that signal would enable caching on images at all. they’re typically sent once to a single device, aren’t they?
Spectre all over again? Next time I add any kind of cache I’d be thinking what kind of info is gonna be leaked through it. What content is more popular? Where are the most active users located? How often do different parts of the app deployed, when and how many active teams may this identify?
https://0xacab.org/dCF/deCloudflare/-/blob/master/readme/en.md
I’d suggest reformatting this comment, it’s almost unreadable.
It’s sad that my initial reaction was that tge text was written by LLM.
Stretchy McStretcherson