For Telegram, the researchers found that its contact discovery service exposes sensitive information even about owners of phone numbers who are not registered with the service.
For Signal, TFA makes it clear that correlation defeats Signal's privacy measures:
Interestingly, 40% of Signal users, which can be assumed to be more privacy concerned in general, are also using WhatsApp, and every other of those Signal users has a public profile picture on WhatsApp. Tracking such data over time enables attackers to build accurate behavior models. When the data is matched across social networks and public data sources, third parties can also build detailed profiles, for example to scam users.
...
More privacy-concerned messengers like Signal transfer only short cryptographic hash values of phone numbers or rely on trusted hardware.
However, the research team shows that with new and optimized attack strategies, the low entropy of phone numbers enables attackers to deduce corresponding phone numbers from cryptographic hashes within milliseconds.
It is hard to say how Signal can improve upon these attacks other than to not use phone numbers at all.
Here is a really fucked up Telegram mis-feature I discovered recently:
If Alice and Bob are in the same chat
and
Bob has Alice's number stored in their phone's contacts list
and
Bob refers to Alice in the chat (using @Alice)
then
Telegram will disclose to all the chat participants whatever name Bob has stored for Alice in their contacts (instead of the name Alice specified in their Telegram profile)
That's incorrect. Telegram shows what the user has sent, only that. The autocompletion depends on whether the mentioned user has chosen a username, and other factors.
There was a weird forum and twitter post[0] awhile back that maybe addresses this? Talking about additional ways to add contacts Moxie said
> there would be no phone number involved. Maybe not even a username involved! Nothing to add to an address book.
I know Moxie shows up on HN, maybe he could explain more? I'm very interested in this feature and I think HN would love to know more and if it helps solve the above issue (presumably it could).
As I understand it, the challenge is to do it in a privacy-friendly way, since your contact list of phone numbers is on your phone, but this has to live on Signal's servers.
I don't think I understand how this is not circular reasoning (can't use UUIDs in place of phone numbers because contact list is comprised of phone numbers instead of UUIDs.) If contacts are not phone numbers, then is there a problem with them living on Signal's servers? Are we back to the complaint about discovery being difficult?
Signal uses phone numbers because it makes discovery easy. Threema, for example, can use phone numbers for discovery but does not require it. Discovery without phone numbers is easy. I see my contacts and scan their Threema QR codes. If I need to contact a friend of a friend, my friend gives me the FoaF's Threema ID.
Because your contact list is something you should backup somewhere (cardav, Google,...), and this is the expected place for all your contact information.
Signal would need to store a second contact list if it was not using the phone contacts. And suddenly you need to backup this second contact list. If every app does that you can forget about the user backing up everything, they simply won't do it and the feature becomes useless. The solution would be for Signal to store it on their server, obviously encrypted. But then you have different privacy issues to take care of: how can you retrieve a user's contact without storing its identity. How do you hide the number of contact they have...
so signal claims to protect my messages yet denies me privacy by insisting on making my contact list public where every other app can see it, just because they believe that most users are to dumb to back up their contacts?
every chat application that i have stores its own contact list. in fact i don't even have any contacts in my general phone contact list, because i don't call or send sms to people. and i don't want any chat contacts in my phone contact list.
i have not tried signal yet, mainly because it is not available on f-droid. but if signal insists on storing its contacts in my general phone list then i won't be able to use it. and that's ignoring the problem with using phonenumbers.
there is no technical problem to store contacts locally. deltachat does that too. deltachat also provides a backup feature to export the local data including contacts and messages so you can restore them on another device.
there is no reason, signal couldn't do the same.
i don't know why this is so unusual. we are having this same argument every time signal's use of phone contacts is brought up. and every time the same claims are being made.
it's basically saying: i am going to take over your contact list, and if you don't want those contacts to be shared with other apps, then you can just block them.
But if Signal only used the phone's contact list, and only stored it locally, and if a user independently backed up her contact list, wouldn't that mean in the case of phone loss, Signal could rebuild its contact list once the user restored her contacts to the new phone? Am I missing something?
I wonder could it be something like how diffie-helman allows a watertight tls connection to form without shared secret. In that case you could base your session on a on some random hash derived from some kind of passphrase which could be provided to later identify the session
Yes but every time you connect to the network you have a new identity- by design - with signal you would still want a way to identify yourself across sessions
Telegram treats every single person on the contact list as your buddy and advertises it when they sign up by default.
e.g. If you had stored a plumber number 10 years ago, you'll receive a notification telling that the plumber is on Telegram now. Of course likewise, if you start using Telegram today everyone who has your contact and uses Telegram will receive the notification; be prepared for some awkward conversations with people whom you have forgotten.
•Telegram's latency seems to be low when compared to WhatsApp(Although part of which could be optimised code, data center proximity should account more and if so how a supposed renegade group of techies with no revenue afford better data center facilities than their Billion$ competitors?).
•Their feature update notifications seems to create a sense of consumer focussed entity when compared to the competitors.
•The bot API has made the platform extensible than others (Messenger restricted several features of their API after Privacy fiasco).
That's all, I don't buy the argument of Telegram USP as security and marketing it for one seems to be disingenuous at best and malicious at worst IMO.
I have spent a great deal of time thinking about contact discovery and how to make it private or infeasible to do at scale.
If a service X knows the mapping between a user id and some useful info it can display (eg the name or photo) then whatever you do to get that user id, you can then display that useful info if it would be shown to any user of the service. Such as Facebook showing the profile pic and name (that’s why the real names policy is DUMB for privacy). So people resort to effectively usernames. This means you can id the user across sites and then later try to scrape info associated with that username across sites.
The solution is to remove all info, including usernames, unless the person has shared it with you (eg friended you and shared some info like a username with friends). Most of us on forums don’t give a crap who answering, just their reputation. For strangers, why have avatars or usernames at all? Why have anything?
Otherwise you will have to rate limit scrapers and stuff like that, playing a cat and mouse game against sybil accounts.
For Telegram, the researchers found that its contact discovery service exposes sensitive information even about owners of phone numbers who are not registered with the service.
For Signal, TFA makes it clear that correlation defeats Signal's privacy measures:
Interestingly, 40% of Signal users, which can be assumed to be more privacy concerned in general, are also using WhatsApp, and every other of those Signal users has a public profile picture on WhatsApp. Tracking such data over time enables attackers to build accurate behavior models. When the data is matched across social networks and public data sources, third parties can also build detailed profiles, for example to scam users.
...
More privacy-concerned messengers like Signal transfer only short cryptographic hash values of phone numbers or rely on trusted hardware.
However, the research team shows that with new and optimized attack strategies, the low entropy of phone numbers enables attackers to deduce corresponding phone numbers from cryptographic hashes within milliseconds.
It is hard to say how Signal can improve upon these attacks other than to not use phone numbers at all.