Cloudflare Issue Can Leak Chat App Users' Broad Location
Cloudflare Issue Can Leak Chat App Users' Broad Location
A security researcher made a tool that let them quickly check which of Cloudflare's data centers had cached an image, which allowed them to figure out what city a Discord, Signal, or Twitter/X user might be in.
This affects Signal too
An issue with Cloudflare allows an attacker to find which Cloudflare data center a messaging app used to cache an image, meaning an attacker can obtain the approximate location of Signal, Discord, Twitter/X, and likely other chat app users. In some cases an attacker only needs to send an image across the app, with the target not clicking it, to obtain their location.
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117?ref=404media.co
Signal, an open-source encrypted messaging service, is widely used by journalists and activists for its privacy features. Internally, the app utilizes two CDNs for serving content: cdn.signal.org (powered by CloudFront) for profile avatars and cdn2.signal.org (powered by Cloudflare) for message attachments.
You're viewing a single thread.
Yet another reason to move to SimpleX chat. Signal is better than nothing but far from perfect. Besides adoption I think SXC is universally the better option.
Signal is better than nothing but far from perfect.
Signal suffer from the same meta data issue IMHO and that's really all governments care about, who is talking to whom, to make relationship maps.
If they really care, they will compromise the end point to get the content.
This. In addition to metadata tracking you mention... Encrypted messages are great, until one party is compromised. Delete chat history, use a VPN, take more precautions than just using an encrypted messaging app. For most user's purposes, this is fine, leagues better than SMS or social media conversations.
Really got to secure the end points either degoogle android for phone or linux for desktop.
And even then that's just to keep your fed busy and mildly annoyed.
Although if critical mass of people did this their job would be a lot harder, they would need to burn a lot more resources etc.
While more personal privacy is good, the bigger play here is having citizens reasserting their agency en masse IMHO
Agreed, but there is the challenge of our time. In the end you can only do so much and you'll stand out just for not being a normal facebook user, been trying to get everyone to move to something else, anything that isn't a big player. I've watched the world go from BBS, all the way to twitter.. It has been depressing to say the least.