undefined | Better HN

0 pointsnewsignup9y ago0 comments

Which unique id? I thought the point of sending it via Signal was to not include any user id or any other id.

0 comments

2 comments · 1 top-level

StavrosK9y ago· 1 in thread

I don't know which attack the Signal guys had in mind, but usually how this works is that the server serves a file with a unique ID to a person, sees that it gets requested, then serves the same thing again in a subsequent request to a suspect, sees that it's not requested, and treats that as evidence that the two accounts are actually the same person.

It's obviously easier when you can correlate this with a single account, but that's the gist of the attack.

newsignupOP9y ago

Ah!

But this will correlate one file to that person and will not be able to correlate multiple file requests that they all belong to the exact same person.

j / k navigate · click thread line to collapse