Anyone can track WhatsApp and Signal users' activity, knowing only their phone number: "Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers"

Arthur Besse@lemmy.ml · edit-2 12 hours ago

Anyone can track WhatsApp and Signal users' activity, knowing only their phone number: "Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers"

ryannathans@aussie.zone · 15 hours ago

You can literally turn off read receipts in signal

Arthur Besse@lemmy.ml · edit-2 14 hours ago

You can literally turn off read receipts in signal

But you can’t turn off delivery receipts, which is what this attack uses.

ryannathans@aussie.zone · 13 hours ago

But you can turn off sealed sender messages from anyone, so they’d have to already be a trusted contact

Arthur Besse@lemmy.ml · 12 hours ago

But you can turn off sealed sender messages from anyone, so they’d have to already be a trusted contact

The setting to mitigate this attack (so that only people who know your username can do it, instead of anybody who knows your number) is called Who Can Find Me By Number. According to the docs, setting it to nobody requires also setting Who Can See My Number to nobody. Those two settings are both entirely unrelated to Signal’s “sealed sender” thing, which incidentally is itself cryptography theater, btw.