(no title)
ikawe | 7 months ago
The short version is: Traditionally, Bob needed to “log in” to be able to send a message to Alice’s inbox.
With Sealed Sender, Alice gives Bob a credential that allows him to message her from now on without logging in.
Only Alice can tell that the message she received is from Bob.
There’s some subtlety around bootstrapping these credentials and preventing abuse which means that not every message can be sent as Sealed Sender, but the vast majority are. Read the blog post for the authoritative explanation.
There’s an option in the app settings to make visible which of your messages were sent without identifying your client to the server if you’re curious.
rendaw|7 months ago
But if so, doesn't signal still know that alice and bob are communicating because it's transferring messages between them? Even if Bob doesn't log in IP B is still sending payloads that eventually get delivered to IP A, and if law enforcement later asks signal for logs they could be correlated.
happymellon|7 months ago
Even if they can't read it, a hostile government won't care.
There is only so much you can do against a really determined adversary thats well funded. I just want a Signal that doesn't tie everything back to a phone number.
EGreg|7 months ago
I arrange to tell Alice in an encrypted chat that I will be doing a drop on X url after Y time and to watch it.
Alice comes picks up the drop. Done.
PS: This is another great use for cryptocurrency. When you don’t want to use account-based charging, then you allow anyone to prepay for the resources with crypto.
ikawe|7 months ago
This happens upon initial contact and after Alice revokes her credential (which can happens if she blocks someone).