Signal Private Messenger announced its plans for a new feature that encrypts the sender’s identity. The new feature aims to hide the sender’s identity and protect from potential attacks.
Signal Private Messenger is a popular end-to-end encrypted messaging app for Android and iOS devices. Users that use secure messaging services such as Signal, WhatsApp, and Telegram are fully end-to-end encrypted, however, each text leaves behind some of the metadata information which can be used to detect the sender and receiver.
Signal Private Messenger announces Sealed Sender
Signal announced the new feature called Sealed Sender that further reduce the amount of data accessible to the company. Even though the company claims not to store metadata or logs o information, the company announced the new feature in order to protect its’ users’ id if the communication is somehow intercepted.
The Sealed Sender feature applies an encrypted envelope that contains the sender’s identity and the message cipher-text. The cipher-text is decrypted at the end of the recipient.
While the service always needs to know where a message should be delivered, ideally it shouldn't need to know who the sender is. It would be better if the service could handle packages where only the destination is written on the outside, with a blank space where the 'from' address used to be.
According to the Signal’s blog post, the process of sending a Sealed Sender message involves the following:
- Signal Protocol encrypts the message.
- The sender certificate is encrypted in the envelope.
- Encrypt the envelope using the sender and recipient identity keys.
- Without authenticating, hand the encrypted envelope to the service along with the recipient’s delivery token.
- The recipient can then decrypt the envelope by validating that the identity key matches the sender certificate.
The newly introduced feature is currently in the beta version, so beta users can enable the Sealed Sender in Settings. Simple go to Settings, then Sealed Sender and enable “Allow from Anyone” toggle.
It is also worth to mention that Sealed Sender eliminates the Signal app to validate the sender’s certificate that was being users in order to prevent potential leak or spoofing. Thus, the app ads additional workarounds that enable users to verify the senders.
The new feature will be available to all users in the upcoming update of the Signal Private Messenger app.
Encrypted IP Addresses and other sensitive data
Signal is also finding new techniques to protect its users IP addresses and other sensitive metadata, which can be uncovered using the network traffic information.