Signal Encrypted Messaging App Removing Sender ID from Metadata
Signal and other encrypted messaging services have always kept the contents of messages sent on their platforms hidden in encrypted form. However until recently, information about who is sending and receiving messages was still accessible to third parties, including government agencies.
On October 29, Signal published a post on its blog announcing the new “sealed sender” feature for Signal. Signal still needs to know who it needs to deliver the message to, but shouldn’t need to know where the message is coming from. Before this latest update, Signal used the sender’s identity to “help prevent spoofing and provide the recipient with some assurance about who sent the message.”
Read More: Technology Preview: Sealed Sender for Signal
How Sending a Sealed Sender Message Works
- Encrypt the message using Signal Protocol as usual.
- Include a sender certificate in the envelope.
- Encrypt the envelope to the recipient.
- Without authenticating, hand the encrypted envelope to the service along with the recipient’s delivery token.
- The message’s recipient can then decrypt the envelope, validate that the identity key matches the sender, and continue viewing the message as usual.
Reducing Reliance on User Information
Signal is a privacy-focused company. It has been working to minimize the amount of user data it collects since its founding. This step to remove sender data from the publicly accessible contents of Signal messages is just another step in the right direction. This latest feature update is currently only available as a public beta, but will be rolled out to all Signal users in the near future.