Poster: No safety in numbers: traffic analysis of sealed-sender groups in Signal

TL;DR

This paper analyzes the privacy vulnerabilities of Signal's Sealed Sender feature, demonstrating that group communication metadata can be deanonymized despite the protocol's obfuscation efforts.

Contribution

It extends previous deanonymization attacks from individual pairs to entire group conversations, revealing new privacy risks.

Findings

Group deanonymization is feasible despite Sealed Sender protections

Message delivery protocols leak enough information for deanonymization

The attack can identify all participants in group chats

Abstract

Secure messaging applications often offer privacy to users by protecting their messages from would be observers through end-to-end encryption techniques. However, the metadata of who communicates with whom cannot be concealed by encryption alone. Signal's Sealed Sender mechanism attempts to enhance its protection of this data by obfuscating the sender of any message sent with the protocol. However, it was shown by Martiny et al. that due to the message delivery protocols in Signal, the record of who receives messages can be enough to recover this metadata. In this work we extend the attack presented from deanonymizing communicating pairs to deanonymizing entire group conversations.