Signal Secure Messaging App Now Encrypts Sender’s Identity As Well
Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender’s identity from potential attackers trying to intercept the communication. Although messages send via secure messaging services, like Signal,WhatsApp, and Telegram, are fully end-to-end encrypted as they transmit across their servers, each message leaves behind some of the metadata information that reveals who sent the message to whom and when. The new feature, dubbed “Sealed Sender,” announced by Signal is going to further reduce the amount of information that is accessible to the company itself.
How Does the Signal’s Sealed Sender Feature Protect Metadata?
- The app encrypts the message using Signal Protocol, as usual.
- Include the sender certificate and encrypted message in an envelope.
- Encrypt the envelope using the sender and recipient identity keys.
- Without authenticating, send the encrypted envelope to the Signal server along with the recipient’s delivery token.
- The message recipient can then decrypt the envelope by validating the identity key to know the sender of the message.