0

To preface this question, I use Signal messaging app for voice, video and text. I understand that the content of all these messages are encrypted and no-one but the sender and recipient can see/hear this content. I should also say that I live in a country (Australia) where it is very easy for any authorities to obtain meta data of my communications, but quite difficult to obtain permission to attempt to view/listen to the content.

So I want to know what meta data my ISP can obtain regarding my communications over Signal. I have no doubt they can tell that I am using signal, that they see that I connect to a Signal server and that they can see when I send communications. They can probably tell if it is text or voice/video communications. I am okay with all of this. I also understand that I could hide much of this from my ISP if I used a VPN (but that is not the question I want to ask).

My question is, what else can my ISP see? Particularly, is there anything in the metadata that they have access to that would let them know who I am communicating with (or which IP address I am communicating with). Does any of the data flow directly from my device to the recipients device without going through a Signal server? Or does it go through a Signal server, but has some unencrypted information that would give away the recipient?

In the Australian context, ISPs are required to store all metadata for a period of 2 years, so I would imagine a persistent investigator could match details about volume of data flowing out of one device with the amount of data flowing into another device and have fairly clear evidence of who is communicating with who (ie. traffic analysis attack). This would be particularly obvious for voice and video calls which are always synchronous. For text messages, they may be held at the server for delivery later, in the case where a device is off or out of range.

Shae
  • 53
  • 4

3 Answers3

4

Client's traffic to Signal server is also protected with TLS. ISPs cannot obtain meaningful data if you are doing text messaging only. However, based on traffic patterns, they can figure out when you are doing group messaging. Unlike WhatsApp group messaging, Signal's group messaging does client-side fanout. In Signal's group messaging, sender replicates the group message for every group recipient, encrypts them individually using pairwise messaging and sends all of them at once to the server. This is an intended design to keep your social graph invisible to the server. Signal web service has no knowledge about your groups.

This pattern can be fingerprinted by ISP. It can distinguish when you are doing a pairwise messaging and when you are broadcasting a message for the group. Though knowing this information is not valuable enough. Signal's VoIP calling is peer to peer. Your ISP can see whom you are connected with and how long was your session. They can also see if it's group calling or pairwise. Group calling can be used by ISP to learn about your social graph. If you want Signal client to use a relay for calling, force your router to only use Symmetric NAT.

defalt
  • 6,231
  • 2
  • 22
  • 37
2

My question is, what else can my ISP see? Particularly, is there anything in the metadata that they have access to that would let them know who I am communicating with (or which IP address I am communicating with).

If you're using text messaging: little. Basically only the frequency and size of messages. With sealed sender not even signal knows the sender of a message, only the recipient.

For calls it's a little more complicated. To keep load on signal servers' down, and reduce jitter and latency, a SIP tunnel is set up between the devices by default. This will reveal whom you're communicating with.

You can set up your device to always relay calls through signal servers, which will lead to worse quality - but it will at least improve secrecy a little bit.

vidarlo
  • 12,850
  • 2
  • 35
  • 47
-1

If Signal's privacy policy and encryption is to be believed then I don't think the ISP would have any more details and logs than you're IP address and time of usage (like what time you connect to the app).

mrlova
  • 1
  • 3