"Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform"
worth the read
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Discussion
The internet was a mistake
Modern web tech was a mistake
Neat
The Internet truly sucks like it is today. I hope we can fix it ASAP. Imagine if you have really something important to share like nostr:npub1sn0wdenkukak0d9dfczzeacvhkrgz92ak56egt7vdgzn8pv2wfqqhrjdv9 or Aasange. It shouldn't be hard so to share information anonymously.
What nostr:nprofile1qqsgfhhxuemwtwm8kjk5uppv7uxtmp5pz4wm2dv59lxx5pfnsk98ysqpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcp0q5vq did wouldn't. have mattered if he remained anonymous. He even talked about that in his book. And Assange probably could have been anonymous, but I think his ego is too big for that.
There might be others out there with information like Assange without an "ego" too big?
Besides that many everyday people are might be scared to simply share their honest opinions because they fear consequences (losing job etc.)
That needs to change imo.
That's why I run snowflake, my dude.
nostr:npub10uthwp4ddc9w5adfuv69m8la4enkwma07fymuetmt93htcww6wgs55xdlq could use a ELI5 on this this week
Yes! Skimmed the link and details are super interesting
> Signal instantly dismissed my report, saying it wasn't their responsibility and it was up to users to hide their identity: "Signal has never attempted to fully replicate the set of network-layer anonymity features that projects like Wireguard, Tor, and other open-source VPN software can provide".
Wow.
what is signal supposed to do about it? bully cloudflare into doing things differently? switch to another caching solution with similar issues? signal is an e2e encryption application. they never said they were decentralized or hid users identity beyond what they can control in their app.
«The vulnerability demonstrates that the platform unintentionally leaks information that could narrow down a user’s location within a few hundred miles.»
Interesting. But still a long way to go to deanonymize you?
Activists and dissidents who use Signal probably/hopefully also use VPN. Now we have another good reason for doing so.
This is a Telegram psyop: 
Nothing surprises me anymore, could be.
telegram also got caught rolling their own broken encryption. soooo....
If the 3 letters can't crack it, they declare it broken.
no it actually was broken encryption. just a quick Google. https://cyberscoop.com/telegram-app-security-encryption/
That’s one clever 15 year old
Highlights how “centralised” and dominant Cloudfare is too.
Impressive writeup! A bit shocking that Signal does not take this more seriously. Basically it allows a whistleblower to be pinpointed to city-level in many places.
And to say they never intended to hide this kind of data between two parties is contrary to their "relay call" feature that has been there for years to not leak your IP address to your call partner in p2p calls.
I also don't get why Signal attachments in private chats need to be hosted on a CDN with caching: they are basically only downloaded once by one person and deleted after that. So why not simply run one or two servers for attachments per continent. Is so much bandwidth saving achieved through local caching?
Interesting but only tracks you to the local data center. You can basically get better location data by sending a locally hosted jpeg to someone.
this seems overly complicated to me. it all starts with getting a malicious app on the users phone. if you can get the app there, why use such a complicated attack when a root kit would do alot more for you?
it's a great write up on how caching can be used maliciously but the demonstrated usage seems like the wrong way to use it
> 15-year-old
🤯