With Signal, if you run a VPN and periodically shift the location this is almost completely negated. It's also only really a concern for nation-state level actors. Understand your threat model.
đź“Ť Your Phone # Leaks Your Location on WhatsApp/Signal
Sending messages? Delivery times expose your exact spot—80%+ accuracy even within the same city. Combine with "Careless Whisper" (❤️ reactions track screen/activity) = complete location + behavior map.
The Attack:
Attacker sends messages → measures response delays
RTT (round-trip timing) fingerprints your network location
Works on Signal, Threema, WhatsApp—all have E2EE but metadata leaks
https://arxiv.org/abs/2411.11194
The Fix:
Providers: Add random delays (seconds). Users: Disable read receipts, use burner numbers, switch to usernames when possible.
Research: NDSS 2023 paper on delivery timing attacks
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_s188_paper.pdf
#privacy #security #bitcoin #surveillance #whatsapp #signal #cryptography #nostr #freedom #decentralization #anonymity #infosec #cybersecurity #privacymatters #foss #censorship #zeroknowledge
Discussion
completely Agree, but very few people use VPN on mobile and very very few people shift the location through VPN.