It's possible to deduce who messages whom (timing / correlation attack). All user contacts are uploaded to Signal servers (they say it's stored in SGX - which may be broken). Groups also store some data on Signal servers. And - most important - Signal relies on phone numbers.
Discussion
How do you "may be bedlam broken" SGX, nostr:npub10jcnehsxwrjepupvh602pl83up0dh3wv3fqfwv062smygqvpeuwsk03kag? This is an extremely crucial claim for us, Signal users. Please help us understand.
Please check out this writing https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
Thank you very much. Gonna check it. 🫂
Read it thoroughly. Interesting and technically detailed. But ultimately it's a "may be" hypothesis. It's good to be cautious, even paranoid, but I didn't agree with the wholesale implication of the Signal app. Thank you very much for the link. 🫂