Hacker News new | past | comments | ask | show | jobs | submit login

You cache a unique ID and then see if you get a hit.



Which unique id? I thought the point of sending it via Signal was to not include any user id or any other id.


I don't know which attack the Signal guys had in mind, but usually how this works is that the server serves a file with a unique ID to a person, sees that it gets requested, then serves the same thing again in a subsequent request to a suspect, sees that it's not requested, and treats that as evidence that the two accounts are actually the same person.

It's obviously easier when you can correlate this with a single account, but that's the gist of the attack.


Ah!

But this will correlate one file to that person and will not be able to correlate multiple file requests that they all belong to the exact same person.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: