Signal doesn't know who sent most messages between friends.
Signal users have a "profile" which is encrypted, and their device can give the keys to other people. By default it'll give keys to Contacts you message on Signal, and this encrypted profile has more keys and tokens inside it that people can use to send you stuff. So when you send a Signal message to your friend Alice, what Signal sees is that somebody sent this encrypted message, which comes with a token proving Alice authorised somebody to send her a message.
Alice's device decrypts the message, and in doing so it decrypts a MAC which it can then examine to prove that this is a message from zeveb (or Alice has faked a message to herself but like, why?). Signal never learns who you were in this process.
So, if you use Signal to communicate with strangers and they haven't overridden the defaults (you can say you love strangers and don't mind spam, in which case this Sealed Sender technology works for anybody sending you messages) they would if they wanted to be able to figure out this relationship, and then monetize it. They explicitly promise not to, but I guess if you want to you could believe that Signal is the problem and we shouldn't worry about Facebook.
I definitely have a bridge for sale you should enquire about, also that big iron tower in France? I can get you a good deal on the scrap.
> Signal doesn't know who sent most messages between friends.
Why not? They know which device sent the message (because Signal were sent it) and they know which device received it (because Signal sent it). I know that they have some really clever ways to forget the sender information and still route the messages, but we really don't know that they actually do forget it.
> They explicitly promise not to, but I guess if you want to you could believe that Signal is the problem and we shouldn't worry about Facebook.
I think Facebook is a far greater problem, but I also worry that Signal is a problem too. It's not either/or but both/and.
> They know which device sent the message (because Signal were sent it)
"Which device" here meaning they have an origin IP address for the traffic? Is that what you think most people mean by "sender" ?
Like, who sent this postcard "A pillar box in Westminster, London" ?
If your quibble was that this isn't technically completely anonymous I'm down with that. But the original claim was that Signal can tie this to a phone number, and "We could tell the IP address of the sending device" isn't that at all.
If you are worried about IP addresses then just as with literally everything else the only effective way to hide your IP is Tor. But then why bring Signal into this?
Signal users have a "profile" which is encrypted, and their device can give the keys to other people. By default it'll give keys to Contacts you message on Signal, and this encrypted profile has more keys and tokens inside it that people can use to send you stuff. So when you send a Signal message to your friend Alice, what Signal sees is that somebody sent this encrypted message, which comes with a token proving Alice authorised somebody to send her a message.
Alice's device decrypts the message, and in doing so it decrypts a MAC which it can then examine to prove that this is a message from zeveb (or Alice has faked a message to herself but like, why?). Signal never learns who you were in this process.
So, if you use Signal to communicate with strangers and they haven't overridden the defaults (you can say you love strangers and don't mind spam, in which case this Sealed Sender technology works for anybody sending you messages) they would if they wanted to be able to figure out this relationship, and then monetize it. They explicitly promise not to, but I guess if you want to you could believe that Signal is the problem and we shouldn't worry about Facebook.
I definitely have a bridge for sale you should enquire about, also that big iron tower in France? I can get you a good deal on the scrap.