I am pretty sure that if asked, the serverside protections can be circumvented - I think in one Github issue they even confessed that Sealed Sender is not bulletproof and is “best effort”. I prefer to assume that if everything goes through a single server, and they know what and when each account does upon connecting - they can correlate the identities if they want to.
I am pretty sure that if asked, the serverside protections can be circumvented
No, they literally cannot. The entire protocol is open sourced and has been audited many times over.
One of the fundamental things you assume when designing a cryptosystem is that the communication link between two parties is monitored. The server mostly exists as a tool to frustrate efforts by attackers that have network dominance (i.e. secret police in oppressive regimes) by not allowing signals intelligence to extract a social graph. All this hypothetical attacker can see is that everyone talks to a server so they can’t know which two people are communicating.
The previous iteration, TextSecure, used SMS. Your cellular provider could easily know WHO you were talking to and WHEN each message was sent. So SMS was replaced with a server and the protocol was amended so that even the server has no way of gaining access to that information.
The sealed sender feature is something that the client does. It was best effort because, at the time, they still supported older clients and needed backwards compatibility. This is no longer the case.
I am pretty sure that if asked, the serverside protections can be circumvented - I think in one Github issue they even confessed that Sealed Sender is not bulletproof and is “best effort”. I prefer to assume that if everything goes through a single server, and they know what and when each account does upon connecting - they can correlate the identities if they want to.
No, they literally cannot. The entire protocol is open sourced and has been audited many times over.
One of the fundamental things you assume when designing a cryptosystem is that the communication link between two parties is monitored. The server mostly exists as a tool to frustrate efforts by attackers that have network dominance (i.e. secret police in oppressive regimes) by not allowing signals intelligence to extract a social graph. All this hypothetical attacker can see is that everyone talks to a server so they can’t know which two people are communicating.
The previous iteration, TextSecure, used SMS. Your cellular provider could easily know WHO you were talking to and WHEN each message was sent. So SMS was replaced with a server and the protocol was amended so that even the server has no way of gaining access to that information.
The sealed sender feature is something that the client does. It was best effort because, at the time, they still supported older clients and needed backwards compatibility. This is no longer the case.