Tech News
← Back to articles

Signal knows who you're talking to

2025-11-23 | original
read original related products more articles

Or, at the very least, they can.

Recently I got a friend to finally join me on Signal. He asked something about whether or not Signal is truly secure and private, like if it was safe from US government surveillance. I told him: “Well, it’s end-to-end encrypted, so they don’t know what we’re talking about, but they definitely know that we’re talking to each other.”

I said that because Signal uses our phone numbers as ID’s. So, Signal would know that Phone Number A is talking to Phone Number B, and if they can figure out that Phone Number A belongs to me, and Phone Number B belongs to my buddy (usually not too hard to figure out with some OSINT or the assistance of certain governments), then Signal would know that my buddy and I are talking, even if they don’t know what we’re talking about.

This is a limit of end-to-end encryption, which I’ve talked about before. End-to-end encryption provides confidentiality of data, but not anonymity or protection from identifying metadata.

However, I was surprised when my friend got back to me saying that, no, Signal actually doesn’t know who’s talking to who because of this feature called “Sealed Sender“.

“Woah! Seriously?! Cool!” I thought. But then I started reading how Sealed Sender actually works, according to none other than Signal themselves, and I found that this feature is very technically complex, and totally useless.

ʕ ಠ ᴥಠ ʔ: Woah! Seriously?! Not cool!

One-way anonymity for two-way communications

While Sealed Sender is pretty complicated under the hood, the result of it is one-way anonymity. That means that, when Phone Number A sends a message to Phone Number B, Signal won’t know that the message is coming from Phone Number A and will only know that the message is to be delivered to Phone Number B.

It does this in a way that’s very similar to snail mail without a return address: the letter inside the mail envelope might tell the recipient who the sender is, but the mail envelope itself tells the post office only who the recipient is so that it can be delivered to them. If the post office doesn’t or can’t open the envelope to read the letter itself, then they don’t know who the sender is. Later on, when the recipient wants to send a reply to the sender, they can do the same thing.

... continue reading

Related:
The industry skipped from IPv4 to IPv6, leaving IPv5 and the Internet Stream Protocol to the annals of history — a data streaming experiment rendered unnecessary by broadband
I’m amazed by Google’s bold Pixel AirDrop move, but I have 3 big concerns
Sony’s last-gen XM4 headphones are over 50 percent off for Black Friday
Hands-on with Anker’s Prime 25W MagSafe charger: An ideal 3-in-1 solution for iPhone
This wall-mounted smart calendar can get you organized before the new year (and it's on sale)

© 2025 GoKawiil