Plenty of messaging apps use strong encryption to make it next to impossible for law enforcement officers or other potential adversaries to read communications sent between parties. Often, however, unencrypted metadata—such as the sender, receiver, and time a message is sent—is all the sensitive data an adversary needs. Now, the Signal app is testing a new technique called "sealed sender" that's designed to minimize the metadata that's accessible to its servers.
A beta release announced Monday will send messages that remove most of the plain-text sender information from message headers. It's as if the Signal app was sending a traditional letter through the postal service that still included the "to" address but has left almost all of the "from" address blank.
Users who want to receive sealed-sender messages from non-contacts can choose an optional setting that doesn't require the sender to present a delivery token. This setting opens a user up to the possibility of increased abuse, but for journalists or others who rely on Signal to communicate with strangers, the risk may be acceptable.
Even under the sealed sender, observers said, Signal will continue to map senders' IP addresses. That information, combined with recipient IDs and message times, means that Signal continues to leave a wake of potentially sensitive metadata. Still, by removing the "from" information from the outside of Signal messages, the service is incrementally raising the bar.
Just-announced beta seals sender details inside encrypted envelope.arstechnica.com