Does Signal have measures against correlation attacks?

The Intercept reported in May that the IDF used traffic analysis on Gaza WhatsApp users to identify contacts of people whom they deemed hostile, citing an internal WhatsApp assessment. It further hypothesises about the use of information from these attacks by the IDF in their AI target identification systems.

The internal WhatsApp assessment says that “adding an artificial delay to messages to throw off attempts to geolocate the sender and receiver of data, for instance, will make the app feel slower to all 2 billion users” (as interpreted by The Intercept).

They asked WhatsApp about preventing correlation attacks. They gave a canned response and did not address specifics.


Is it known if Signal has considered these issues?

skimming throught the legal transparency reports of signal, they keep data of last connected time, signed up time etc.

time corelation attacks are only applicable to high threat individuals imho.

1 Like

Of course, there’s no threat where I live of being targeted with an airstrike based on deep traffic analysis of messenger activity. It would be amazing if WhatsApp could mitigate such risks in places like Gaza.

They should. But for Gaza? Former IDF guy is Meta’s CISO (chief information security officer).

I haven’t read much about the defenses yet, but would messengers over I2P / Tor (like cwtch) help?

I can only say one thing: with a messenger like Cwtch, the reliability, sending files, photos, or making video/chat calls would be absolutely awful, unless Tor founds a magical way to drastically decrease the latency, increase the speed, and increase the number of high-bandwidth nodes.

I currently use SimpleX, and I sometimes send around 700 MB of videos to my family members, and it goes fast, which just can’t be true with something like Cwtch.

1 Like

This is why you use a VPN, so you have cover for your traffict. This isn’t a vulnerability, and is true for most if not all messaging services.