Metadata Protection in Instant Messaging Applications: a Review
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Toggle fullscreen mode | F |
Select next subtitles | C |
Select next audio track | A |
Toggle automatic slides maximization | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Seek 1 frame backward | alt + left arrow |
Seek 1 frame forward | alt + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | < |
Increase playback rate | > |
Seek to end | end |
Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Twelve years after the public specification of the Signal protocol, almost all instant messaging protocols have embraced the ratchet construct, granting perfect forward secrecy and post-compromise security. Whatsapp, Signal, OMEMO-based applications, Olm and Megolm-based applications, or SimpleX Chat all use the Double Ratchet protocol. Olvid also uses a ratchet protocol, although the construct is a bit different. And there are the stragglers who insist on not using any form of perfect forward secrecy, such as Session or Delta Chat. Of those, we will talk no more. But since then, we have learned the hard way from some NSA executive that metadata gets you arrested or killed. And so begs the question: how well are protected our metadata by the various instant messaging infrastructures? Signal claims one cannot hand over data one doesn't have. But how honest are they about the metadata they do have, and that could be requested from them or their hosting provider by a subpoena and sealed orders. In this talk, we will explore some metadata available to Signal servers, Olvid servers, Matrix/Element home servers and SimpleX Chat SMP queue servers. We will then discuss the strategies that some of these applications have deployed to limit metadata exposition, including those leveraging external transport security, such as the use of Tor.
Other media in the channel "2025"
10 views, 10 this year, 10 this monthEXADPrinter: Exhaustive Permissionless Device Fingerprinting Within the Android EcosystemJuly 3rd, 2025
4 views, 4 this year, 4 this monthThe Even Darker Web - Dirty tricks and questionable code choices on some of the world's largest websitesJuly 4th, 2025
13 views, 13 this year, 13 this monthAnalyzing Microarchitectural Side-Channel Attacks Using Open-source gem5 simulatorJuly 3rd, 2025
8 views, 8 this year, 8 this monthFun with flags: How Compilers Break and Fix Constant-Time CodeJuly 3rd, 2025
11 views, 11 this year, 11 this monthSecrets at Sea: Hunting Exposed Code & Container RegistriesJuly 3rd, 2025
9 views, 9 this year, 9 this monthRootAsRole: Simplifying Linux Privileges and Fortifying Ansible DeploymentsJuly 3rd, 2025