-
@ IC - InfoCollagen
2025-05-08 07:12:27
PTS2025
Metadata Protection in Instant Messaging Applications: a Review
2025-07-03, 15:35–16:10
(Europe/Paris), Amphitheater 122
Twelve years after the public specification of the Signal protocol, almost all
instant messaging protocols have embraced the ratchet construct, granting perfect
forward secrecy and post-compromise security.
Whatsapp, Signal, OMEMO-based applications, Olm and Megolm-based applications,
or SimpleX Chat all use the Double Ratchet protocol. Olvid also uses a ratchet
protocol, although the construct is a bit different. And there are the stragglers
who insist on not using any form of perfect forward secrecy, such as Session or
Delta Chat. Of those, we will talk no more.
But since then, we have learned the hard way from some NSA executive that
metadata gets you arrested or killed. And so begs the question: how well are
protected our metadata by the various instant messaging infrastructures?
Signal claims one cannot hand over data one doesn't have. But how honest are
they about the metadata they do have, and that could be requested from them or
their hosting provider by a subpoena and sealed orders.
In this talk, we will explore some metadata available to Signal servers, Olvid
servers, Matrix/Element home servers and SimpleX Chat SMP queue servers. We will
then discuss the strategies that some of these applications have deployed to
limit metadata exposition, including those leveraging external transport security,
such as the use of Tor.
This talk covers the obvious issue of long-term identities and the
construction of the social graph and how some protections supposed to thwart the
social graph recovery are flawed. Some of these attacks are publicly documented
and still unmitigated by those affected by them.
This talk also dives into less obvious metadata leaks, such as traffic
correlation and ciphertext correlation.
Finally it also points out that some of the studied instant messaging solutions
do not protect all messages and leak metadata to third parties via attachment
upload, push notifications, backups and voice/video calls.
Sorting out which instant messaging application is the best is a non-goal for
this talk.
+++
Sources & Links
Florian Maury
Florian Maury is a freelancer offering services as a software/system/security engineer and architect.
They also write a technical blog "Broken by Design" and host a podcast "Yakafokon" on Infrastructure as Code Security and DevSecOps practices.
In their spare time, Florian also contributes to free software, and they are an activist for animal rights.
+++
https://cfp.pass-the-salt.org/pts2025/talk/7K9MEV/