News

Signal tests privacy-friendly contact finding with Intel CPUs feature

By admin
Spread the love

Signal developer Open Whisper Systems has introduced a method that allows users to find contacts using Signal in a privacy-friendly way. For this, the service uses the SGX function of Intel CPUs.

In a blog post, Moxie Marlinspike of Open Whisper Systems explains that the problem with every social service is that there must be a so-called social graph, which shows who the contacts of a certain person are. For example, some services let you log in with Facebook to find contacts. Marlinspike says the problem is that Facebook owns the data. In addition, he wants Signal to know as little as possible about its users. Also, users shouldn’t have to blindly trust Open Whisper Systems to do what it says, because “that’s not how privacy works.”

This is a problem when Signal wants to map a user’s contacts, because “nobody wants to have an empty address book when they want to send a message.” At the moment this is done with hashes, but they would be fairly easy to reverse because a telephone number consists of a fixed number of digits, so the keyspace is small. In addition, users must trust that Signal’s open source code actually runs on Open Whisper Systems’ servers.

That is why the Signal developers want to use the SGX function of Intel CPUs, or Software Guard Extensions, for the servers. Intel made this functionality part of its architecture in 2013 to enable the creation of protected software containers. Marlinspike explains that an application can establish a secure enclave that is separate from the rest of the OS and kernel. In addition, it is possible to cryptographically prove that certain code actually runs in that enclave.

Originally, the feature was supposed to have been created for DRM purposes so that a media server can verify that a viewer’s system is actually running the correct code. However, in the Signal scenario, it is the server that runs the enclave, in encrypted RAM. Clients, which do not need an Intel chip, connect securely to the enclave and send encrypted identifiers from their contact list to it. That way, the host system doesn’t learn anything about what’s going on inside the enclave, and therefore nothing about the user, Marlinspike said.

Open Whisper Systems has made the code behind the new project publicly available. This is still a technology preview. The code should be ingested into clients in the coming months, once the tests are completed.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses