Plenty of messaging apps use strong encryption to make it next to impossible for law enforcement officers or other potential adversaries to read communications sent between parties. Often, however, unencrypted metadata—such as the sender, receiver, and time a message is sent—is all the sensitive data an adversary needs. Now, the Signal app is testing a new technique called “sealed sender” that’s designed to minimize the metadata that’s accessible to its servers.
A beta release announced Monday will send messages that remove most of the plain-text sender information from message headers. It’s as if the Signal app was sending a traditional letter through the postal service that still included the “to” address but has left almost all of the “from” address blank.
Like most messaging services, Signal has relied on the “from” address in message headers to prevent the spoofing of user identities and to limit spam and other types of abuse on the platform. Sealed sender, which puts most user information inside the encrypted message, uses two new devices to get around this potential privacy risk: