A key part of what makes Signal the leading encrypted messaging app[1] is its effort to minimize the amount of data or metadata each message leaves behind. The messages themselves are fully encrypted as they move across Signal's infrastructure, and the service doesn't store logs of information like who sends messages to each other, or when. On Monday, the nonprofit that develops Signal announced[2] a new initiative to take those protections even further. Now, it hopes to encrypt even information about which users are messaging each other on the platform.
As much as it values privacy, Signal still needs to see where messages are going so that it can deliver them to the right account. The service has also relied on seeing what account a message came from to help verify that the sender is legit, limit the number of messages an account sends in a period of time to prevent it from spewing spam, and offer other types of anti-abuse checks.
But having access to metadata about the sender and recipient—essentially the address and return address on the outside of letters—offers a lot of information about how people use Signal and with whom they associate. Think of it as the address and return address on the envelope of a physical letter. So Signal's developers created workarounds that will now allow the app to encrypt not just the contents of messages, but the identity of the sender.
"While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is," Moxie Marlinspike, the creator of Signal, wrote on Monday. "It would be better if the service could handle packages where only the destination is written on the outside, with a blank space where