<beneroth>
TL;DR: cache sidechannel attack, there being a way to find out which Cloudflare datacenter has the picture cached, allows to somewhat determine the location (the nearest Cloudflare datacenter) of the receiver of the message (which could be phone with notifications enabled = automatic instant download of the picture)
<beneroth>
probably irrelevant for the people here but maybe still interesting :)
<abu[7]>
Yes, thanks for the
<abu[7]>
info!
<abu[7]>
Matrix is probably not endangered
<beneroth>
I would hope that they don't outsource picture transport to a CDN
<taleon>
I use Signal in the terminal. No pictures are displayed there. However, you can download the pictures. Possibly you can also use Signal via Tor if you want to remain absolutely anonymous with regard to third-party services. I think the animated gif providers in the messenger used to be too data-heavy.
<beneroth>
it's more about pictures a sender adds, e.g. a foto - not some widely used pictures, because downloading those would not be very specific to the recipient
<beneroth>
sender sends a specific picture to a known recipient, and then checks from which Cloudflare node it got downloaded, and that way the sender can roughly determine the recipients location
<beneroth>
mostly relevant e.g. for journalists or whisteblowers etc., as tracking their whereabouts even just roughly is already important information for a stasi employee
<beneroth>
so in short: signal is not safe to use if you want to defend against nation state actors.
<beneroth>
(also with Cloudflare being US company, the US services can get all these and more data directly from Cloudflare. And Signal can even claim that they were not involved in that)
ygrek has quit [Remote host closed the connection]
<aw->
lol "written by a 15yr old"
<aw->
a 15yr old with 20 years writing experience...