Cool writeup by a 15yo, except for the way it completely oversells in the title.
Basically this allowed an attacker to find out which cloudflare data center a victim connected to when being tricked into loading something from cloudflare. This is often within a 250 mile radius of where they're living but not necessarily.
Can't one find out someone's IP just as easily by making them make a request to a URL controlled by an attacker? Is the problem that cloudflare is whitelisted for 0-click?
> Can't one find out someone's IP just as easily by making them make a request to a URL controlled by an attacker?
Unless you can find another flaw in Signal, that'd likely be a 1-click attack, which is less valuable than the 0-click attack demonstrated by the author.
Basically this allowed an attacker to find out which cloudflare data center a victim connected to when being tricked into loading something from cloudflare. This is often within a 250 mile radius of where they're living but not necessarily.
Can't one find out someone's IP just as easily by making them make a request to a URL controlled by an attacker? Is the problem that cloudflare is whitelisted for 0-click?