I dont' believe the Signal app/network is choosing to cacheimages in a CDN? But ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jrochkind1 6 months ago \| parent \| context \| favorite \| on: 0-click deanonymization attack targeting Signal, D... I dont' believe the Signal app/network is choosing to cacheimages in a CDN? But any user can send anyone other user a message that includes a link to a CDN-cached resource. Isn't that the "attack" here? Or am I misunderstanding?

aprilnya 6 months ago [–]

Signal does cache them in a CDN. If the vulnerability was sending any link, you could just set up your own web server and get the person’s IP

jrochkind1 6 months ago | [–]

Ah, and the attack is knowing what CDN that is that signal itself is using, and examining it directly? I had missed that somehow.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact