Wickr, Telegram, XMPP, and Threema collect more metadata than Session and Signal. However, among the four, which one collects the most metadata and which one does the least? I hypothesize it is Telegram/Wickr, XMPP, then Threema (from most to least). I am also curious how metadata collection works in Threema in particular.
Session and Signal collects virtually negligible metadata. How were both able to handle metadata collection so well and why does Matrix suffer from metadata leakage?How severe is Matrix’s metadata leakage compared to, say, metadata collection of Telegram?
Not sure exactly, but I do know thas they both encrypt the metadata they collect. Although I believe Session has been designed to collect less metadata than Signal.
Metadata in a message includes the information about whom the message is being sent to and also by whom. Traditional protocols (Emails) can’t work with the metadata being encrypted as the server will just get confused who to send it to since it doesn’t know that info (Kind of like a postman. You basically have to reveal the identity of whom you are wishing to send it to).
Signal Protocol doesn’t need that metadata to do the same job.
I’m really curious how Signal functions so well with virtually just two bits of metadata: when user joined and last when user was online. I think the latter correlates(?)/organizes interactions, since Signal doesn’t reveal any other matching metadata. And I think the former is still kept to at least verify(?) that the message is authentic. But they’re hypotheses.
Matrix is often compared to email, as both are federated. And if email can’t work properly with encrypted metadata, I think the question why Matrix has metadata leakage problems is implicitly answered. But surely the Matrix metadata leakage doesn’t hold a candle versus the metadata Facebook Messenger, WhatsApp, and SMS nab.
To answer that you will have to understand the entire Cryptosystem/Cryptography which is beyond the scope of a forum. It would take you a min. of 5-10 yrs lol.
The protocol combines the Double Ratchet algorithm, prekeys, and a triple Elliptic-curve Diffie–Hellman (3-DH) handshake, and uses Curve25519, AES-256, and HMAC-SHA256 as primitives.