The conversation around "metadata" in messaging security, and what qualifies as "good enough", has gotten really weird.
Lots of people bring up Signal's sealed sender as "this is what qualifies as good", but then are unable to explain exactly how it works, or why it would qualify.
And I've been unable to determine this myself as well, since Signal are very cagey about the technical details. What I've found has not convinced me that it actually does protect metadata.
So. As far as I can tell. The bar to meet is "your product is literally Signal" and nothing else? This makes no sense to me.
(Not a subtoot nor related to a parallel converstation I'm having around metadata, this is describing a pattern from the past few years)
@joepie91 Not that it matters what I think. There's like 5 people in my life I can only communicate with over Signal so I am a user no matter what thanks to lock-in..
@joepie91 It really doesn't sit well with me how so many defer to, or even only acknowledges, Signal in this space. I don't trust Signal at all and I think I've been through plenty of good reasons not to at this point.