Cloudflare Issue Can Leak Chat App Users' Broad Location (www.404media.co)

submitted 2 months ago by otter@lemmy.ca to c/privacy@lemmy.dbzer0.com

2 comments fedilink hide all child comments

This affects Signal too

An issue with Cloudflare allows an attacker to find which Cloudflare data center a messaging app used to cache an image, meaning an attacker can obtain the approximate location of Signal, Discord, Twitter/X, and likely other chat app users. In some cases an attacker only needs to send an image across the app, with the target not clicking it, to obtain their location.

https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117?ref=404media.co

Signal, an open-source encrypted messaging service, is widely used by journalists and activists for its privacy features. Internally, the app utilizes two CDNs for serving content: cdn.signal.org (powered by CloudFront) for profile avatars and cdn2.signal.org (powered by Cloudflare) for message attachments.

top 2 comments

sorted by: hot top controversial new old

[-] Blaze@lemmy.zip 5 points 2 months ago

Thank you for posting here!

[-] FrostyTrichs@walledgarden.xyz 4 points 2 months ago

Yet another reason to move to SimpleX chat. Signal is better than nothing but far from perfect. Besides adoption I think SXC is universally the better option.

this post was submitted on 21 Jan 2025

44 points (100.0% liked)

Privacy

1852 readers

187 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

Be civil and no prejudice
Don't promote big-tech software
No reposting of news that was already posted
No crypto, blockchain, NFTs
No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 5 months ago

MODERATORS

fxomt@lemmy.dbzer0.com

otter@lemmy.ca

shaytan@lemmy.dbzer0.com

fxomt@piefed.social