alt Hacker NewsClever finding but the title does no justice to the actual attack. Even a bare minimum threat model requires a user to use VPN or Tor which completely eliminates your "0day". Signal rightfully declined your report because it's only job is to provide secure communication
Replies
iforgot22 • 01/22/2025
Typical mobile user with a VPN is still vulnerable as far as I can tell, because they may be disconnected while displaying a push notification, but feel free to prove me wrong: https://news.ycombinator.com/item?id=42786466
➕ show 1 reply
mmooss • 01/21/2025
Signal is intended not for HN readers, but for ordinary people who don't understand VPNs and Tor.
Signal is definitely also aiming to provide metadata privacy, which they understand to be part of secure communication.
Otherwise, they wouldn't pad attachment and message sizes, offer a "sealed sender" feature, allow relaying all calls to avoid callers/callees from learning users' IP addresses etc.