alt Hacker NewsYou can't instruct a random Signal client to fetch a random URL. Here's how this attack works:
1. Attacker sends novel image to Signal
2. Signal hosts the image on their core servers
3. Signal instructs victim to fetch preview of the image
4. Victim asks the CDN for the image
5. CDN gets the image from Signal core servers and caches it
6. Victim gets the image from the CDN and displays the preview normally
7. Attacker hits every one of the CDN cache servers
8. The CDN cache server that say "yep, saw that already" is the one closest to the victim
Can't you already see the IP of the datacenter that requested the image from your server/pixel and map it to the data center+location?
This is assuming the data center is directly requesting the source server which it might be given a few searches on Google [1].
[1] https://community.cloudflare.com/t/cloudflare-is-forwarding-...