• towerful@programming.dev
    link
    fedilink
    English
    arrow-up
    20
    ·
    11 months ago

    The metadata is actually quite important.
    Sure, chances are it’s a “pending WhatsApp message” notification, but not the actual contents of the message.
    However, with enough metadata and by surveying traffic from WhatsApp data centers, someone could see User A accessed WhatsApps service, which generated a WhatsApp notification for User B.
    That might just be a coincidence, but with enough data and time, the probability that User A is talking to User B can be increased.
    If it also shows that Users C, D and E also get notifications at the same time, it is likely that all those users are in a group chat together.
    It’s called a timing attack.
    And perhaps it isn’t enough evidence to stand up in court, it can help build the profile of the users, and guide investigations to other possible accomplices.