• Dessalines@lemmy.mlOP
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    3 年前

    In a centralized database without, this seems like it’d be trivial to get around. You’d only have to look at the client sent messages and correlate them to the receiving ones.

    • Dreeg Ocedam@lemmy.ml
      link
      fedilink
      arrow-up
      3
      arrow-down
      3
      ·
      3 年前

      It’s more complex than that. The client doesn’t authenticate itself to the server. It only shows a certificate that says “I have a right to send messages to this person”. This certificate is anonymous and was initially generated by the receiver, and then sent via the encrypted session.

      More details here.

      The server could still correlate the IP, which is much less valuable and can be hidden through VPNs or even the built-in censorship circumvention proxy.