**Nikola Lakić** @nikolal@social.privacytools.io · 2020-05-16T12:24:05Z

Nikola Lakić @nikolal@social.privacytools.io

Nikola Lakić @nikolal@social.privacytools.io

@resist_berlin_@chaos.social
No, giphy doesn't know who is issuing requests for gifs since they are proxied through signal.
https://signal.org/blog/giphy-experiment/

May 16, 2020, 12:24 · · Fedilab · · ·

**Tails user** @syster@social.linux.pizza · May 19, 2020, 14:02

**Tails user** @syster@social.linux.pizza · May 19, 2020, 14:02

May 19, 2020, 14:02

Tails user @syster@social.linux.pizza

@nikolal @resist_berlin_
question that remains for me:
how can facebook possibly track signal users through injections into the gifs.
afaik, signal has nothing that would prevent such an attack.

Moxie's privacy guaranty:
"hope"

ef30670f42ee59f3.png

**Nikola Lakić** @nikolal@social.privacytools.io · May 19, 2020, 15:06

**Nikola Lakić** @nikolal@social.privacytools.io · May 19, 2020, 15:06

May 19, 2020, 15:06

Nikola Lakić @nikolal@social.privacytools.io

@syster
This reminds me of those infamous image magick remote code execution exploits. As moxie said, if gifs or images had this vulnerability its cosequences vastly preceed Signal
@resist_berlin_@chaos.social

**Tails user** @syster@social.linux.pizza · May 20, 2020, 10:26

**Tails user** @syster@social.linux.pizza · May 20, 2020, 10:26

May 20, 2020, 10:26

Tails user @syster@social.linux.pizza

@nikolal @resist_berlin_
I could imagine having microdots placed within the gifs, and something like android or some fb app listening to it could be enough for tracking.
Images have this vulnerability.

Resources

Developers

What is Mastodon?

social.privacytools.io

More…