I was also curious about this. Referring to the Server API documentation
[1], what is transmitted to the server, is, for each number in the
phone's contact list, a token equal to:
Base64(SHA1(E164number)[0:10])
Caveat: After a brief search, I can't find, in the iOS or Android
source, just where these tokens are calculated, to confirm if that
Server documentation is current and correct.
My TL;DR on the the blog post [2] is that this does not guarantee the
server has zero knowledge of the phone numbers in a contact list, since
(as moxie remarked) the space of E164numbers is small enough to
calculate the hashed token for every phone number - with that table, if
you have the token, you have the number.
So it seems to me:
* The server necessarily stores the token for every subscriber, thus the
phone number of every subscriber is discernable from the server database.
* If the server is indeed successful in not storing, logging, leaking
the protocol messages used to (transiently) calculate contact
intersection, and the channel from phone to server isn't compromised,
then the contact list from a particular phone is not leaked directly -
but the list (obfuscated by the hash) does get sent over the wire, so
those "ifs" matter in tough environments.
* As of today, this applies to messaging - for voice calls, according to
[2], bloom filters are used to calculate contact intersection entirely
on the client, without putting the contact list on the wire.
Is that right?
[1]
https://github.com/WhisperSystems/TextSecure-Server/wiki/API-Protocol#getting-a-contact-intersection
[2] https://whispersystems.org/blog/contact-discovery/
Post by Jens B.https://whispersystems.org/blog/contact-discovery/
This is a continuation of this GItHub
issue: https://github.com/WhisperSystems/Signal-Android/issues/4726
How is contact discovery being done right now in Signal?