They can tell you connect to AWS when the Signal app fetches messages after a notification, they need to be able to peek into Amazon’s servers to see you’re connecting specifically to Signal
AWS is not a black box from the outside. The signal servers will have their own external IP addresses that you will connect with, your ISP could keep track of those connections. Furthermore, if you are worried that the government is using your ISP to spy, what makes you think that AWS wouldn’t be subject to that as well? Signal is absolutely a target in this respect too.
Of course you can do various things to potentially hide your connection to signal, for instance by using tor, but in some sense there’s no guarantee if you don’t trust anything external to you. I’m personally not too worried about the “this person uses signal” metadata, though.
There’s not enough unique IP addresses to distinguish Signal servers, if you don’t explicitly set up static IP addresses you’re going to share an IP pool
How?
Because your ISP and cell phone provider can tell you’re connecting to signal.
They can tell you connect to AWS when the Signal app fetches messages after a notification, they need to be able to peek into Amazon’s servers to see you’re connecting specifically to Signal
AWS is not a black box from the outside. The signal servers will have their own external IP addresses that you will connect with, your ISP could keep track of those connections. Furthermore, if you are worried that the government is using your ISP to spy, what makes you think that AWS wouldn’t be subject to that as well? Signal is absolutely a target in this respect too.
Of course you can do various things to potentially hide your connection to signal, for instance by using tor, but in some sense there’s no guarantee if you don’t trust anything external to you. I’m personally not too worried about the “this person uses signal” metadata, though.
There’s not enough unique IP addresses to distinguish Signal servers, if you don’t explicitly set up static IP addresses you’re going to share an IP pool
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html#aws-ip-download
Sure they could tap into AWS (but it would be even easier to try to get data from Google Play Store on who has it installed).
Signal has native support for proxying via Tor in that case.