Which messengers conceal file sizes and similar metadata?

ryrona

This far, we have mostly been concerned about encrypting file data and file names, but leaving file sizes and timestamps as they are. The reason for this is that file sizes and timestamps have rarely ever been used in practice to identify what file it is.

However, the situation appears to be changing, as some governments are now calling for and even planning to fund development into tools that can detect illegal content (such as CSAM) despite it being encrypted. Both on disk and in transit. Although they haven't said how they intend to do it, using the unencrypted file sizes, file counts and timestamps are likely vectors they will target.

This can of course not detect the content of unknown files, such as encrypted private photos, but file sizes in bytes are usually unique enough that it would reveal the content of a known file, even if the content has been wrapped with unbreakable encryption. There are probably very few files in the world that would be exactly 5682334 bytes large, and if there is a set of files, the set will definitely be uniquely identifiable, despite encryption. Likewise, oftentimes, apps that download files also fetch the file timestamp from the remote server, and might also share the timestamp when sharing the file. There is probably not very many files that were created exactly 9th August 2025, 11:33:04. Thus the timestamp essentially becomes a unique identifier for the file, especially if there are timestamps for a set of files that belong to each other.

Protecting against leaking the identity of the file is easy: When sending the file over a messenger, do not send a timestamp, and pad the encrypted file so its size matches that of many other padded files, and if sending many files together, zip them before padding to hide file count and approximate sizes for a set of files.

This can be very important when sharing sensitive files that are or will be known to the adversary, such as sensitive leaked documents (whether you are the original source or not), video recording of human rights abuses, and so on.

But I don't know any messenger that actually does pad file sizes. Are there any messenger that does?

Bimmy

ryrona

Thank you for bringing this up, it's an interesting question.

Speculation: In a narrow scope, Briar Project's messengers? Due to it's focus on usage in high-risk situations, I'd assume, that these and their mostly onion-routing based peer-to-peer approach should conceal image metadata as well. (I'm writing image as apposed to general attachment metadata, since AFAIK, file transfer has been limited to heavily recompressed images, not generic files.)

As always, if s.o. knows better please correct me. And (NOTE) for anyone who intends to risk their live by relying on Briar or any other messenger in areas of war, civil unrest, being dissident facing oppressive regimes or similar high-risk situations: Also conduct your own research; don't just blindly trust above speculation of mine.

zzz

I've heard that SimpleX is generally considered to have better metadata privacy among messaging apps:

https://www.messenger-matrix.de/messenger-matrix-en.html

You could look into SimpleX's file transfer protocol, XFTP:

XFTP relays do not have any file metadata - they only see individual chunks, with access to each chunk authorized with anonymous credentials (using Edwards curve cryptographic signature) that are random per chunk.
chunks have one of the sizes allowed by the servers - currently we allow 256kb, 1mb and 4mb chunks, so if you send, say 1gb file, to XFTP relays it will look indistinguishable from sending many small files, and they would only know that chunks are sent by the same user only via the transport information, but none of the relays will see all chunks.

https://simplex.chat/blog/20230301-simplex-file-transfer-protocol.html

That article is from early 2023 and refers to XFTP as not yet implemented in the app.

Not clear to me if it has been integrated into the app at this point, or if it's a separate thing.
https://simplex.chat/docs/xftp-server.html