{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T03:49:04Z","timestamp":1769917744187,"version":"3.49.0"},"reference-count":112,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2023,2,28]]},"abstract":"<jats:p>Contact discovery allows users of mobile messengers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods and propose suitable mitigations.<\/jats:p>\n          <jats:p>Our study of three popular messengers\u00a0(WhatsApp, Signal, and Telegram) shows that large-scale crawling attacks are\u00a0(still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we queried\u00a010 % of\u00a0US mobile phone numbers for\u00a0WhatsApp and\u00a0100 % for\u00a0Signal. For\u00a0Telegram, we find that its\u00a0API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting\u00a0(cross-messenger) usage statistics, which also reveal that very few users change the default privacy settings.<\/jats:p>\n          <jats:p>Furthermore, we demonstrate that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal. Most notably, we show that with the password cracking tool\u00a0\u201cJTR,\u201d we can iterate through the entire worldwide mobile phone number space in\u00a0&lt; 150 s on a consumer-grade\u00a0GPU. We also propose a significantly improved rainbow table construction for non-uniformly distributed input domains that is of independent interest.<\/jats:p>\n          <jats:p>\n            Regarding mitigations, we most notably propose two novel rate-limiting schemes: our\u00a0\n            <jats:italic>incremental<\/jats:italic>\n            contact discovery for services without server-side contact storage strictly improves over\u00a0Signal\u2019s current approach while being compatible with private set intersection, whereas our\u00a0\n            <jats:italic>differential<\/jats:italic>\n            scheme allows even stricter rate limits at the overhead for service providers to store a small constant-size state that does not reveal any contact information.\n          <\/jats:p>","DOI":"10.1145\/3546191","type":"journal-article","created":{"date-parts":[[2022,6,30]],"date-time":"2022-06-30T10:21:57Z","timestamp":1656584517000},"page":"1-44","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations"],"prefix":"10.1145","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1290-5902","authenticated-orcid":false,"given":"Christoph","family":"Hagen","sequence":"first","affiliation":[{"name":"University of W\u00fcrzburg, Bavaria, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4906-6871","authenticated-orcid":false,"given":"Christian","family":"Weinert","sequence":"additional","affiliation":[{"name":"Royal Holloway, University of London, Surrey, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3766-783X","authenticated-orcid":false,"given":"Christoph","family":"Sendner","sequence":"additional","affiliation":[{"name":"University of W\u00fcrzburg, Bavaria, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5637-7016","authenticated-orcid":false,"given":"Alexandra","family":"Dmitrienko","sequence":"additional","affiliation":[{"name":"University of W\u00fcrzburg, Bavaria, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8090-1316","authenticated-orcid":false,"given":"Thomas","family":"Schneider","sequence":"additional","affiliation":[{"name":"Technical University of Darmstadt, Hesse, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_3_2_2","unstructured":"Affinityclick. 2013. Hushed - Private Phone Numbers Talk and Text. Retrieved from https:\/\/hushed.com\/."},{"key":"e_1_3_3_3_2","unstructured":"Parry Aftab. 2014. Findings under the Personal Information Protection and Electronic Documents Act (PIPEDA). Retrieved from https:\/\/parryaftab.blogspot.com\/2014\/03\/what-does-whatsapp-collect-that.html."},{"key":"e_1_3_3_4_2","volume-title":"IEEE Symposium on Security and Privacy (S&P)","author":"Albrecht Martin","year":"2022","unstructured":"Martin Albrecht, Lenka Marekov\u00e1, Kenneth Paterson, and Igors Stepanovs. 2022. Four attacks and a proof for Telegram. In IEEE Symposium on Security and Privacy (S&P). IEEE."},{"key":"e_1_3_3_5_2","unstructured":"Backes SRT. 2013. WhatsBox - GDPR Compliant WhatsApp. Retrieved from https:\/\/www.backes-srt.com\/en\/solutions-2\/whatsbox\/."},{"key":"e_1_3_3_6_2","doi-asserted-by":"crossref","first-page":"422","DOI":"10.1007\/978-3-642-15512-3_22","volume-title":"Recent Advances in Intrusion Detection (RAID)","author":"Balduzzi Marco","year":"2010","unstructured":"Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, and Christopher Kruegel. 2010. Abusing social networks for automated user profiling. In Recent Advances in Intrusion Detection (RAID). Springer, 422\u2013441."},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/1526709.1526784"},{"key":"e_1_3_3_8_2","doi-asserted-by":"crossref","first-page":"292","DOI":"10.1109\/EuroSP.2016.31","volume-title":"IEEE European Symposium on Security and Privacy (EuroS&P)","author":"Biryukov Alex","year":"2016","unstructured":"Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich. 2016. Argon2: New generation of memory-hard functions for password hashing and other applications. In IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 292\u2013302."},{"key":"e_1_3_3_9_2","unstructured":"BitWeasil. 2012. Cryptohaze. Retrieved from http:\/\/www.cryptohaze.com."},{"key":"e_1_3_3_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2677972.2677980"},{"key":"e_1_3_3_11_2","first-page":"991","volume-title":"USENIX Security Symposium","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the Intel SGX Kingdom with transient out-of-order execution. In USENIX Security Symposium. USENIX Association, 991\u20131008."},{"key":"e_1_3_3_12_2","unstructured":"Katie Canales. 2021. Hackers Scraped Data from 500 Million LinkedIn Users. Retrieved from https:\/\/www.businessinsider.com\/linkedin-data-scraped-500-million-users-for-sale-online-2021-4."},{"key":"e_1_3_3_13_2","unstructured":"Katie Canales. 2021. Scraped Personal Data of 1.3 Million Clubhouse Users Has Reportedly Leaked Online. Retrieved from https:\/\/www.businessinsider.com\/clubhouse-data-leak-1-million-users-2021-4."},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243836"},{"key":"e_1_3_3_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134061"},{"key":"e_1_3_3_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484356"},{"key":"e_1_3_3_17_2","unstructured":"Howard Chu. 2015. LMDB Website. Retrieved from http:\/\/www.lmdb.tech\/doc\/."},{"key":"e_1_3_3_18_2","first-page":"352","volume-title":"Human-Computer Interaction with Mobile Devices and Services (MobileHCI)","author":"Church Karen","year":"2013","unstructured":"Karen Church and Rodrigo de Oliveira. 2013. What\u2019s up with WhatsApp? Comparing mobile instant messaging behaviors with traditional SMS. In Human-Computer Interaction with Mobile Devices and Services (MobileHCI). ACM, 352\u2013361."},{"key":"e_1_3_3_19_2","unstructured":"Catalin Cimpanu. 2019. Hong Kong Protesters Warn of Telegram Feature that Can Disclose Their Identities. Retrieved from https:\/\/www.zdnet.com\/article\/hong-kong-protesters-warn-of-telegram-feature-that-can-disclose-their-identities\/."},{"key":"e_1_3_3_20_2","unstructured":"Mike Clark. 2021. The Facts on News Reports about Facebook Data. Retrieved from https:\/\/about.fb.com\/news\/2021\/04\/facts-on-news-reports-about-facebook-data\/."},{"key":"e_1_3_3_21_2","unstructured":"J. Clement. 2019. Most Popular Global Mobile Messenger Apps. Retrieved from https:\/\/www.statista.com\/statistics\/258749\/most-popular-global-mobile-messenger-apps."},{"key":"e_1_3_3_22_2","unstructured":"J. Clement. 2019. Most Popular Mobile Messaging Apps in the United States as of June 2019. Retrieved from https:\/\/www.statista.com\/statistics\/350461\/mobile-messenger-app-usage-usa\/."},{"key":"e_1_3_3_23_2","unstructured":"J. Clement. 2019. Number of WhatsApp Users in the United States from 2019 to 2023. Retrieved from https:\/\/www.statista.com\/statistics\/558290\/number-of-whatsapp-users-usa\/."},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/356770.356776"},{"key":"e_1_3_3_25_2","unstructured":"Confide Inc.2022. Confide Privacy Policy. Retrieved from https:\/\/getconfide.com\/privacy."},{"key":"e_1_3_3_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484760"},{"key":"e_1_3_3_27_2","unstructured":"Josh Constine. 2018. WhatsApp Hits 1.5 Billion Monthly Users. $19B? Not So Bad. Retrieved from https:\/\/techcrunch.com\/2018\/01\/31\/whatsapp-hits-1-5-billion-monthly-users-19b-not-so-bad\/."},{"key":"e_1_3_3_28_2","unstructured":"Joseph Cox. 2017. Building a Database of WhatsApp Users Can Be Pretty Easy. Retrieved from https:\/\/www.vice.com\/en\/article\/wnw4vw\/building-a-database-of-whatsapp-users-can-be-pretty-easy."},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2747598"},{"key":"e_1_3_3_30_2","unstructured":"Deutsche Welle. 2019. New EU Data Law Forces Firms to Ban WhatsApp Snapchat from Phones. Retrieved from https:\/\/www.dw.com\/en\/new-eu-data-law-forces-firms-to-ban-whatsapp-snapchat-from-phones\/a-44076861."},{"key":"e_1_3_3_31_2","unstructured":"Zak Doffman. 2019. New WhatsApp Threat Confirmed: Android and iOS Users at Risk from Malicious Video Files. Retrieved from https:\/\/www.forbes.com\/sites\/zakdoffman\/2019\/11\/16\/new-whatsapp-threat-confirmed-android-and-ios-users-at-risk-from-malicious-video-files\/."},{"key":"e_1_3_3_32_2","unstructured":"Zak Doffman. 2021. Apple\u2019s iMessage Safety Update Is a Major Change for iPhone Privacy. Retrieved from https:\/\/www.forbes.com\/sites\/zakdoffman\/2021\/11\/13\/apples-billion-iphone-users-shock-imessage-update-after-security-warnings\/."},{"key":"e_1_3_3_33_2","unstructured":"Meredith Dost and Kyley McGeeney. 2016. Moving without Changing Your Cellphone Number: A Predicament for Pollsters. Retrieved from https:\/\/www.pewresearch.org\/methods\/2016\/08\/01\/moving-without-changing-your-cellphone-number-a-predicament-for-pollsters\/."},{"key":"e_1_3_3_34_2","unstructured":"Pavel Durov. 2020. 400 Million Users 20 000 Stickers Quizzes 2.0 and 400K EUR for Creators of Educational Tests. Retrieved from https:\/\/telegram.org\/blog\/400-million."},{"key":"e_1_3_3_35_2","unstructured":"Jose Estrada. 2018. WhatsApp Scraping. Retrieved from https:\/\/github.com\/JMGama\/WhatsApp-Scraping."},{"key":"e_1_3_3_36_2","unstructured":"Facebook Inc.2020. Two Billion Users \u2014 Connecting the World Privately. Retrieved from https:\/\/about.fb.com\/news\/2020\/02\/two-billion-users\/."},{"key":"e_1_3_3_37_2","unstructured":"Google. 2010. Google\u2019s Common Java C++ and JavaScript Library for Parsing Formatting and Validating International Phone Numbers. Retrieved from https:\/\/github.com\/google\/libphonenumber."},{"key":"e_1_3_3_38_2","unstructured":"Google. 2022. I\u2019m Getting a Contacts Error - Contacts Help. Retrieved from https:\/\/support.google.com\/contacts\/answer\/148779."},{"key":"e_1_3_3_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASONAM.2016.7752410"},{"key":"e_1_3_3_40_2","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1145\/2994459.2994471","volume-title":"Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM@CCS)","author":"Gupta Srishti","year":"2016","unstructured":"Srishti Gupta, Payas Gupta, Mustaque Ahamad, and Ponnurangam Kumaraguru. 2016. Exploiting phone numbers and cross-application features in targeted mobile attacks. In Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM@CCS). ACM, 73\u201382."},{"key":"e_1_3_3_41_2","volume-title":"Network & Distributed System Security Symposium (NDSS)","author":"Hagen Christoph","year":"2021","unstructured":"Christoph Hagen, Christian Weinert, Christoph Sendner, Alexandra Dmitrienko, and Thomas Schneider. 2021. All the numbers are US: Large-scale abuse of contact discovery in mobile messengers. In Network & Distributed System Security Symposium (NDSS). Internet Society."},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.3390\/cryptography1020010"},{"key":"e_1_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3448300.3468252"},{"key":"e_1_3_3_44_2","first-page":"3577","volume-title":"USENIX Security Symposium","author":"Heinrich Alexander","year":"2021","unstructured":"Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, and Christian Weinert. 2021. PrivateDrop: Practical privacy-preserving authentication for Apple AirDrop. In USENIX Security Symposium. USENIX Association, 3577\u20133594. Retrieved from https:\/\/ia.cr\/2021\/481."},{"key":"e_1_3_3_45_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1980.1056220"},{"key":"e_1_3_3_46_2","unstructured":"Aaron Holmes. 2021. 533 Million Facebook Users\u2019 Phone Numbers and Personal Data Have Been Leaked Online. Retrieved from https:\/\/www.businessinsider.com\/stolen-data-of-533-million-facebook-users-leaked-online-2021-4."},{"key":"e_1_3_3_47_2","first-page":"365","volume-title":"IEEE Symposium on Security and Privacy (S&P)","author":"Hu Hang","year":"2019","unstructured":"Hang Hu, Peng Peng, and Gang Wang. 2019. Characterizing pixel tracking through the lens of disposable email services. In IEEE Symposium on Security and Privacy (S&P). IEEE, 365\u2013379."},{"key":"e_1_3_3_48_2","unstructured":"Ali Hubail. 2015. Interface to WhatsApp Messenger\u2014Fed up with the F**king Legal Threats. Retrieved from https:\/\/github.com\/venomous0x\/WhatsAPI."},{"key":"e_1_3_3_49_2","unstructured":"inAudible-NG. 2017. RainbowCrack-NG: Free and Open-Source Software to Generate and Use Rainbow Tables. Retrieved from https:\/\/github.com\/inAudible-NG\/RainbowCrack-NG."},{"key":"e_1_3_3_50_2","unstructured":"ITU Telecommunication Standardization Sector. 2022. National Numbering Plans. Retrieved from https:\/\/www.itu.int\/oth\/T0202.aspx?parent=T0202."},{"key":"e_1_3_3_51_2","first-page":"1447","volume-title":"USENIX Security Symposium","author":"Kales Daniel","year":"2019","unstructured":"Daniel Kales, Christian Rechberger, Matthias Senker, Thomas Schneider, and Christian Weinert. 2019. Mobile private contact discovery at scale. In USENIX Security Symposium. USENIX Association, 1447\u20131464. Retrieved from https:\/\/ia.cr\/2019\/517."},{"key":"e_1_3_3_52_2","unstructured":"Samantha Murphy Kelly. 2021. Yes You Are Getting Lots of Robocalls Again. Retrieved from https:\/\/edition.cnn.com\/2021\/03\/04\/tech\/robocalls-pre-pandemic-levels\/index.html."},{"key":"e_1_3_3_53_2","first-page":"55","volume-title":"Workshop on Information Security Applications (WISA)","author":"Kim Eunhyun","year":"2014","unstructured":"Eunhyun Kim, Kyungwon Park, Hyoungshick Kim, and Jaeseung Song. 2014. I\u2019ve got your number: - harvesting users\u2019 personal data via contacts sync for the KakaoTalk messenger. In Workshop on Information Security Applications (WISA). Springer, 55\u201367."},{"key":"e_1_3_3_54_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.04.008"},{"key":"e_1_3_3_55_2","first-page":"663","volume-title":"Information Security Practice and Experience","author":"Kim Jinwoo","year":"2017","unstructured":"Jinwoo Kim, Kuyju Kim, Junsung Cho, Hyoungshick Kim, and Sebastian Schrittwieser. 2017. Hello, Facebook! Here is the stalkers\u2019 paradise!: Design and analysis of enumeration attack using phone numbers on Facebook. In Information Security Practice and Experience. Springer, 663\u2013677."},{"key":"e_1_3_3_56_2","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2017-0044"},{"key":"e_1_3_3_57_2","unstructured":"Loran Kloeze. 2017. Collecting Huge Amounts of Data with WhatsApp. Retrieved from https:\/\/www.lorankloeze.nl\/2017\/05\/07\/collecting-huge-amounts-of-data-with-whatsapp\/."},{"key":"e_1_3_3_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978381"},{"key":"e_1_3_3_59_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04898-2_96"},{"key":"e_1_3_3_60_2","unstructured":"Joshua Lund. 2017. Encrypted Profiles for Signal Now in Public Beta. Retrieved from https:\/\/signal.org\/blog\/signal-profiles-beta\/."},{"key":"e_1_3_3_61_2","unstructured":"Joshua Lund. 2018. Technology Preview: Sealed Sender for Signal. Retrieved from https:\/\/signal.org\/blog\/sealed-sender\/."},{"key":"e_1_3_3_62_2","unstructured":"Joshua Lund. 2019. Signal-Server. Retrieved from https:\/\/github.com\/signalapp\/Signal-Server."},{"key":"e_1_3_3_63_2","unstructured":"Joshua Lund. 2019. Technology Preview for Secure Value Recovery. Retrieved from https:\/\/signal.org\/blog\/secure-value-recovery\/."},{"key":"e_1_3_3_64_2","unstructured":"Moxie Marlinspike. 2014. The Difficulty of Private Contact Discovery. Retrieved from https:\/\/signal.org\/blog\/contact-discovery\/."},{"key":"e_1_3_3_65_2","unstructured":"Moxie Marlinspike. 2017. Technology Preview: Private Contact Discovery for Signal. Retrieved from https:\/\/signal.org\/blog\/private-contact-discovery."},{"key":"e_1_3_3_66_2","first-page":"55","volume-title":"Sicherheit","author":"Marx Matthias","year":"2018","unstructured":"Matthias Marx, Ephraim Zimmer, Tobias Mueller, Maximilian Blochberger, and Hannes Federrath. 2018. Hashing of personally identifiable information is not sufficient. In Sicherheit. Gesellschaft f\u00fcr Informatik e.V., 55\u201368."},{"key":"e_1_3_3_67_2","unstructured":"Signal Messenger. 2020. Introducing Signal PINs. Retrieved from https:\/\/signal.org\/blog\/signal-pins\/."},{"key":"e_1_3_3_68_2","unstructured":"Adrian M\u00f6nnich. 2010. Flask. Retrieved from https:\/\/palletsprojects.com\/p\/flask."},{"key":"e_1_3_3_69_2","first-page":"435","volume-title":"USENIX Security Symposium","author":"Motoyama Marti","year":"2010","unstructured":"Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. 2010. Re: CAPTCHAs-understanding CAPTCHA-solving services in an economic context. In USENIX Security Symposium. USENIX Association, 435\u2013462. Retrieved from http:\/\/www.usenix.org\/events\/sec10\/tech\/full_papers\/Motoyama.pdf."},{"key":"e_1_3_3_70_2","first-page":"142","volume-title":"Information Integration and Web-based Applications & Services","author":"Mueller Robin","year":"2014","unstructured":"Robin Mueller, Sebastian Schrittwieser, Peter Fr\u00fchwirt, Peter Kieseberg, and Edgar R. Weippl. 2014. What\u2019s new with WhatsApp & Co.? Revisiting the security of smartphone messaging applications. In Information Integration and Web-based Applications & Services. ACM, 142\u2013151."},{"key":"e_1_3_3_71_2","first-page":"617","volume-title":"CRYPTO","author":"Oechslin Philippe","year":"2003","unstructured":"Philippe Oechslin. 2003. Making a faster cryptanalytic time-memory trade-off. In CRYPTO. Springer, 617\u2013630."},{"key":"e_1_3_3_72_2","unstructured":"Official Journal of the European Union. 2016. Regulation (EU) 2016\/679 of the European Parliament and of the Council. Retrieved from https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32016R0679&from=EN."},{"key":"e_1_3_3_73_2","unstructured":"OpenMP. 2022. The OpenMP API Specification for Parallel Programming. Retrieved from https:\/\/www.openmp.org."},{"key":"e_1_3_3_74_2","unstructured":"OpenSSL Software Foundation. 2022. OpenSSL: Cryptography and SSL\/TLS Toolkit. Retrieved from https:\/\/www.openssl.org."},{"key":"e_1_3_3_75_2","unstructured":"Openwall. 2022. John the Ripper Password Cracker. Retrieved from https:\/\/www.openwall.com\/john\/."},{"key":"e_1_3_3_76_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-26954-8_13"},{"key":"e_1_3_3_77_2","first-page":"515","volume-title":"USENIX Security Symposium","author":"Pinkas Benny","year":"2015","unstructured":"Benny Pinkas, Thomas Schneider, Gil Segev, and Michael Zohner. 2015. Phasing: Private set intersection using permutation-based hashing. In USENIX Security Symposium. USENIX Association, 515\u2013530."},{"key":"e_1_3_3_78_2","first-page":"125","volume-title":"EUROCRYPT","author":"Pinkas Benny","year":"2018","unstructured":"Benny Pinkas, Thomas Schneider, Christian Weinert, and Udi Wieder. 2018. Efficient circuit-based PSI via Cuckoo hashing. In EUROCRYPT. Springer, 125\u2013157. Retrieved from https:\/\/ia.cr\/2018\/120."},{"key":"e_1_3_3_79_2","first-page":"797","volume-title":"USENIX Security Symposium","author":"Pinkas Benny","year":"2014","unstructured":"Benny Pinkas, Thomas Schneider, and Michael Zohner. 2014. Faster private set intersection based on OT extension. In USENIX Security Symposium. USENIX Association, 797\u2013812."},{"issue":"2","key":"e_1_3_3_80_2","first-page":"7:1\u20137:35","article-title":"Scalable private set intersection based on OT extension","volume":"21","author":"Pinkas Benny","year":"2018","unstructured":"Benny Pinkas, Thomas Schneider, and Michael Zohner. 2018. Scalable private set intersection based on OT extension. Trans. Priv. Secur. 21, 2 (2018), 7:1\u20137:35.","journal-title":"Trans. Priv. Secur."},{"key":"e_1_3_3_81_2","unstructured":"Sebin P. J. 2017. WhatsApp Crawler. Retrieved from https:\/\/gitlab.com\/jishnutp\/whatsapp-crawler."},{"key":"e_1_3_3_82_2","unstructured":"Jon Porter. 2020. Signal Becomes European Commission\u2019s Messaging App of Choice in Security Clampdown. Retrieved from https:\/\/www.theverge.com\/2020\/2\/24\/21150918\/european-commission-signal-encrypted-messaging."},{"key":"e_1_3_3_83_2","first-page":"81","volume-title":"USENIX Annual Technical Conference (ATC)","author":"Provos Niels","year":"1999","unstructured":"Niels Provos and David Mazi\u00e8res. 1999. A future-adaptable password scheme. In USENIX Annual Technical Conference (ATC). USENIX Association, 81\u201391."},{"key":"e_1_3_3_84_2","unstructured":"RainbowCrack Project. 2022. List of Rainbow Tables. Retrieved from http:\/\/project-rainbowcrack.com\/table.htm."},{"key":"e_1_3_3_85_2","unstructured":"RainbowCrack Project. 2022. RainbowCrack. Retrieved from http:\/\/project-rainbowcrack.com\/."},{"key":"e_1_3_3_86_2","volume-title":"Workshop on Usable Security (USEC)","author":"Rashidi Yasmeen","year":"2016","unstructured":"Yasmeen Rashidi, Kami Vaniea, and L. Jean Camp. 2016. Understanding saudis\u2019 privacy concerns when using WhatsApp. In Workshop on Usable Security (USEC). Internet Society."},{"key":"e_1_3_3_87_2","unstructured":"Salvatore Sanfilippo. 2022. Redis Commands - GET. Retrieved from https:\/\/redis.io\/commands\/get."},{"key":"e_1_3_3_88_2","unstructured":"Salvatore Sanfilippo. 2022. Redis Website. Retrieved from https:\/\/redis.io\/."},{"key":"e_1_3_3_89_2","volume-title":"Network & Distributed System Security Symposium (NDSS)","author":"Schrittwieser Sebastian","year":"2012","unstructured":"Sebastian Schrittwieser, Peter Fr\u00fchwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. 2012. Guess who\u2019s texting you? Evaluating the security of smartphone messaging applications. In Network & Distributed System Security Symposium (NDSS). Internet Society."},{"key":"e_1_3_3_90_2","unstructured":"Scattered Secrets. 2020. Bcrypt Password Cracking Extremely Slow? Not If You Are Using Hundreds of FPGAs! Retrieved from https:\/\/scatteredsecrets.medium.com\/bcrypt-password-cracking-extremely-slow-not-if-you-are-using-hundreds-of-fpgas-7ae42e3272f6."},{"key":"e_1_3_3_91_2","unstructured":"Security Research Group FAU Erlangen-N\u00fcrnberg. 2014. Online Status Monitor. Retrieved from https:\/\/onlinestatusmonitor.com\/."},{"key":"e_1_3_3_92_2","unstructured":"Signal. 2022. Signal Homepage. Retrieved from https:\/\/signal.org."},{"key":"e_1_3_3_93_2","unstructured":"Mehul Srivastava. 2019. WhatsApp Voice Calls Used to Inject Israeli Spyware on Phones. Retrieved from https:\/\/www.ft.com\/content\/4da1117e-756c-11e9-be7d-6d846537acab."},{"key":"e_1_3_3_94_2","unstructured":"Jens Steube and Gabriele Gristina. 2022. hashcat - World\u2019s Fastest and Most Advanced Password Recovery Utility. Retrieved from https:\/\/hashcat.net\/."},{"key":"e_1_3_3_95_2","unstructured":"Telegram. 2020. Telegram FAQ: How Secure is Telegram? Retrieved from https:\/\/telegram.org\/faq#q-how-secure-is-telegram."},{"key":"e_1_3_3_96_2","unstructured":"Telegram. 2022. TDLib: importedContacts Class Reference. Retrieved from https:\/\/core.telegram.org\/tdlib\/docs\/classtd_1_1td__api_1_1imported_contacts.html."},{"key":"e_1_3_3_97_2","unstructured":"Telegram. 2022. Telegram Database Library. Retrieved from https:\/\/core.telegram.org\/tdlib."},{"key":"e_1_3_3_98_2","unstructured":"Tom Slack. 2019. Is WhatsApp in Breach of the GDPR? A Lawyer\u2019s View. Retrieved from https:\/\/guild.co\/blog\/is-whatsapp-in-breach-of-the-gdpr-a-lawyers-view\/."},{"key":"e_1_3_3_99_2","first-page":"1327","volume-title":"USENIX Security Symposium","author":"Tu Huahong","year":"2019","unstructured":"Huahong Tu, Adam Doup\u00e9, Ziming Zhao, and Gail-Joon Ahn. 2019. Users really do answer telephone scams. In USENIX Security Symposium. USENIX Association, 1327\u20131340."},{"key":"e_1_3_3_100_2","unstructured":"William Turton. 2016. Why You Should Stop Using Telegram Right Now. Retrieved from https:\/\/gizmodo.com\/why-you-should-stop-using-telegram-right-now-1782557415."},{"key":"e_1_3_3_101_2","unstructured":"Lisa Vaas. 2019. Robocalls Now Flooding US Phones with 200m Calls per Day. Retrieved from https:\/\/nakedsecurity.sophos.com\/2019\/09\/17\/robocalls-now-flooding-us-phones-with-200m-calls-per-day\/."},{"key":"e_1_3_3_102_2","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1145\/2815400.2815417","volume-title":"Symposium on Operating Systems Principles (SOSP)","author":"Hooff Jelle van den","year":"2015","unstructured":"Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. 2015. Vuvuzela: Scalable private messaging resistant to traffic analysis. In Symposium on Operating Systems Principles (SOSP). ACM, 137\u2013152."},{"key":"e_1_3_3_103_2","unstructured":"WhatsApp LLC. 2022. About Contact Upload. Retrieved from https:\/\/faq.whatsapp.com\/general\/contacts\/about-contact-upload."},{"key":"e_1_3_3_104_2","unstructured":"WhatsApp LLC. 2022. WhatsApp Legal Info. Retrieved from https:\/\/www.whatsapp.com\/legal?eea=0#terms-of-service."},{"key":"e_1_3_3_105_2","first-page":"223","volume-title":"IEEE Symposium on Security and Privacy (S&P)","author":"Wondracek Gilbert","year":"2010","unstructured":"Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel. 2010. A practical attack to de-anonymize social network users. In IEEE Symposium on Security and Privacy (S&P). IEEE, 223\u2013238."},{"key":"e_1_3_3_106_2","unstructured":"WriteThat.Name. 2013. Your Address Book Automagically Updated. http:\/\/writethat.name\/."},{"key":"e_1_3_3_107_2","unstructured":"x0rz. 2018. A Look into Signal\u2019s Encrypted Profiles. Retrieved from https:\/\/blog.0day.rocks\/a-look-into-signals-encrypted-profiles-5491908186c1."},{"key":"e_1_3_3_108_2","unstructured":"Maria Xynou and Arturo Filast\u00f2. 2021. How Countries Attempt to Block Signal Private Messenger App around the World. Retrieved from https:\/\/ooni.org\/post\/2021-how-signal-private-messenger-blocked-around-the-world\/."},{"key":"e_1_3_3_109_2","unstructured":"Liliya Yapparova and Alexey Kovalev. 2019. Comrade Major. Retrieved from https:\/\/meduza.io\/en\/feature\/2019\/08\/11\/comrade-major."},{"key":"e_1_3_3_110_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243754"},{"key":"e_1_3_3_111_2","unstructured":"Maikel Zweerink. 2015. WhatsApp Privacy is Broken! Retrieved from https:\/\/maikel.pro\/blog\/en-whatsapp-privacy-options-are-illusions\/."},{"key":"e_1_3_3_112_2","unstructured":"Maikel Zweerink. 2015. WhatsApp Privacy Problem Explained in Detail. Retrieved from https:\/\/maikel.pro\/blog\/en-whatsapp-privacy-problem-explained-in-detail\/."},{"key":"e_1_3_3_113_2","unstructured":"Maikel Zweerink. 2016. PoC WhatsSpy Public Support Ending Today. Retrieved from https:\/\/maikel.pro\/blog\/whatsspy-public-support-ending-today."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3546191","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3546191","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:00:23Z","timestamp":1750186823000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3546191"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":112,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,2,28]]}},"alternative-id":["10.1145\/3546191"],"URL":"https:\/\/doi.org\/10.1145\/3546191","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2021-07-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-06-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}