By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Joshua Lund, writing for the Signal blog back in 2017:
In order to hide your search term from GIPHY, the Signal service acts as a privacy-preserving proxy. When querying GIPHY:
The Signal app opens a TCP connection to the Signal service.
The Signal service opens a TCP connection to the GIPHY HTTPS API endpoint and relays bytes between the app and GIPHY.
The Signal app negotiates TLS through the proxied TCP connection all the way to the GIPHY HTTPS API endpoint.
Since communication is done via TLS all the way to GIPHY, the Signal service never sees the plaintext contents of what is transmitted or received. Since the TCP connection is proxied through the Signal service, GIPHY doesn’t know who issued the request.
The Signal service essentially acts as a VPN for GIPHY traffic: the Signal service knows who you are, but not what you’re searching for or selecting. The GIPHY API service sees the search term, but not who you are.
I believe this is basically how Apple’s Giphy search in Messages on iOS (through the built-in “#images” app) works. But if anyone knows for sure, let me know.
★ Monday, 18 May 2020