> Can't one find out someone's IP just as easily by making them make a request to a URL controlled by an attacker?
Unless you can find another flaw in Signal, that'd likely be a 1-click attack, which is less valuable than the 0-click attack demonstrated by the author.
Unless you can find another flaw in Signal, that'd likely be a 1-click attack, which is less valuable than the 0-click attack demonstrated by the author.