From 42a456b5927bfb9c63de0136c009e0ea0d3bdbc1 Mon Sep 17 00:00:00 2001
From: Duke Leto <duke@noreply.git.hush.is>
Date: Fri, 21 Oct 2022 14:09:01 +0000
Subject: [PATCH] Update 'README.md'

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 64a9ba3..6c73589 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,12 @@ Glad you asked!! HushChat adds various layers of privacy on top of our "base" Hu
     * This means if your device is seized/liberated/stolen and your wallet.dat inserted in ChainAnalysis or similar blockchain analysis platform, your chats are encrypted blobs of useless information
   * HushChats cannot be truncated, removed, reordered, duplicated or modified without being detected
     * There are very strong encryption/decryption guarantees provided by libsodium secretstreams: https://doc.libsodium.org/secret-key_cryptography/secretstream
+
+## Signal Vulnerabilities
+
+https://restoreprivacy.com/timing-attacks-on-whatsapp-signal-threema-reveal-user-location/
+
+HushChat is not vulnerable to the above vulnerability because there are no delivery receipts in HushChat protocol. When Alice sends a message to Bob, she has no idea if or when it's ever delivered to Bob's wallet or if he reads it. This is a feature, not a bug.
  
 ## Where can I learn more?