Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:


By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

Ubuntu 18.04 install python3 with pip and pyenv - for multiple python versions
# install dependencies
sudo apt install -y make build-essential \
python3 python-pip libpq-dev python3-dev libssl-dev zlib1g-dev \
libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev \
libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python-openssl
# pyenv for installing different python versions
git clone ~/.pyenv
# export pyenv path for python environments
## custom commands
nuke = if [ -d ./node_modules ]; then rm -rf ./node_modules; else echo "Skipping ... No node_modules/"; fi
report =
GENERATE_SOURCEMAP=true yarn build
.gitconfig aliases
# One letter alias for our most frequent commands.
# Guidelines: these aliases do not use options, because we want
# these aliases to be easy to compose and use in many ways.
a = add
ec2 vbd and NVMe udev rules and helpers
# ensure any xen virtual block devices named xvdN get a sdN symlink for consistency
KERNEL=="xvd*", PROGRAM="/sbin/ec2udev-vbd %k", SYMLINK+="%c"
# Keyspace Name
keyspace: keyspace_to_load_test
# The CQL for creating a keyspace (optional if it already exists)
keyspace_definition: |
CREATE KEYSPACE keyspace_to_load_test with replication = {'class': 'SimpleStrategy', 'replication_factor' : '3'}
# Table name
table: table_to_load_test
Ansible example which shows how to reach nested variable with dynamic elements
# Example which shows how to reach nested ansible variable which is partially different.
# Run that plabook with ansible-playbook -e "env=test" ansible-nested-variable.yml
- hosts: localhost
connection : ssh
gather_facts: no
vpc_production_cidr_block: ""
An example of a complex, multi-host Salt Orchestrate state that performs status checks as it goes
# /srv/salt/upgrade_the_app.sls
# Example of a complex, multi-host Orchestration state that performs status checks as it goes.
# Note, this is untested and is meant to serve as an example.
# Run via: salt-run state.orch upgrade_the_app pillar='{nodes: [nodeA, nodeB], version: 123}'
{% set nodes = salt.pillar.get('nodes', []) %}
{% set all_grains = salt.saltutil.runner('cache.grains',
tgt=','.join(nodes), tgt_type='list') %}
{# Default version if not given at the CLI. #}
Update an existing AWS Launch Configuration to use a new AMI image
s3 replicated bucket with terraform
# Create all variables used in this Terraform run
variable "aws_access_key" {}
variable "aws_access_secret_key" {}
variable "aws_bucket_name" {}
variable "aws_region_main" {
default = "eu-west-1"
variable "aws_region_replica" {
default = "eu-central-1"