A new zero-click deanonymization attack targets apps like Signal, Discord, and Twitter/X, exploiting push notifications and CDNs to reveal a user's location within 250 miles without interaction. By analyzing cached content from nearby data centers, attackers can pinpoint the user’s location. Signal and Discord have vulnerabilities, with Signal revealing location via message attachments and Discord through custom avatars. Despite patches, the attack persists, posing a significant privacy risk, especially for sensitive users. Developers and CDN providers must improve privacy protections, while users should disable push notifications and use VPNs.

‍