1. Attacker sends novel image to Signal
2. Signal hosts the image on their core servers
3. Signal instructs victim to fetch preview of the image
4. Victim asks the CDN for the image
5. CDN gets the image from Signal core servers and caches it
6. Victim gets the image from the CDN and displays the preview normally
7. Attacker hits every one of the CDN cache servers
8. The CDN cache server that say "yep, saw that already" is the one closest to the victim
This is assuming the data center is directly requesting the source server which it might be given a few searches on Google [1].
[1] https://community.cloudflare.com/t/cloudflare-is-forwarding-...
1. Attacker sends novel image to Signal
2. Signal hosts the image on their core servers
3. Signal instructs victim to fetch preview of the image
4. Victim asks the CDN for the image
5. CDN gets the image from Signal core servers and caches it
6. Victim gets the image from the CDN and displays the preview normally
7. Attacker hits every one of the CDN cache servers
8. The CDN cache server that say "yep, saw that already" is the one closest to the victim