return to table of content

Apple Confirms Governments Using Push Notifications to Surveil Users

chatmasta
55 replies
3h5m

This, to me, is the more disturbing part of the article:

In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.

What is the point of transparency reports if they don't include major vectors of government surveillance?

IMO such gag orders shouldn't be legal when applied to dragnet surveillance. If you want to gag a company from notifying an individual they're being surveilled (with a warrant), then fine. But gagging a company from disclosing untargeted or semi-targeted surveillance, especially if it involves American citizens, seems like it should be unconstitutional on free speech grounds.

calvinmorrison
20 replies
2h37m

perhaps that democracy is not effective when the state organs are unelected bureacrats with guns

Clubber
8 replies
2h26m

I'm not sure why you're being downvoted. That's been a common charge against our vast unelected bureaucracy, most of whom hold qualified immunity. We're trillions of dollars in debt, maybe it's time to peel some of it back a little.

gowld
7 replies
2h13m

Downvotes are possibly because the unelected bureaucrats with guns are overseen by the elected Executive and Legislature.

Clubber
6 replies
1h54m

Are they though? How about the FDA getting most of its funding by the companies they are supposed to regulate? It's comforting to just trust that bureaucracies are doing what's good for the country, but also naive.

https://aspe.hhs.gov/sites/default/files/documents/e4a791060...

How about the NSA spying on congress?

https://www.theguardian.com/world/2014/jan/04/nsa-spying-ber...

How about the ATF making up laws?

https://nclalegal.org/2019/09/atf-admits-it-lacked-authority...

The only teeth congress has with these bureaucracies is the power of the purse.

JohnFen
4 replies
1h38m

The only teeth congress has with these bureaucracies is the power of the purse.

Not true. Congress can make laws defining what those agencies are and are not allowed to do.

Clubber
3 replies
1h34m

And if the agencies go outside the bounds of those laws like some currently do?

JohnFen
2 replies
1h21m

Then those who are victimized take it to court. If the agency committed an actual crime, then there's a path for that to be prosecuted as well.

It's certainly not a perfect system, but it's successfully done all the time.

Clubber
1 replies
57m

> The only teeth congress has with these bureaucracies is the power of the purse.

Not true. Congress can make laws defining what those agencies are and are not allowed to do.

And if the agencies go outside the bounds of those laws like some currently do?

Then those who are victimized take it to court.

Right, the court isn't congress. My point was the only teeth congress has in regards to the bureaucracies is the power of the purse.

successfully done all the time.

It depends on how you define successfully. I mean they employ people, is that good enough? Do you think they would be more or less effective with a 20% haircut? I don't really know, but members congress probably don't either. Plus, it's bad politics to cut jobs come election time, right? Seems like a perverse incentive for the people charged overseeing the bureaucracies.

patmorgan23
0 replies
8m

Congress can impeach the appointed officers that allowed those violations to happen.

Congress can create new criminal/civil remedies and then create an office tasked just with enforcing them.

frumper
0 replies
1h2m

Congress created these agencies, they can write laws that fundamentally change how they work, what they do, and what they focus on. They can even just disband these agencies. Congress has all of the power it needs. If they don't use it, maybe what you think should happen doesn't align with the majority of Congress.

briffle
6 replies
2h14m

Would you prefer elected bureacrats with guns? That scares me more.

Perhaps we just go with rock solid transparency laws...

wl
3 replies
1h59m

At least elected bureaucrats are theoretically accountable to the electorate. The gripe comes from things like the unelected bureaucrats at the US Department of Justice deciding that as part of implementing the Americans with Disabilities Act, there are only two limited and inadequate questions you can ask of someone with an apparently bogus service dog or else. That rule didn't come from the people who wrote the law.

kec
1 replies
1h19m

In practice that shouldn’t matter, as the law states that any service animal can be turned away so long as the business provides accommodation to the human (which is the point of the limited questions).

The fact this rarely happens is more due to people not actually knowing the law and typically wanting to avoid potential conflict.

gosub100
0 replies
32m

"people not knowing the law" can be a symptom of bureaucracy though. How many pages of law do you think exist to open a bagel shop or add a room to your house in SFO?

JohnFen
0 replies
1h39m

Those unelected bureaucrats play by the rules set by elected bureaucrats, though.

That rule didn't come from the people who wrote the law.

But lawmakers can write a law to address that.

calvinmorrison
1 replies
2h5m

It's a sad day when HN is defending the Patriot Act.

electrondood
0 replies
1h22m

It's more that your parent comment was disingenuous.

titzer
2 replies
2h10m

Nine times out of ten, the person saying this will turn around and complain about all the "political hacks" running things, referring to political appointees with no experience or background in the area of government they are tasked to run.

The term "unelected bureaucrats" applies to people like...I dunno, the director of the NIH and field office managers. Heck, even a police captain is an "unelected bureaucrat". Sheesh.

explaininjs
1 replies
1h59m

The director of the NIH is a prime example of a position the people should have direct control over. As is the police captain. Are you claiming otherwise? Have we really forgotten about 2020 so soon?

metabagel
0 replies
1h30m

People are already overwhelmed by having to vote for the superintendent of their sanitation district

mistrial9
0 replies
2h14m

history has shown that clumsy bureaucrats with slow erosion of rights is still superior to belligerents with guns in a mob

cultureswitch
16 replies
3h2m

Seems like a pretty open and shut case of unconstitutional restriction of speech in the US. Especially when you consider the wording of the Apple communication saying that they can talk about it openly now that it's public knowledge.

iAMkenough
10 replies
2h57m

Given the US has a 4th Amendment-free zone within 100 miles of all national borders in the name of national security, I expect the same justification and level of oversight here.

https://www.aclu.org/documents/constitution-100-mile-border-...

forward1
9 replies
2h14m

This is a common misconception. The 100 mile radius does not waive 4th Amendment protection. A reasonable suspicion of immigration law violation is still required to detain, search and ultimately arrest individuals. To wit: please name a single instance of someone having their rights abused by this so-called "zone".

lolinder
3 replies
2h0m

This article [0] lists several cases of warrantless searches, one of which was in Florida. Apparently that 100 mile radius isn't just from the Canadian border or the Mexican border, it's also 100 miles from any coast, which means that 2/3 of the population lives within that radius.

As far as "reasonable suspicion" goes, I'm increasingly unwilling to support the right of law enforcement to independently, without oversight, determine what is "reasonable".

[0] https://www.nationalreview.com/2018/02/border-patrol-warrant...

forward1
2 replies
1h53m

Where is the "warrantless search"?

[CBP officers] demanded proof of citizenship from the passengers

CBP officers boarded a bus in Bangor, Maine

None of those are searches, they are temporary detentions with strong legal basis and case law going back to Terry. To wit:

most people have no idea that they can refuse to be searched at a roadblock or bus boarding

Ignorance of the law != warrantless searches. Arm yourself with knowledge, just as the Founding Fathers intended.

lolinder
1 replies
1h30m

strong legal basis and case law going back to Terry

I frankly don't care what's legal or not at this point. The surveillance and police state has gotten out of control, and needs to be rolled back. If we constantly just accept past precedent as dictating our future, our rights will be chipped away one by one.

I don't want to live in a society where I can be stopped and asked for identification by law enforcement at any time. Most Americans don't, that's why we still don't have a proper national ID. I consider that to be a warrantless search regardless of what the law currently says.

Arm yourself with knowledge, just as the Founding Fathers intended.

I find that most people who pretend to speak for "the Founding Fathers" are extremely ignorant of the actual motivations of these people who lived 200 years ago. I won't pretend to speak for them, but I will note that I strongly suspect that the smugglers and tax evaders who signed the Declaration of Independence would probably not be in favor of the ever-growing police state we have today.

Regardless, what they wanted is immaterial—they set up this country for us, and presumably expected us to lead it after their deaths.

forward1
0 replies
1h13m

I frankly don't care what's legal or not at this point.

Oh, but you should - your freedom may depend on it.

police state has gotten out of control, and needs to be rolled back

Maybe, but this is the world we presently find ourselves living in, and we can either choose to become empowered with knowledge about it, or throw a hyperbolic tantrum and wish for the moon.

I don't want to live in a society where I can be stopped and asked for identification by law enforcement at any time.

You don't, at least not in the US. If you took more time to care about the laws you decry, you would know there is no such requirement, unless you have been suspected of a crime by a lawful sworn agent of the state. Which is a reasonable compromise in a society.

smugglers and tax evaders who signed the Declaration of Independence ... would probably not be in favor of the ever-growing police state we have today

I agree. Those individuals knew well what an unchecked government can do, and took many reasonable precautions to safeguard against such infringements and tyranny. They were of course imperfect in their implementation, but the principals they set forth (freedom of speech, defense, religion, &c.) formed a radically different society to anywhere else on the planet today. Which is why I'm always puzzled when people disregard their hard work to take some agency's word and propaganda at face value, rather than consulting the original tenets which founded this great country.

ddalex
2 replies
1h52m

Not sure why down voted. Even the quoted article states:

Border Patrol, nevertheless, cannot pull anyone over without “reasonable suspicion” of an immigration violation or crime (reasonable suspicion is more than just a “hunch”). Similarly, Border Patrol cannot search vehicles in the 100-mile zone without a warrant or “probable cause” (a reasonable belief, based on the circumstances, that an immigration violation or crime has likely occurred).
JohnFen
1 replies
1h45m

In practice, "reasonable suspicion" means "whenever they want."

forward1
0 replies
44m

The potential to abuse power is not a reason to disavow it.

a_wild_dandan
1 replies
1h29m

https://radiolab.org/podcast/border-trilogy-part-1

Poor school kiddos. :( Anyway, if you prefer text, click the transcript. I recommend listening though, if you have time!

forward1
0 replies
1h1m

The format of this podcast is insufferable, like listening to two befuddled people in a retirement home exchange "witty" banter.

I looked it up though. This was 30 years ago. The court issued Border Patrol an injunction and protected students from discimination. A perfect example of the legal system acting justly and prudently, which only supports my argument that unbridled searches within 100 miles of the border is hyperbole only.

alfiedotwtf
1 replies
1h57m
onionisafruit
0 replies
1h42m

I don’t think third-party doctrine applies to the gag order, but it is relevant to the surveillance being discussed in this post.

jjtheblunt
0 replies
1h40m

Free speech: are you saying it is guaranteed for companies?

indymike
0 replies
2h57m

Seems like a pretty open and shut case of unconstitutional restriction of speech

I wish it didn't cost a lot of money and years of your life to beat these over-reaches.

bryanrasmussen
0 replies
2h34m

How exactly do you bring suit on this matter?

Hey we would like to bring suit because the government says we can't talk about them doing X. Oh no, that would be talking about doing X!!

titzer
5 replies
2h14m

But gagging a company from disclosing untargeted or semi-targeted surveillance, especially if it involves American citizens, seems like it should be unconstitutional on free speech grounds.

I see you have not read the Patriot Act, an Orwellian double-speak of a title if there ever was one.

onlyrealcuzzo
2 replies
2h5m

Is it really that hard for the government to get a warrant for a suspected terrorist?

Is there any data on how often they're surveilling people without warrants vs with warrants?

This seems like important info to know.

wredue
0 replies
1h9m

Having data on illegal searches would require an insider leaking that information. Nobody has any semblance of a clue how much illegal data sniffing is happening, and it’s even more questionable since the USA and five eyes continues to degrade basic privacy.

But won’t someone think of the children!?

gleenn
0 replies
1h43m

You're missing the point, in this case they don't even need the warrant at all. And yes, it is because you would have to ask a judge for each and every person surveiled and then provide a reason. They wouldn't have any reason for the drag net and would be denied.

pc86
1 replies
1h57m

The first "paper" I ever wrote was an anti-USA PATRIOT Act paper for a scholarship competition in 2003 when I was 17 where I was awarded $1,000. Literally the only thing I remember is what the acronym USA PATRIOT stands for.

Uniting and Strengthening American by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.

It really is one of the best double-speak bill titles ever.

curation
0 replies
1h53m

cool!

sonicanatidae
3 replies
2h34m

What is the point of transparency reports if they don't include major vectors of government surveillance?

The feels.

criddell
2 replies
1h58m

It's more than that, IMHO.

I think companies publishing whatever they can is a good thing. We would be worse off if they took the attitude of if we can't publish everything we might as well publish nothing.

sonicanatidae
0 replies
44m

I'm infinitely more cynical about corporations. For me, it's always about what they can do to mitigate any and all possible blame, regardless of circumstance, context, and the world itself. Always.

JohnFen
0 replies
1h42m

Publishing whatever they can is a good thing.

But this is also a great reminder that there's a bunch of things they can't publish -- so "transparency reports" are of extremely limited value. Their greatest value is encouraging people to have a false sense of security.

jwnin
2 replies
43m

This is why warrant canaries can be useful in privacy policies, at least for smaller/startup companies. The apple/google/microsoft/amazon/metas of the world would have had to remove the canary long ago, though.

gosub100
0 replies
35m

and they're trivial to DDoS

forward1
0 replies
25m

No competent startup or small business would take on such a legal risk. And anyway, a sure conclusion can already be reached on the basis of reasoning about the complete and total lack of warrant canaries anywhere.

user3939382
1 replies
2h1m

If I’m not mistaken they’re called NSLs and the legality of them when challenged are reviewed by a secret court with secret laws that have secret interpretations of words. The whole thing as far as I can tell is an out of control nightmare and our corrupt congress doesn’t give a shit.

chatmasta
0 replies
1h20m

Actually quite a few members of congress do give a shit. Unfortunately they're the same members of congress maligned as MAGA extremists or whatever (in some cases that might be accurate, but it doesn't mean they're wrong about every political position they hold).

If you actually take a second to listen to Matt Gaetz, for example, you might be surprised to learn his (rather principled) positions are much closer to those of AOC than to President Orange, at least in some dimensions. He wants to require single-issue bills, and to completely eliminate FISA-702. Ironically, it seems like FISA will be reauthorized as part of an omnibus spending bill...

ChrisRR
0 replies
1h6m

This is why I never believe Apple's "We're super serious about your privacy!"

That is until a government asks them to do things behind the scenes.

AshamedCaptain
0 replies
2h30m

What is the point of transparency reports if they don't include major vectors of government surveillance?

How many times did those of us who knew all of this to be a farce warned about this?

xyst
17 replies
2h17m

Would be great to see an example of notification metadata that can supposedly link it to real users.

Seems like this is what is being implied:

Given:

- users with notifications enabled

- have X app installed

- targeted user(s) reside in USA

- targeted users(s) following “foo” on X app

When:

- issue FISA warrant for all smartphone users that received notifications in regards to “foo” user

Then:

- able to pull all Apple/Google accounts that match this criteria

- able to get real addresses and names

- can crosscheck names with other details to narrow down suspect

Or maybe it’s something even worse where notifications somehow leak location data

beretguy
9 replies
2h6m

So, don’t have Twitter account and/or app installed and you should be good?

fsflover
2 replies
1h50m

Also, no Signal.

bkallus
1 replies
1h31m

This isn't necessarily true. When you install the Signal app on an Android phone that doesn't have Google Play Services installed, it receives push notifications using its own notification daemon instead of using Google's. This, of course, has significant battery life costs.

jessehattabaugh
0 replies
1h13m

What about WebPush on Firefox? That uses Mozilla's servers right? At least on Android? Could the govt be doing the same to Mozilla?

zogrodea
1 replies
35m

I think your comment comes after reading this line:

- targeted users(s) following “foo” on X app

It seems "X app" means just any placeholder app (not the new Twitter rebrand), although I might be wrong.

beretguy
0 replies
14m

Correct. That’s why I will continue calling it Twitter, to avoid confusions like this.

xyst
1 replies
1h48m

no, need to get rid of your smartphone completely.

beretguy
0 replies
13m

Believe me, I wish I could.

uoaei
0 replies
2h2m

Protip: the harder a company pushes you to download their app, the more they have to gain from it. 99.999% of the time it's because they want access to as much of your data as they can sneak out of your device, usually for selling it.

One notable corollary is, the shittier the mobile browser webapp implementation is, the more they want to push people onto their app. See: Facebook, Twitter, Reddit, etc.

kome
0 replies
2h3m

no it's more like: don’t have a smartphone and you are good (perhaps).

onionisafruit
2 replies
2h10m

If they use IP to deliver notifications, then the gov can demand they hand over the IP address a notification was delivered to. From there, location isn’t hard.

xyst
1 replies
1h49m

IP geolocation isn’t exactly the most precise though. 600M+ IPs have a default location to some farm in Kansas [1]

[1] https://www.washingtonpost.com/news/morning-mix/wp/2016/08/1...

onionisafruit
0 replies
1h18m

I should have been more specific. Although they could use IP geolocation, they can also get data from the cell carrier that delivered the notification to that IP address.

So a gov finds that IP address 7.8.9.0 received one of these notifications at 12:34. They then see that 7.8.9.0 is one of ATT’s addresses. They go to ATT and learn that address was used by their customer onionisafruit at 12:34 and the device was 5ms away from tower A.

x86x87
1 replies
2h4m

Why bother with this whole process when you can get everything + store & index it yourself?

Who knows? Maybe you want to retroactively look at shit peopke received and decide on new crimes.

xyst
0 replies
1h43m

They already do this, I think;

https://en.m.wikipedia.org/wiki/Utah_Data_Center

But since PRISM was exposed ~10 years ago, they have had to resort to using FISA court to scrape data

\s

wahnfrieden
0 replies
1h8m

Build parallel networks for sections of society to operate and associate outside of what govt has their hands in or with technological guarantees of privacy and safety. I understand this is a tricky constraint to scale but it’s not impossible, current iterative solutions are at hand, and people have coordinated before around successfully building alternative societies in terms of communications, mutual aid, and safety provided to public regardless of family; these are a threat to gov and business though as they minimize people’s reliance on those institutions which is a kind of power money alone can have less control over (so they lean on violence historically - eg battle of blair mountain). I believe technology uniquely makes it possible to scale potential solutions because of how much it’s cheapened unit cost and labor cost thru automation and commodity and open src

staplers
0 replies
9m

Apple's own developer documentation outlines how notifications can trigger when crossing a physical boundary.

Apps notifications can trigger if you enter a "protest zone" for example then gov will know everyone who was there.

omginternets
17 replies
3h29m

I noted that Apple says the governments in question are allies of the United States. I wonder if this is a case of American intelligence outsourcing the surveillance of American citizens to foreign intelligence. If that is indeed the case, I’d expect a quid pro quo.

andsoitis
10 replies
2h56m

I wonder if this is a case of American intelligence outsourcing the surveillance of American citizens to foreign intelligence. If that is indeed the case, I’d expect a quid pro quo.

Yet it is the US government who revealed it: "In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet's (GOOGL.O) Google and Apple (AAPL.O). Although details were sparse, the letter lays out yet another path by which governments can track smartphones." - https://www.reuters.com/technology/cybersecurity/governments...

Terretta
8 replies
2h44m

Yet it is the US government who revealed it

Less "the government" and more "a member of government", the same member who has revealed and demanded accountability when discovering domestic government overreach.

We should choose our congress critters carefully.

calvinmorrison
2 replies
2h35m

Congress has so little power its becoming a vestigial organ. Only there to placate the masses who believe their vote makes any impact.

dylan604
1 replies
2h24m

This is some wacko BS. Congress has tons of power which can impact your daily lives. If you think it doesn't have that power, you're just not well read on the subject. If you think modern day politics of us vs them divisiveness gives the impression that they cannot do any thing is a dangerous interpretation. It's also a bit sophomoric of an interpretation as well.

agloe_dreams
0 replies
2h3m

Congress very much has too much power. If it was a fighting game character, it would be the overpowered character people would want banned.

Repeatedly Congress has shown that it's checks and balances have more power than others. If Congress picks the supreme court and there are multiple ways for a massed power to keep it's power then nobody else has any real power. The US system is actually rather poorly designed in that form.

andsoitis
1 replies
2h39m

Indeed. But government is also a process and in this case I think it is fair to say that the process is leading to good outcomes (transparency, accountability).

AlexandrB
0 replies
1h14m

It doesn't seem like enough. The PATRIOT act has been on the books for 20+ years now and we only rarely get a peek at what it's being used for. James Clapper (in)famously lied to Congress[1] and still got to keep his job, so I'm not sure about accountability either.

[1] https://en.wikipedia.org/wiki/James_Clapper#Testimony_to_Con...

trinsic2
0 replies
1h15m

I think people put way to much trust it political institutions, at least at the scale of national, which are, for the most part, only really used to protect a certain classes of people, the people who run it.

The problem with corruption is scale, when you have too large of an institution, it's easier to hide intent. I don't see how you can police that by voting when so much of what goes on is not easily seen.

For every persons that gets voted in to do the right thing, there are 4 others who are doing the wrong thing.

sonicanatidae
0 replies
2h32m

We should choose our congress critters carefully.

Agreed 100% and sadly, quite rare. I'm not going to start naming names, because that would devolve this into a political conversation about the parties. That isn't this. I suspect most people know who the criminals are. Now to see if they care.

seanmcdirmid
0 replies
2h11m

It is a testament to our checks and balances, which, while far from perfect, are useful in preventing somewhat one branch from getting too much power.

sharma-arjun
0 replies
1h28m

Wyden is far removed from the part of the government which engages in surveillance. He's the same person who was questioning James Clapper in Congress about mass surveillance before the Snowden leaks [1].

[1] youtube.com/watch?v=QwiUVUJmGjs

iamshs
2 replies
3h4m

"democracies allied to the United States." - includes India too.

smoldesu
1 replies
3h0m

Maybe so, but it seems clear that the surveillance goes both ways: https://www.usnews.com/news/world/articles/2023-09-23/us-dip...

iamshs
0 replies
2h4m

Except that India is not spying on US Government but its own Apple/Google users.

mdhen
0 replies
3h21m

Yep sounds like five eyes.

knallfrosch
0 replies
2h4m

That's how they circumvent the ban on domestic spying. The US spies on Australians* and the Australians spy on US citizens, then they exchange the data. Easy.

*And/or other Five Eyes members.

delfinom
0 replies
3h21m
nvahalik
14 replies
3h33m

Are the contents of push notifications not encrypted? Or are we talking about payloads rather than transport?

angio
11 replies
3h28m

They mention metadata in the article. Imagine sending a message to a Signal account at time X, then asking Apple a list of all users that received a Signal notification at that specific time.

tantalor
7 replies
2h35m

That doesn't make sense. I would expect Signal notifications to happen completely out-of-band with "normal" push notifications (e.g. NYT news alert). Otherwise that completely defeats the purpose of the service. Basically you're saying Apple/Google are MITM'ing Signal.

seanw265
3 replies
2h12m

I'm not so familiar with Signal, but could you explain why you would expect Signal notifications to happen out-of-band with normal push notifications?

Assuming Signal sends push notifications of some sort, as most messaging services do, that would make them vulnerable to the metadata-level attacks described in this thread.

What kind of "out-of-band" are you thinking of that would mitigate this issue?

tantalor
1 replies
34m

Why: because otherwise the service, which is supposed to be private, is no longer private.

I dunno how it would work, maybe something like a third-party push? Why does everything have to be channeled through central service? A service like Signal could operate its own push channel.

satchlj
0 replies
13m

Notice how SimpleX (https://simplex.chat/) has no push notifications by default because of this issue.

dz0ny
0 replies
1h18m

Not using APN I assume, but then you are not allowed(or rather won't pass the review) to publish the app in the App Store.

dylan604
1 replies
1h39m

no, that's not basically it. MITM to me means being able to read the data by placing yourself in the encrypted chain. that's not how push notifications work. they don't need to know the contents of the message

satchlj
0 replies
11m

The notification is separate from the message. It absolutely is MITM, just for the notifications, which are messages themselves with real content (you have received a message from so-and-so).

K0nserv
0 replies
1h25m

This is just how push notifications work on iOS and Android. The app requests a push token from the operating system, sends that to its backend and stores it against the user's identity. To send a push a message is sent from the backend to a push service maintained by Apple or Google, who then deliver the push to the phone in question. In the case of Signal, their backend cannot access the message content, so the notification does not contain this, i.e. it's not MITM.

On iOS in particular background modes are finicky and you cannot generally have an continuously poll notifications in the background. Further, if every app did this battery drain would be significant.

anthonyskipper
1 replies
3h20m

This ^. approach and modified forms of it can bu used to track lots of things, and have be done so for decades by some goverment agencies. You can use a method like this even if people are using encryption and lot of anonymous tunnels. You simply shape the traffic and watch where the shape of that traffic stops. Can track people realtime across almost any link, including things like Tor, etc.

withinboredom
0 replies
2h4m

I had to anonymize some data while still keeping some details. You could imagine individual trees that needed to be put into groups of similar trees so individual details were lost.

Anyway, these "trees" were effectively user behavior across all our products. I was shocked that simply knowing *when* (to within a second or two) a person did two or more things, you could narrow it down to *one single person* out of hundreds of millions.

Klonoar
0 replies
15m

Unless I’m mistaken - and I might be or it may have changed - Signal notifications on iOS just tell the app “hey, something happened, call the service and check for updates”.

I.e, the push notification itself contains little to nothing in terms of data/metadata.

You can also of course decrypt a notification by shipping an extension to do so, and maybe Signal does - it’s been awhile since I poked around it. I’d just be surprised if the Signal team didn’t analyze the issue to death and find the gaps.

acdha
1 replies
2h55m

Others have mentioned the timing attacks but also payloads are not encrypted unless the app developers remember to build that. This linked essay discusses both threats:

https://blog.davidlibeau.fr/push-notifications-are-a-privacy...

TremendousJudge
0 replies
1h4m

Thank you I was wondering about that. A couple of days ago I heard somebody mention that push notifications go through the backend and that it was a huge privacy issue, and I just couldn't believe that messaging apps that are "encrypted" would go through all that work just to then send the unencrypted message to Google's servers

paulirotta
13 replies
3h26m

Metadata in this case apparently means Apple and Google are helping find “this real user connected to that real user at this time”. So governments may or may not be able to decrypt a push message payload, or data delivered because of that payload.

omginternets
10 replies
3h10m

An interesting point in Glenn Greenwald’s book is that metadata is often more informative than the “real” data.

Consider:

1. A phone call in which Mrs. Smith talks to a receptionist to set an appointment with a doctor for 9:30 next Wednesday.

Vs.

2. Knowing that Mrs. Smith called an abortion clinic.

#2 seems like a bigger violation of privacy. Metadata is the real data.

withinboredom
3 replies
2h11m

God forbid if you are just going on a date with someone who works at an abortion clinic.

omginternets
1 replies
49m

Yeah, false positives are a doozy, and I don't see many guardrails in place to prevent the intelligence community from acting upon them :/

flandish
0 replies
29m

doozy

They’re not just a “doozy” they’re downright fascist authoritarian. Even the positive positives are infringements.

c0pium
0 replies
2h3m

Or applying for a job, or surveying local businesses for a story, or transposed the numbers, or…

It can simultaneously be true that metadata contains less information than real data and that metadata is still dangerous. But when one is known for breathless hyperbole, should we be surprised when that’s what we get?

r3d0c
3 replies
2h36m

how will actual data not be more informative? you can easily infer what the appointment was because the phone call will mention the name of the doctor or office and you can look that up plus all the details they discuss

you'd still have to look up who the doctor they called is from the metadata; it's still info but absolutely not more informative than the real data

so this line of thought makes no sense, and glenn greenwald should be looked at very skeptically in general, he sounds smart but when you look at his logic closer it breaks down

omginternets
2 replies
1h13m

you can easily infer what the appointment was because the phone call will mention the name of the doctor or office and you can look that up plus all the details they discuss

You're assuming these things are mentioned. "Hi, I'd like to book/confirm an appointment with Dr. Jones." doesn't leak information about "abortion".

Yes, these things obviously depend on what information is transmitted. The point, however, is that metadata more reliably transmits sensitive information than does "the data".

r3d0c
1 replies
23m

You're assuming these things are mentioned. "Hi, I'd like to book/confirm an appointment with Dr. Jones." doesn't leak information about "abortion".

yes it does.. just look up who dr jones is; is the metadata going to say "this lady is getting an abortion" ?

omginternets
0 replies
17m

I think you're nit-picking and failing to address the broader point.

1. The conversation may or may not contain information pertaining to an abortion.

2. The metadata (namely: "it's an abortion clinic") inherently contains such information.

The point is that metadata is usually the more interesting data.

gosub100
0 replies
25m

This is tangential to a comment I read (probably on HN) perhaps a decade ago, when scandals were being reported that laptop webcams could (surprise!) be activated remotely and people/kids being spied on (I think the article was a school-issued laptop disciplining a child from evidence gathered by the webcam at the child's home).

Someone pointed out that, while being watched is creepy, the real damning information on people actually comes from being listened to.

cultureswitch
0 replies
3h4m

Exactly. Metadata is how you go from pwning the phone of one dissenter to learning about their whole group.

tadfisher
0 replies
3h16m

FCM messages are not encrypted end-to-end, that's up to the app backend/client to do themselves.

achairapart
0 replies
29m

They already "kill people" based on metadata alone, at least since 2014.[0]

[0]: https://www.nybooks.com/online/2014/05/10/we-kill-people-bas...

heywoodlh
7 replies
1h15m

One question I have as someone who tries to maintain (some) data sovereignty: is there any way as an end-user to circumvent/mitigate this kind of surveillance — aside from abandoning iOS and Android completely?

yohannparis
1 replies
41m

Disable notifications on all applications you do not want to be tracked via metadata.

forward1
0 replies
32m

Absolutely and confidently incorrect. Local notification settings have no bearing on this metadata, which is generated, collected and stored with your consent by using Apple/Google app stores.

sneak
1 replies
1h12m

On iOS, all notifications must go via the centralized APNS, but on non-Google Android (eg Graphene) it is possible to run the device with the Google FCM stuff blocked off. Some apps will break, but stuff that runs in the background for polling or does non-Google notifications will continue to work.

CharlesW
0 replies
59m

The Reuters article says that the government is getting this data from Apple and Google, which means it doesn't matter if your phone displays or even receives the notifications, no?

jeroenhd
1 replies
1h0m

Google-free Android will allow you (force you) to use alternative push servers. That could be your own server (using something like Unified Push) or querying your apps' servers directly. This comes at the cost of battery life, sometimes significantly so, but it does decentralise the notification system.

Of course, your data will still be in the hands of app vendors unless you choose your apps wisely.

You should also block analytics on the network level (using firewall apps or alternative means) because these days developers like to send analytics events for every button pressed, all associated with your phone's unique identifier. If the government can use push notifications for tracking, imagine the tracking they can do through Firebase Analytics or one of its many data hoarding alternatives.

forward1
0 replies
37m

Parent is asking about government surveillance.

You're suggesting a deviation from the norm (99.99% of users) by installing a custom operating system (which they will now also be on the hook to secure and update regularly) by developers with nothing to lose.

This will greatly increase scrutiny on you, or colloquially speaking definitely put you on a watch list, the opposite of what is allegedly desired. Rather, accept the plain fact electronic communications are subject to government surveillance and adjust your threat model accordingly. Don't try to fight the bear with a flyswatter.

sowbug
0 replies
8m

Read at least the summary of James Scott's Seeing Like a State (https://en.wikipedia.org/wiki/Seeing_Like_a_State) and let the concept of legibility percolate for a bit.

Governments view legibility of their constituencies as a feature, not a bug. They want to be able to query the population like a database in order to manage it better. This is exactly like a product manager at a tech company who wants to know whether a certain feature is being used, and asks for more instrumentation in the next release of the product if needed. Over time the product (the population) becomes better and better instrumented.

Of course, the other side of the coin of better legibility is worse privacy. Their feature is your bug.

Are there ways to circumvent or mitigate what's happening? For you, personally, sure. You can turn on all the buried options, add VPNs, proxies, additional profiles/accounts, etc. And for a while it will work.

But you're defeating legibility by doing that, so you're fighting against a very strong opposing force. Over time, the bugs that reduce legibility coverage will be fixed. The options will go away, VPNs will be banned or at least instrumented well enough to nullify their utility, COPPA and porn age-verification laws will extend to make multiple or anonymous identities impractical, and so on. And the few of us who do manage to go online fully anonymously might as well be wearing a "CRIMINAL" hat, because the public will have been trained that only bad actors want privacy, but not to worry if they themselves have nothing to hide.

You can see this already happening with financial transactions. Try to conduct a significant low-legibility transaction (in other words, buy something big with cash). Your bank will ask why you want to withdraw $20,000. Cops might seize the cash, legally and without probable cause, while you're driving to the seller. And when the seller deposits the cash, the bank might file a SAR. This is all working as designed. You're being punished for adding friction to legibility.

Even on HN, where you think people would be ahead of the curve, the PR campaign against financial privacy and censorship resistance is winning. Mention The Digital Currency That Shall Not Be Named, and suddenly the Four Horsemen of the Infocalypse are in control. Why HNers are pro-VPN but anti-Bitcoin, when both stand for privacy and censorship resistance at the price of reduced legibility, is beyond me.

The battle to fight is not just protecting your own privacy. It's protecting your right to protect your privacy without being ipso facto declared a criminal for doing so. Turn on all the options, hold Bitcoin, use VPNs, pay with cash, delete cookies, etc. But above all, be an ordinary, conscientious, law-abiding citizen. Be average. Be unremarkable. Privacy should be the default. Not unsavory, not for those with something to hide. Just the default.

TheRealDunkirk
7 replies
51m

It's crazy to me that so much effort is being expended pretending that companies and the government are doing anything in the name of privacy, when we have all the proof by Assange and Snowden that they're doing realtime surveillance of ALL communications, 24x7 -- no matter what any laws say -- and we don't even talk about it any more. What's the point of any of this? All we can do is assume that our every position, purchase, and electronic communication is being tracked and saved, and act accordingly. The Constitution no longer matters, and there's no one coming to save us.

Nifty3929
4 replies
46m

I think where we go wrong is to allow the conversation to revolve around what evil corporations are doing with our information, rather than what the evil government is doing with it. I believe the risk to our freedom is much greater from the latter. Of course governments can extract the information from corporations that have it, but let's keep the spotlight on the government itself, and use THAT as a reason to give corps less information about us.

Corporations showing me better-targeted ads is the least of my troubles.

mitchitized
1 replies
10m

Wouldn't the exact opposite focus have a better effect? Going after the "evil corporations" would mean nobody was collecting the data in the first place, which would also take away the "evil government" as they have nobody to buy that data from.

Right now they just write fat checks to Google, Apple, Amazon and the telcos and badda bing, badda boom it's done.

JoshTriplett
0 replies
4m

A government can (in some cases) force a company to collect information they otherwise wouldn't have. The reverse is not true. So I do think the bigger danger here is the legal framework that not only permits this but keeps it secret, rather than the mere fact of information collection.

wharvle
0 replies
10m

Of course governments can extract the information from corporations that have it, but let's keep the spotlight on the government itself, and use THAT as a reason to give corps less information about us.

Yep. Treating the two as distinct makes no sense. Corporate dragnet surveillance collecting forever-datasets isn't meaningfully different from the government doing the same thing, directly. People who fear government power ought to support outlawing corporate collection of the same types of things they don't want government collecting.

Granted that's relying on the government to prevent corporations from doing things in order to limit... the government (and, incidentally and IMO beneficially, also the corporations themselves). However, that's the only effective mechanism we've got—and the basis of all the other mechanisms we have available, ultimately, short of violence and strikes and such—and I think it's implausible that, even assuming a great deal of bad-faith behavior, such a move wouldn't significantly curb this activity.

tbrockman
0 replies
21m

“Better-targeted advertisements” is not the most nefarious way this information is used. That’s just one of the selling points to entice advertisers. It’s also been used extensively to determine content that you will find the most engaging, regardless of whether it’s to your benefit or not, so that ad-driven marketplaces may harvest and sell your attention.

If you have any contemporary examples of the way the government has used the same information, in a way that’s been more widely destructive, I would be curious to know more.

rootusrootus
1 replies
20m

I don't think many people actually care much about privacy. There are a few, and they're loud. But look at what matters in politics -- both major political tribes in the US are only interested in privacy and protection from the government as it relates to their own interest, but they are perfectly happy to use that power against their perceived opponents.

unyttigfjelltol
0 replies
4m

Thirty years ago, one perceived element of moral superiority in the West was revelations of the extensive internal surveillance in places like East Germany and own-spying. There used to be news items and documentaries mocking this behavior and intimating how backward and uncouth those governments were to stoop to furiously wiretapping irrelevant private conversations.

So, whether the world has changed enough to justify it, people still do care and when adequately informed about some magistrate furiously eavesdropping on private matters, people universally recognize this is antisocial bizarre conduct.

loughnane
6 replies
1h4m

I know Pinephone isn't ready for daily use from all the threads here, but I just ordered one to get some stick time with it. Getting real tired of having to fight my phone to keep my data mine.

I just want the equivalent of debian, but on mobile. I understand I'll have to give up a bunch of apps, but honestly I think its worth it. As soon as its possible I'd like off this ride.

fsflover
2 replies
58m

Alternatively, consider Librem 5, which is more stable, since its software is developed by a dedicated team.

Klonoar
1 replies
28m

Librem needs to do something PR-wise to fix the reputation they developed regarding massive product/delivery delays.

They exist in the frustrating spot of “I want to like them, but I can’t trust the purchase based off of everyone I know who tried getting burned, so now I’ll just look at a Pinephone because it’s easier”.

fsflover
0 replies
9m

I don't understand how delays of preorders are relevant today, when the devices are available within 10 working days.

yonatan8070
1 replies
56m

Does Waydroid work well on mobile Linux GUIs like Phosh and Plasma Mobile? If it does it could be real handy to sandbox some Android apps you need for work or whatever while still using a proper Linux base

fsflover
0 replies
54m

Generally, it depends on the app. Mostly works fine for me. More info: https://source.puri.sm/Librem5/community-wiki/-/wikis/Softwa...

uoaei
0 replies
48m

I'm sure you did your research. I'm writing for other readers who are interested.

There are a few alternatives, more can be found but this is a selection of the most prominent offerings.

/e/OS: https://e.foundation/e-os/

GrapheneOS: https://grapheneos.org/

LineageOS: https://lineageos.org/

CalyxOS: https://calyxos.org/

PostmarketOS (based on Alpine Linux rather than Android, and what's used in Pinephones): https://postmarketos.org/ (for some reason the site is currently down)

eddyg
3 replies
3h29m
Rastonbury
2 replies
3h22m

This is apple's response/acknowledgement to the senator's revelation, unless Reuters updated the article

lapcat
1 replies
3h7m

"In a statement given to Reuters, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications."

masto
0 replies
2h17m

Just as an aside on metadata, I find it really frustrating that I can't just read the statement. There's a MacRumors article about a Reuters article about something Apple told them. I went to the Reuters article, but it still only contains one quote pulled from "a statement". I don't imagine Apple sent a major news organization an on-the-record statement with the restriction that they were only allowed to paraphrase it.

gowld
2 replies
2h7m

It's fascinating that about half hese comments appear to be from younger people unfamiliar with "USA PATRIOT" Act gag orders, FISA, Five Eyes, Least Untruthful Response and related controversies that were big in the news 10-20 years ago.

Amusingly and sadly, the law was called PATRIOT as a normal "give a bad law a Good name", but over time "patriot" has become synonym for "traitor" in common use.

instagib
0 replies
1h13m

There’s probably some you’ve missed but yeah, I like the “they can’t do this because of * “ comments.

Reminds me of the Eufy issue where they said everything was encrypted except for push notification images.

Hard to pick the most appropriate Orwellian quote. "All tyrannies rule through fraud and force, but once the fraud is exposed they must rely exclusively on force." ~ George Orwell

hindsightbias
0 replies
54m

Why would it be unusual for a generation that’s been under surveillance since they were in the incubator to not hold quaint and obsolete views of privacy?

If we held a poll, what percentage of privacy-loving HN parents don’t have tracking on their kids phone? 5%? 10%?

FooBarBizBazz
2 replies
2h17m

A paranoid part of me has wondered if some of the text/phone spam we all receive is actually used to stimulate cellphones for tracking purposes.

If you have deeper access to the OS, then fingerprint unlock or FaceID also seem important for positive identification prior to, for example, a Predator strike.

knallfrosch
0 replies
1h58m

I don't think so. I'm German and receive the spam, even though I can be tracked using SMS messages that aren't shown on the display at all.

https://en.wikipedia.org/wiki/SMS#Silent_SMS

Plus, you can always ask the carriers to which tower(s) a phone is connected and simply triangulate from there, without sending any (user) data to the phone.

forward1
0 replies
2h11m

"We Kill People Based on Metadata"

- Michael Hayden

AndrewKemendo
2 replies
2h44m

This is yet another example of: If the data can be collected it will be used by governments

You can slow this down by making data explicitly built to be impossible to read in transit (eg e2e) and then deleting or never saving it, but the fact that data flows through multiple stops means each transition is an opportunity for third party observation

This is deterministic and is built into the structure of data production transport and consumption. This is part of the infrastructure and cannot be extricated

forward1
0 replies
1h59m

E2E does not solve the problem outlined here: surveillance of metadata at a global panopticon scale.

dhx
0 replies
1h1m

See [1] for an overview of "state of the art" metadata-protecting communications protocols. There has been much research into this problem over decades and the effectiveness of such protocols very much depends on real world use cases and practicalities. For example, protocols may require 100 seconds to send a message to ensure adequate mixing, and then may be limited to always-transmitting-24/7 endpoints consuming much power, and then also requiring participants in the network to trust each other not to mount a denial of service attack.

[1] SoK: Metadata-Protecting Communication Systems, Sajin Sasy and Ian Goldberg, Cryptology ePrint Archive, Paper 2023/313, https://eprint.iacr.org/2023/313.pdf

loughnane
1 replies
1h0m

It'd be cool if Signal and other privacy-focused apps added an option to delay push notifications. That would obfuscate the connection between two accounts.

Its a band-aid, but its something.

tbihl
0 replies
49m

once upon a time, I had an app that limited network connection for the whole phone to 30 minute refreshes. It was a pretty cool trick.

jodrellblank
1 replies
29m

""In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.""

When they were building the CSAM detector: "what if the government asks you to extend the detection to include other media such as political meme images?" "we would refuse".

rootusrootus
0 replies
18m

Being prohibited from disclosure does not in any way refute their promise to refuse. It would make it hard to prove one way or the other, but that is not the same problem.

alberth
1 replies
21m

I'm probably naive, but what insights could a government gleam from Push Notifications?

And why aren't push notifications E2EE?

rootusrootus
0 replies
14m

I'm probably naive, but what insights could a government gleam from Push Notifications?

Looking at my own phone right now, it just got a push notification that my wife has arrived at home. That could be useful if you wanted to track my wife.

And why aren't push notifications E2EE?

That's a great question. And I hope the answer is "we're on it, they will be E2EE in the next release."

Trias11
1 replies
1h22m

> Reuters' source would not identify which governments were making the data requests but described them as "democracies allied to the United States."

It feels so liberating to be spied upon by "democracies allied to the United States." vs. others.

LOL.

InCityDreams
0 replies
1h19m

Now you know how the rest of us [abroad in the world] feel regarding the US.

forward1
0 replies
2h8m

Why do they need to confirm an already known fact: FAANG platforms are built to spy on users? We've known about this fact for at least a decade since the Snowden revelations.

Nothing has materially changed since then, technically, politically, legally, or even culturally. Yet people still believe for-profit corporations have their best interests in mind, thanks to clever marketing and groupthink, clutching to "encrypted apps" and empty "we value your privacy" double-speak: neither will defend you.

There is no privacy on proprietary closed source platforms - it is simply infeasible; it is trying to squeeze blood from a stone. I know this truth will likely trigger and upset people with their $1,000+ iPhones, MacBooks and other iToys, and this sunk cost fallacy is really pathetic to witness in grown adults.

eggy
0 replies
2h54m

Given a lot of journalists and activists use encrypted communications to be able to do their job without being unduly or unjustly persecuted (yes, the bad guys use them too!), and 12 US State Attorney Generals just signed a letter and delivered it to the major news agencies (NYT, CNN, Reuters, AP, etc.) that warns of any "support to terrorist organizations" and specifically points out Hamas, but is not very clear on what "support" or "business relationship" means (sending a camera to do a report where the press is not allowed due to Israel's complete control of the media - echoes of US journalist access during the Iraq War), and puts them on notice. Nothing is safe from Big Brother, anywhere, any country.

alfiedotwtf
0 replies
1h58m
Ruthalas
0 replies
26m

UnifiedPush[0] seems like a great alternative to notifications passing through Apple/Google's hands, and I wish it was implemented in more apps.

[0] https://unifiedpush.org/

AlexandrB
0 replies
1h19m

Must be interesting to work on the teams responsible for compliance at Apple/Google. Would talking to someone about these kinds of orders qualify as treason under US law?