Apple Confirms Governments Using Push Notifications to Surveil Users

This, to me, is the more disturbing part of the article:

In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.

What is the point of transparency reports if they don't include major vectors of government surveillance?

IMO such gag orders shouldn't be legal when applied to dragnet surveillance. If you want to gag a company from notifying an individual they're being surveilled (with a warrant), then fine. But gagging a company from disclosing untargeted or semi-targeted surveillance, especially if it involves American citizens, seems like it should be unconstitutional on free speech grounds.

perhaps that democracy is not effective when the state organs are unelected bureacrats with guns

I'm not sure why you're being downvoted. That's been a common charge against our vast unelected bureaucracy, most of whom hold qualified immunity. We're trillions of dollars in debt, maybe it's time to peel some of it back a little.

Downvotes are possibly because the unelected bureaucrats with guns are overseen by the elected Executive and Legislature.

Are they though? How about the FDA getting most of its funding by the companies they are supposed to regulate? It's comforting to just trust that bureaucracies are doing what's good for the country, but also naive.

https://aspe.hhs.gov/sites/default/files/documents/e4a791060...

How about the NSA spying on congress?

https://www.theguardian.com/world/2014/jan/04/nsa-spying-ber...

How about the ATF making up laws?

https://nclalegal.org/2019/09/atf-admits-it-lacked-authority...

The only teeth congress has with these bureaucracies is the power of the purse.

The only teeth congress has with these bureaucracies is the power of the purse.

Not true. Congress can make laws defining what those agencies are and are not allowed to do.

And if the agencies go outside the bounds of those laws like some currently do?

Then those who are victimized take it to court. If the agency committed an actual crime, then there's a path for that to be prosecuted as well.

It's certainly not a perfect system, but it's successfully done all the time.

> The only teeth congress has with these bureaucracies is the power of the purse.

Not true. Congress can make laws defining what those agencies are and are not allowed to do.

And if the agencies go outside the bounds of those laws like some currently do?

Then those who are victimized take it to court.

Right, the court isn't congress. My point was the only teeth congress has in regards to the bureaucracies is the power of the purse.

successfully done all the time.

It depends on how you define successfully. I mean they employ people, is that good enough? Do you think they would be more or less effective with a 20% haircut? I don't really know, but members congress probably don't either. Plus, it's bad politics to cut jobs come election time, right? Seems like a perverse incentive for the people charged overseeing the bureaucracies.

Congress can impeach the appointed officers that allowed those violations to happen.

Congress can create new criminal/civil remedies and then create an office tasked just with enforcing them.

Congress created these agencies, they can write laws that fundamentally change how they work, what they do, and what they focus on. They can even just disband these agencies. Congress has all of the power it needs. If they don't use it, maybe what you think should happen doesn't align with the majority of Congress.

Would you prefer elected bureacrats with guns? That scares me more.

Perhaps we just go with rock solid transparency laws...

At least elected bureaucrats are theoretically accountable to the electorate. The gripe comes from things like the unelected bureaucrats at the US Department of Justice deciding that as part of implementing the Americans with Disabilities Act, there are only two limited and inadequate questions you can ask of someone with an apparently bogus service dog or else. That rule didn't come from the people who wrote the law.

In practice that shouldn’t matter, as the law states that any service animal can be turned away so long as the business provides accommodation to the human (which is the point of the limited questions).

The fact this rarely happens is more due to people not actually knowing the law and typically wanting to avoid potential conflict.

"people not knowing the law" can be a symptom of bureaucracy though. How many pages of law do you think exist to open a bagel shop or add a room to your house in SFO?

Those unelected bureaucrats play by the rules set by elected bureaucrats, though.

That rule didn't come from the people who wrote the law.

But lawmakers can write a law to address that.

It's a sad day when HN is defending the Patriot Act.

It's more that your parent comment was disingenuous.

Nine times out of ten, the person saying this will turn around and complain about all the "political hacks" running things, referring to political appointees with no experience or background in the area of government they are tasked to run.

The term "unelected bureaucrats" applies to people like...I dunno, the director of the NIH and field office managers. Heck, even a police captain is an "unelected bureaucrat". Sheesh.

The director of the NIH is a prime example of a position the people should have direct control over. As is the police captain. Are you claiming otherwise? Have we really forgotten about 2020 so soon?

People are already overwhelmed by having to vote for the superintendent of their sanitation district

history has shown that clumsy bureaucrats with slow erosion of rights is still superior to belligerents with guns in a mob

Seems like a pretty open and shut case of unconstitutional restriction of speech in the US. Especially when you consider the wording of the Apple communication saying that they can talk about it openly now that it's public knowledge.

Given the US has a 4th Amendment-free zone within 100 miles of all national borders in the name of national security, I expect the same justification and level of oversight here.

https://www.aclu.org/documents/constitution-100-mile-border-...

This is a common misconception. The 100 mile radius does not waive 4th Amendment protection. A reasonable suspicion of immigration law violation is still required to detain, search and ultimately arrest individuals. To wit: please name a single instance of someone having their rights abused by this so-called "zone".

This article [0] lists several cases of warrantless searches, one of which was in Florida. Apparently that 100 mile radius isn't just from the Canadian border or the Mexican border, it's also 100 miles from any coast, which means that 2/3 of the population lives within that radius.

As far as "reasonable suspicion" goes, I'm increasingly unwilling to support the right of law enforcement to independently, without oversight, determine what is "reasonable".

[0] https://www.nationalreview.com/2018/02/border-patrol-warrant...

Where is the "warrantless search"?

[CBP officers] demanded proof of citizenship from the passengers

CBP officers boarded a bus in Bangor, Maine

None of those are searches, they are temporary detentions with strong legal basis and case law going back to Terry. To wit:

most people have no idea that they can refuse to be searched at a roadblock or bus boarding

Ignorance of the law != warrantless searches. Arm yourself with knowledge, just as the Founding Fathers intended.

strong legal basis and case law going back to Terry

I frankly don't care what's legal or not at this point. The surveillance and police state has gotten out of control, and needs to be rolled back. If we constantly just accept past precedent as dictating our future, our rights will be chipped away one by one.

I don't want to live in a society where I can be stopped and asked for identification by law enforcement at any time. Most Americans don't, that's why we still don't have a proper national ID. I consider that to be a warrantless search regardless of what the law currently says.

Arm yourself with knowledge, just as the Founding Fathers intended.

I find that most people who pretend to speak for "the Founding Fathers" are extremely ignorant of the actual motivations of these people who lived 200 years ago. I won't pretend to speak for them, but I will note that I strongly suspect that the smugglers and tax evaders who signed the Declaration of Independence would probably not be in favor of the ever-growing police state we have today.

Regardless, what they wanted is immaterial—they set up this country for us, and presumably expected us to lead it after their deaths.

I frankly don't care what's legal or not at this point.

Oh, but you should - your freedom may depend on it.

police state has gotten out of control, and needs to be rolled back

Maybe, but this is the world we presently find ourselves living in, and we can either choose to become empowered with knowledge about it, or throw a hyperbolic tantrum and wish for the moon.

I don't want to live in a society where I can be stopped and asked for identification by law enforcement at any time.

You don't, at least not in the US. If you took more time to care about the laws you decry, you would know there is no such requirement, unless you have been suspected of a crime by a lawful sworn agent of the state. Which is a reasonable compromise in a society.

smugglers and tax evaders who signed the Declaration of Independence ... would probably not be in favor of the ever-growing police state we have today

I agree. Those individuals knew well what an unchecked government can do, and took many reasonable precautions to safeguard against such infringements and tyranny. They were of course imperfect in their implementation, but the principals they set forth (freedom of speech, defense, religion, &c.) formed a radically different society to anywhere else on the planet today. Which is why I'm always puzzled when people disregard their hard work to take some agency's word and propaganda at face value, rather than consulting the original tenets which founded this great country.

Not sure why down voted. Even the quoted article states:

Border Patrol, nevertheless, cannot pull anyone over without “reasonable suspicion” of an immigration violation or crime (reasonable suspicion is more than just a “hunch”). Similarly, Border Patrol cannot search vehicles in the 100-mile zone without a warrant or “probable cause” (a reasonable belief, based on the circumstances, that an immigration violation or crime has likely occurred).

In practice, "reasonable suspicion" means "whenever they want."

The potential to abuse power is not a reason to disavow it.

https://radiolab.org/podcast/border-trilogy-part-1

Poor school kiddos. :( Anyway, if you prefer text, click the transcript. I recommend listening though, if you have time!

The format of this podcast is insufferable, like listening to two befuddled people in a retirement home exchange "witty" banter.

I looked it up though. This was 30 years ago. The court issued Border Patrol an injunction and protected students from discimination. A perfect example of the legal system acting justly and prudently, which only supports my argument that unbridled searches within 100 miles of the border is hyperbole only.

https://en.m.wikipedia.org/wiki/Third-party_doctrine

I don’t think third-party doctrine applies to the gag order, but it is relevant to the surveillance being discussed in this post.

Free speech: are you saying it is guaranteed for companies?

Seems like a pretty open and shut case of unconstitutional restriction of speech

I wish it didn't cost a lot of money and years of your life to beat these over-reaches.

How exactly do you bring suit on this matter?

Hey we would like to bring suit because the government says we can't talk about them doing X. Oh no, that would be talking about doing X!!

But gagging a company from disclosing untargeted or semi-targeted surveillance, especially if it involves American citizens, seems like it should be unconstitutional on free speech grounds.

I see you have not read the Patriot Act, an Orwellian double-speak of a title if there ever was one.

Is it really that hard for the government to get a warrant for a suspected terrorist?

Is there any data on how often they're surveilling people without warrants vs with warrants?

This seems like important info to know.

Having data on illegal searches would require an insider leaking that information. Nobody has any semblance of a clue how much illegal data sniffing is happening, and it’s even more questionable since the USA and five eyes continues to degrade basic privacy.

But won’t someone think of the children!?

You're missing the point, in this case they don't even need the warrant at all. And yes, it is because you would have to ask a judge for each and every person surveiled and then provide a reason. They wouldn't have any reason for the drag net and would be denied.

The first "paper" I ever wrote was an anti-USA PATRIOT Act paper for a scholarship competition in 2003 when I was 17 where I was awarded $1,000. Literally the only thing I remember is what the acronym USA PATRIOT stands for.

Uniting and Strengthening American by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.

It really is one of the best double-speak bill titles ever.

cool!

What is the point of transparency reports if they don't include major vectors of government surveillance?

The feels.

It's more than that, IMHO.

I think companies publishing whatever they can is a good thing. We would be worse off if they took the attitude of if we can't publish everything we might as well publish nothing.

I'm infinitely more cynical about corporations. For me, it's always about what they can do to mitigate any and all possible blame, regardless of circumstance, context, and the world itself. Always.

Publishing whatever they can is a good thing.

But this is also a great reminder that there's a bunch of things they can't publish -- so "transparency reports" are of extremely limited value. Their greatest value is encouraging people to have a false sense of security.

This is why warrant canaries can be useful in privacy policies, at least for smaller/startup companies. The apple/google/microsoft/amazon/metas of the world would have had to remove the canary long ago, though.

and they're trivial to DDoS

No competent startup or small business would take on such a legal risk. And anyway, a sure conclusion can already be reached on the basis of reasoning about the complete and total lack of warrant canaries anywhere.

If I’m not mistaken they’re called NSLs and the legality of them when challenged are reviewed by a secret court with secret laws that have secret interpretations of words. The whole thing as far as I can tell is an out of control nightmare and our corrupt congress doesn’t give a shit.

Actually quite a few members of congress do give a shit. Unfortunately they're the same members of congress maligned as MAGA extremists or whatever (in some cases that might be accurate, but it doesn't mean they're wrong about every political position they hold).

If you actually take a second to listen to Matt Gaetz, for example, you might be surprised to learn his (rather principled) positions are much closer to those of AOC than to President Orange, at least in some dimensions. He wants to require single-issue bills, and to completely eliminate FISA-702. Ironically, it seems like FISA will be reauthorized as part of an omnibus spending bill...

This is why I never believe Apple's "We're super serious about your privacy!"

That is until a government asks them to do things behind the scenes.

What is the point of transparency reports if they don't include major vectors of government surveillance?

How many times did those of us who knew all of this to be a farce warned about this?

Would be great to see an example of notification metadata that can supposedly link it to real users.

Seems like this is what is being implied:

Given:

- users with notifications enabled

- have X app installed

- targeted user(s) reside in USA

- targeted users(s) following “foo” on X app

When:

- issue FISA warrant for all smartphone users that received notifications in regards to “foo” user

Then:

- able to pull all Apple/Google accounts that match this criteria

- able to get real addresses and names

- can crosscheck names with other details to narrow down suspect

Or maybe it’s something even worse where notifications somehow leak location data

So, don’t have Twitter account and/or app installed and you should be good?

Also, no Signal.

This isn't necessarily true. When you install the Signal app on an Android phone that doesn't have Google Play Services installed, it receives push notifications using its own notification daemon instead of using Google's. This, of course, has significant battery life costs.

What about WebPush on Firefox? That uses Mozilla's servers right? At least on Android? Could the govt be doing the same to Mozilla?

I think your comment comes after reading this line:

- targeted users(s) following “foo” on X app

It seems "X app" means just any placeholder app (not the new Twitter rebrand), although I might be wrong.

Correct. That’s why I will continue calling it Twitter, to avoid confusions like this.

no, need to get rid of your smartphone completely.

Believe me, I wish I could.

Protip: the harder a company pushes you to download their app, the more they have to gain from it. 99.999% of the time it's because they want access to as much of your data as they can sneak out of your device, usually for selling it.

One notable corollary is, the shittier the mobile browser webapp implementation is, the more they want to push people onto their app. See: Facebook, Twitter, Reddit, etc.

no it's more like: don’t have a smartphone and you are good (perhaps).

If they use IP to deliver notifications, then the gov can demand they hand over the IP address a notification was delivered to. From there, location isn’t hard.

IP geolocation isn’t exactly the most precise though. 600M+ IPs have a default location to some farm in Kansas [1]

[1] https://www.washingtonpost.com/news/morning-mix/wp/2016/08/1...

I should have been more specific. Although they could use IP geolocation, they can also get data from the cell carrier that delivered the notification to that IP address.

So a gov finds that IP address 7.8.9.0 received one of these notifications at 12:34. They then see that 7.8.9.0 is one of ATT’s addresses. They go to ATT and learn that address was used by their customer onionisafruit at 12:34 and the device was 5ms away from tower A.

Why bother with this whole process when you can get everything + store & index it yourself?

Who knows? Maybe you want to retroactively look at shit peopke received and decide on new crimes.

They already do this, I think;

https://en.m.wikipedia.org/wiki/Utah_Data_Center

But since PRISM was exposed ~10 years ago, they have had to resort to using FISA court to scrape data

Build parallel networks for sections of society to operate and associate outside of what govt has their hands in or with technological guarantees of privacy and safety. I understand this is a tricky constraint to scale but it’s not impossible, current iterative solutions are at hand, and people have coordinated before around successfully building alternative societies in terms of communications, mutual aid, and safety provided to public regardless of family; these are a threat to gov and business though as they minimize people’s reliance on those institutions which is a kind of power money alone can have less control over (so they lean on violence historically - eg battle of blair mountain). I believe technology uniquely makes it possible to scale potential solutions because of how much it’s cheapened unit cost and labor cost thru automation and commodity and open src

Apple's own developer documentation outlines how notifications can trigger when crossing a physical boundary.

Apps notifications can trigger if you enter a "protest zone" for example then gov will know everyone who was there.

I noted that Apple says the governments in question are allies of the United States. I wonder if this is a case of American intelligence outsourcing the surveillance of American citizens to foreign intelligence. If that is indeed the case, I’d expect a quid pro quo.

I wonder if this is a case of American intelligence outsourcing the surveillance of American citizens to foreign intelligence. If that is indeed the case, I’d expect a quid pro quo.

Yet it is the US government who revealed it: "In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet's (GOOGL.O) Google and Apple (AAPL.O). Although details were sparse, the letter lays out yet another path by which governments can track smartphones." - https://www.reuters.com/technology/cybersecurity/governments...

Yet it is the US government who revealed it

Less "the government" and more "a member of government", the same member who has revealed and demanded accountability when discovering domestic government overreach.

We should choose our congress critters carefully.

Congress has so little power its becoming a vestigial organ. Only there to placate the masses who believe their vote makes any impact.

This is some wacko BS. Congress has tons of power which can impact your daily lives. If you think it doesn't have that power, you're just not well read on the subject. If you think modern day politics of us vs them divisiveness gives the impression that they cannot do any thing is a dangerous interpretation. It's also a bit sophomoric of an interpretation as well.

Congress very much has too much power. If it was a fighting game character, it would be the overpowered character people would want banned.

Repeatedly Congress has shown that it's checks and balances have more power than others. If Congress picks the supreme court and there are multiple ways for a massed power to keep it's power then nobody else has any real power. The US system is actually rather poorly designed in that form.

Indeed. But government is also a process and in this case I think it is fair to say that the process is leading to good outcomes (transparency, accountability).

It doesn't seem like enough. The PATRIOT act has been on the books for 20+ years now and we only rarely get a peek at what it's being used for. James Clapper (in)famously lied to Congress[1] and still got to keep his job, so I'm not sure about accountability either.

[1] https://en.wikipedia.org/wiki/James_Clapper#Testimony_to_Con...

I think people put way to much trust it political institutions, at least at the scale of national, which are, for the most part, only really used to protect a certain classes of people, the people who run it.

The problem with corruption is scale, when you have too large of an institution, it's easier to hide intent. I don't see how you can police that by voting when so much of what goes on is not easily seen.

For every persons that gets voted in to do the right thing, there are 4 others who are doing the wrong thing.

We should choose our congress critters carefully.

Agreed 100% and sadly, quite rare. I'm not going to start naming names, because that would devolve this into a political conversation about the parties. That isn't this. I suspect most people know who the criminals are. Now to see if they care.

It is a testament to our checks and balances, which, while far from perfect, are useful in preventing somewhat one branch from getting too much power.

Wyden is far removed from the part of the government which engages in surveillance. He's the same person who was questioning James Clapper in Congress about mass surveillance before the Snowden leaks [1].

[1] youtube.com/watch?v=QwiUVUJmGjs

"democracies allied to the United States." - includes India too.

Maybe so, but it seems clear that the surveillance goes both ways: https://www.usnews.com/news/world/articles/2023-09-23/us-dip...

Except that India is not spying on US Government but its own Apple/Google users.

Yep sounds like five eyes.

That's how they circumvent the ban on domestic spying. The US spies on Australians* and the Australians spy on US citizens, then they exchange the data. Easy.

*And/or other Five Eyes members.

Five Eyes.

https://en.wikipedia.org/wiki/Five_Eyes

Are the contents of push notifications not encrypted? Or are we talking about payloads rather than transport?

They mention metadata in the article. Imagine sending a message to a Signal account at time X, then asking Apple a list of all users that received a Signal notification at that specific time.

That doesn't make sense. I would expect Signal notifications to happen completely out-of-band with "normal" push notifications (e.g. NYT news alert). Otherwise that completely defeats the purpose of the service. Basically you're saying Apple/Google are MITM'ing Signal.

I'm not so familiar with Signal, but could you explain why you would expect Signal notifications to happen out-of-band with normal push notifications?

Assuming Signal sends push notifications of some sort, as most messaging services do, that would make them vulnerable to the metadata-level attacks described in this thread.

What kind of "out-of-band" are you thinking of that would mitigate this issue?

Why: because otherwise the service, which is supposed to be private, is no longer private.

I dunno how it would work, maybe something like a third-party push? Why does everything have to be channeled through central service? A service like Signal could operate its own push channel.

Notice how SimpleX (https://simplex.chat/) has no push notifications by default because of this issue.

Not using APN I assume, but then you are not allowed(or rather won't pass the review) to publish the app in the App Store.

no, that's not basically it. MITM to me means being able to read the data by placing yourself in the encrypted chain. that's not how push notifications work. they don't need to know the contents of the message

The notification is separate from the message. It absolutely is MITM, just for the notifications, which are messages themselves with real content (you have received a message from so-and-so).

This is just how push notifications work on iOS and Android. The app requests a push token from the operating system, sends that to its backend and stores it against the user's identity. To send a push a message is sent from the backend to a push service maintained by Apple or Google, who then deliver the push to the phone in question. In the case of Signal, their backend cannot access the message content, so the notification does not contain this, i.e. it's not MITM.

On iOS in particular background modes are finicky and you cannot generally have an continuously poll notifications in the background. Further, if every app did this battery drain would be significant.

This ^. approach and modified forms of it can bu used to track lots of things, and have be done so for decades by some goverment agencies. You can use a method like this even if people are using encryption and lot of anonymous tunnels. You simply shape the traffic and watch where the shape of that traffic stops. Can track people realtime across almost any link, including things like Tor, etc.

I had to anonymize some data while still keeping some details. You could imagine individual trees that needed to be put into groups of similar trees so individual details were lost.

Anyway, these "trees" were effectively user behavior across all our products. I was shocked that simply knowing *when* (to within a second or two) a person did two or more things, you could narrow it down to *one single person* out of hundreds of millions.

Unless I’m mistaken - and I might be or it may have changed - Signal notifications on iOS just tell the app “hey, something happened, call the service and check for updates”.

I.e, the push notification itself contains little to nothing in terms of data/metadata.

You can also of course decrypt a notification by shipping an extension to do so, and maybe Signal does - it’s been awhile since I poked around it. I’d just be surprised if the Signal team didn’t analyze the issue to death and find the gaps.

Others have mentioned the timing attacks but also payloads are not encrypted unless the app developers remember to build that. This linked essay discusses both threats:

https://blog.davidlibeau.fr/push-notifications-are-a-privacy...

Thank you I was wondering about that. A couple of days ago I heard somebody mention that push notifications go through the backend and that it was a huge privacy issue, and I just couldn't believe that messaging apps that are "encrypted" would go through all that work just to then send the unencrypted message to Google's servers

Metadata in this case apparently means Apple and Google are helping find “this real user connected to that real user at this time”. So governments may or may not be able to decrypt a push message payload, or data delivered because of that payload.

An interesting point in Glenn Greenwald’s book is that metadata is often more informative than the “real” data.

Consider:

1. A phone call in which Mrs. Smith talks to a receptionist to set an appointment with a doctor for 9:30 next Wednesday.

Vs.

2. Knowing that Mrs. Smith called an abortion clinic.

#2 seems like a bigger violation of privacy. Metadata is the real data.

God forbid if you are just going on a date with someone who works at an abortion clinic.

Yeah, false positives are a doozy, and I don't see many guardrails in place to prevent the intelligence community from acting upon them :/

doozy

They’re not just a “doozy” they’re downright fascist authoritarian. Even the positive positives are infringements.

Or applying for a job, or surveying local businesses for a story, or transposed the numbers, or…

It can simultaneously be true that metadata contains less information than real data and that metadata is still dangerous. But when one is known for breathless hyperbole, should we be surprised when that’s what we get?

how will actual data not be more informative? you can easily infer what the appointment was because the phone call will mention the name of the doctor or office and you can look that up plus all the details they discuss

you'd still have to look up who the doctor they called is from the metadata; it's still info but absolutely not more informative than the real data

so this line of thought makes no sense, and glenn greenwald should be looked at very skeptically in general, he sounds smart but when you look at his logic closer it breaks down

you can easily infer what the appointment was because the phone call will mention the name of the doctor or office and you can look that up plus all the details they discuss

You're assuming these things are mentioned. "Hi, I'd like to book/confirm an appointment with Dr. Jones." doesn't leak information about "abortion".

Yes, these things obviously depend on what information is transmitted. The point, however, is that metadata more reliably transmits sensitive information than does "the data".

You're assuming these things are mentioned. "Hi, I'd like to book/confirm an appointment with Dr. Jones." doesn't leak information about "abortion".

yes it does.. just look up who dr jones is; is the metadata going to say "this lady is getting an abortion" ?

I think you're nit-picking and failing to address the broader point.

1. The conversation may or may not contain information pertaining to an abortion.

2. The metadata (namely: "it's an abortion clinic") inherently contains such information.

The point is that metadata is usually the more interesting data.

This is tangential to a comment I read (probably on HN) perhaps a decade ago, when scandals were being reported that laptop webcams could (surprise!) be activated remotely and people/kids being spied on (I think the article was a school-issued laptop disciplining a child from evidence gathered by the webcam at the child's home).

Someone pointed out that, while being watched is creepy, the real damning information on people actually comes from being listened to.

Exactly. Metadata is how you go from pwning the phone of one dissenter to learning about their whole group.

FCM messages are not encrypted end-to-end, that's up to the app backend/client to do themselves.

They already "kill people" based on metadata alone, at least since 2014.[0]

[0]: https://www.nybooks.com/online/2014/05/10/we-kill-people-bas...

One question I have as someone who tries to maintain (some) data sovereignty: is there any way as an end-user to circumvent/mitigate this kind of surveillance — aside from abandoning iOS and Android completely?

Disable notifications on all applications you do not want to be tracked via metadata.

Absolutely and confidently incorrect. Local notification settings have no bearing on this metadata, which is generated, collected and stored with your consent by using Apple/Google app stores.

On iOS, all notifications must go via the centralized APNS, but on non-Google Android (eg Graphene) it is possible to run the device with the Google FCM stuff blocked off. Some apps will break, but stuff that runs in the background for polling or does non-Google notifications will continue to work.

The Reuters article says that the government is getting this data from Apple and Google, which means it doesn't matter if your phone displays or even receives the notifications, no?

Google-free Android will allow you (force you) to use alternative push servers. That could be your own server (using something like Unified Push) or querying your apps' servers directly. This comes at the cost of battery life, sometimes significantly so, but it does decentralise the notification system.

Of course, your data will still be in the hands of app vendors unless you choose your apps wisely.

You should also block analytics on the network level (using firewall apps or alternative means) because these days developers like to send analytics events for every button pressed, all associated with your phone's unique identifier. If the government can use push notifications for tracking, imagine the tracking they can do through Firebase Analytics or one of its many data hoarding alternatives.

Parent is asking about government surveillance.

You're suggesting a deviation from the norm (99.99% of users) by installing a custom operating system (which they will now also be on the hook to secure and update regularly) by developers with nothing to lose.

This will greatly increase scrutiny on you, or colloquially speaking definitely put you on a watch list, the opposite of what is allegedly desired. Rather, accept the plain fact electronic communications are subject to government surveillance and adjust your threat model accordingly. Don't try to fight the bear with a flyswatter.

Read at least the summary of James Scott's Seeing Like a State (https://en.wikipedia.org/wiki/Seeing_Like_a_State) and let the concept of legibility percolate for a bit.

Governments view legibility of their constituencies as a feature, not a bug. They want to be able to query the population like a database in order to manage it better. This is exactly like a product manager at a tech company who wants to know whether a certain feature is being used, and asks for more instrumentation in the next release of the product if needed. Over time the product (the population) becomes better and better instrumented.

Of course, the other side of the coin of better legibility is worse privacy. Their feature is your bug.

Are there ways to circumvent or mitigate what's happening? For you, personally, sure. You can turn on all the buried options, add VPNs, proxies, additional profiles/accounts, etc. And for a while it will work.

But you're defeating legibility by doing that, so you're fighting against a very strong opposing force. Over time, the bugs that reduce legibility coverage will be fixed. The options will go away, VPNs will be banned or at least instrumented well enough to nullify their utility, COPPA and porn age-verification laws will extend to make multiple or anonymous identities impractical, and so on. And the few of us who do manage to go online fully anonymously might as well be wearing a "CRIMINAL" hat, because the public will have been trained that only bad actors want privacy, but not to worry if they themselves have nothing to hide.

You can see this already happening with financial transactions. Try to conduct a significant low-legibility transaction (in other words, buy something big with cash). Your bank will ask why you want to withdraw $20,000. Cops might seize the cash, legally and without probable cause, while you're driving to the seller. And when the seller deposits the cash, the bank might file a SAR. This is all working as designed. You're being punished for adding friction to legibility.

Even on HN, where you think people would be ahead of the curve, the PR campaign against financial privacy and censorship resistance is winning. Mention The Digital Currency That Shall Not Be Named, and suddenly the Four Horsemen of the Infocalypse are in control. Why HNers are pro-VPN but anti-Bitcoin, when both stand for privacy and censorship resistance at the price of reduced legibility, is beyond me.

The battle to fight is not just protecting your own privacy. It's protecting your right to protect your privacy without being ipso facto declared a criminal for doing so. Turn on all the options, hold Bitcoin, use VPNs, pay with cash, delete cookies, etc. But above all, be an ordinary, conscientious, law-abiding citizen. Be average. Be unremarkable. Privacy should be the default. Not unsavory, not for those with something to hide. Just the default.

It's crazy to me that so much effort is being expended pretending that companies and the government are doing anything in the name of privacy, when we have all the proof by Assange and Snowden that they're doing realtime surveillance of ALL communications, 24x7 -- no matter what any laws say -- and we don't even talk about it any more. What's the point of any of this? All we can do is assume that our every position, purchase, and electronic communication is being tracked and saved, and act accordingly. The Constitution no longer matters, and there's no one coming to save us.

I think where we go wrong is to allow the conversation to revolve around what evil corporations are doing with our information, rather than what the evil government is doing with it. I believe the risk to our freedom is much greater from the latter. Of course governments can extract the information from corporations that have it, but let's keep the spotlight on the government itself, and use THAT as a reason to give corps less information about us.

Corporations showing me better-targeted ads is the least of my troubles.

Wouldn't the exact opposite focus have a better effect? Going after the "evil corporations" would mean nobody was collecting the data in the first place, which would also take away the "evil government" as they have nobody to buy that data from.

Right now they just write fat checks to Google, Apple, Amazon and the telcos and badda bing, badda boom it's done.

A government can (in some cases) force a company to collect information they otherwise wouldn't have. The reverse is not true. So I do think the bigger danger here is the legal framework that not only permits this but keeps it secret, rather than the mere fact of information collection.

Of course governments can extract the information from corporations that have it, but let's keep the spotlight on the government itself, and use THAT as a reason to give corps less information about us.

Yep. Treating the two as distinct makes no sense. Corporate dragnet surveillance collecting forever-datasets isn't meaningfully different from the government doing the same thing, directly. People who fear government power ought to support outlawing corporate collection of the same types of things they don't want government collecting.

Granted that's relying on the government to prevent corporations from doing things in order to limit... the government (and, incidentally and IMO beneficially, also the corporations themselves). However, that's the only effective mechanism we've got—and the basis of all the other mechanisms we have available, ultimately, short of violence and strikes and such—and I think it's implausible that, even assuming a great deal of bad-faith behavior, such a move wouldn't significantly curb this activity.

“Better-targeted advertisements” is not the most nefarious way this information is used. That’s just one of the selling points to entice advertisers. It’s also been used extensively to determine content that you will find the most engaging, regardless of whether it’s to your benefit or not, so that ad-driven marketplaces may harvest and sell your attention.

If you have any contemporary examples of the way the government has used the same information, in a way that’s been more widely destructive, I would be curious to know more.

I don't think many people actually care much about privacy. There are a few, and they're loud. But look at what matters in politics -- both major political tribes in the US are only interested in privacy and protection from the government as it relates to their own interest, but they are perfectly happy to use that power against their perceived opponents.

Thirty years ago, one perceived element of moral superiority in the West was revelations of the extensive internal surveillance in places like East Germany and own-spying. There used to be news items and documentaries mocking this behavior and intimating how backward and uncouth those governments were to stoop to furiously wiretapping irrelevant private conversations.

So, whether the world has changed enough to justify it, people still do care and when adequately informed about some magistrate furiously eavesdropping on private matters, people universally recognize this is antisocial bizarre conduct.

I know Pinephone isn't ready for daily use from all the threads here, but I just ordered one to get some stick time with it. Getting real tired of having to fight my phone to keep my data mine.

I just want the equivalent of debian, but on mobile. I understand I'll have to give up a bunch of apps, but honestly I think its worth it. As soon as its possible I'd like off this ride.

Alternatively, consider Librem 5, which is more stable, since its software is developed by a dedicated team.

Librem needs to do something PR-wise to fix the reputation they developed regarding massive product/delivery delays.

They exist in the frustrating spot of “I want to like them, but I can’t trust the purchase based off of everyone I know who tried getting burned, so now I’ll just look at a Pinephone because it’s easier”.

I don't understand how delays of preorders are relevant today, when the devices are available within 10 working days.

Does Waydroid work well on mobile Linux GUIs like Phosh and Plasma Mobile? If it does it could be real handy to sandbox some Android apps you need for work or whatever while still using a proper Linux base

Generally, it depends on the app. Mostly works fine for me. More info: https://source.puri.sm/Librem5/community-wiki/-/wikis/Softwa...

I'm sure you did your research. I'm writing for other readers who are interested.

There are a few alternatives, more can be found but this is a selection of the most prominent offerings.

/e/OS: https://e.foundation/e-os/

GrapheneOS: https://grapheneos.org/

LineageOS: https://lineageos.org/

CalyxOS: https://calyxos.org/

PostmarketOS (based on Alpine Linux rather than Android, and what's used in Pinephones): https://postmarketos.org/ (for some reason the site is currently down)

dupe of https://news.ycombinator.com/item?id=38543155

This is apple's response/acknowledgement to the senator's revelation, unless Reuters updated the article

"In a statement given to Reuters, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications."

Just as an aside on metadata, I find it really frustrating that I can't just read the statement. There's a MacRumors article about a Reuters article about something Apple told them. I went to the Reuters article, but it still only contains one quote pulled from "a statement". I don't imagine Apple sent a major news organization an on-the-record statement with the restriction that they were only allowed to paraphrase it.

It's fascinating that about half hese comments appear to be from younger people unfamiliar with "USA PATRIOT" Act gag orders, FISA, Five Eyes, Least Untruthful Response and related controversies that were big in the news 10-20 years ago.

Amusingly and sadly, the law was called PATRIOT as a normal "give a bad law a Good name", but over time "patriot" has become synonym for "traitor" in common use.

There’s probably some you’ve missed but yeah, I like the “they can’t do this because of * “ comments.

Reminds me of the Eufy issue where they said everything was encrypted except for push notification images.

Hard to pick the most appropriate Orwellian quote. "All tyrannies rule through fraud and force, but once the fraud is exposed they must rely exclusively on force." ~ George Orwell

Why would it be unusual for a generation that’s been under surveillance since they were in the incubator to not hold quaint and obsolete views of privacy?

If we held a poll, what percentage of privacy-loving HN parents don’t have tracking on their kids phone? 5%? 10%?

A paranoid part of me has wondered if some of the text/phone spam we all receive is actually used to stimulate cellphones for tracking purposes.

If you have deeper access to the OS, then fingerprint unlock or FaceID also seem important for positive identification prior to, for example, a Predator strike.

I don't think so. I'm German and receive the spam, even though I can be tracked using SMS messages that aren't shown on the display at all.

https://en.wikipedia.org/wiki/SMS#Silent_SMS

Plus, you can always ask the carriers to which tower(s) a phone is connected and simply triangulate from there, without sending any (user) data to the phone.

"We Kill People Based on Metadata"

- Michael Hayden

This is yet another example of: If the data can be collected it will be used by governments

You can slow this down by making data explicitly built to be impossible to read in transit (eg e2e) and then deleting or never saving it, but the fact that data flows through multiple stops means each transition is an opportunity for third party observation

This is deterministic and is built into the structure of data production transport and consumption. This is part of the infrastructure and cannot be extricated

E2E does not solve the problem outlined here: surveillance of metadata at a global panopticon scale.

See [1] for an overview of "state of the art" metadata-protecting communications protocols. There has been much research into this problem over decades and the effectiveness of such protocols very much depends on real world use cases and practicalities. For example, protocols may require 100 seconds to send a message to ensure adequate mixing, and then may be limited to always-transmitting-24/7 endpoints consuming much power, and then also requiring participants in the network to trust each other not to mount a denial of service attack.

[1] SoK: Metadata-Protecting Communication Systems, Sajin Sasy and Ian Goldberg, Cryptology ePrint Archive, Paper 2023/313, https://eprint.iacr.org/2023/313.pdf

It'd be cool if Signal and other privacy-focused apps added an option to delay push notifications. That would obfuscate the connection between two accounts.

Its a band-aid, but its something.

once upon a time, I had an app that limited network connection for the whole phone to 30 minute refreshes. It was a pretty cool trick.

""In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.""

When they were building the CSAM detector: "what if the government asks you to extend the detection to include other media such as political meme images?" "we would refuse".

Being prohibited from disclosure does not in any way refute their promise to refuse. It would make it hard to prove one way or the other, but that is not the same problem.

I'm probably naive, but what insights could a government gleam from Push Notifications?

And why aren't push notifications E2EE?

I'm probably naive, but what insights could a government gleam from Push Notifications?

Looking at my own phone right now, it just got a push notification that my wife has arrived at home. That could be useful if you wanted to track my wife.

And why aren't push notifications E2EE?

That's a great question. And I hope the answer is "we're on it, they will be E2EE in the next release."

> Reuters' source would not identify which governments were making the data requests but described them as "democracies allied to the United States."

It feels so liberating to be spied upon by "democracies allied to the United States." vs. others.

LOL.

Now you know how the rest of us [abroad in the world] feel regarding the US.

Why do they need to confirm an already known fact: FAANG platforms are built to spy on users? We've known about this fact for at least a decade since the Snowden revelations.

Nothing has materially changed since then, technically, politically, legally, or even culturally. Yet people still believe for-profit corporations have their best interests in mind, thanks to clever marketing and groupthink, clutching to "encrypted apps" and empty "we value your privacy" double-speak: neither will defend you.

There is no privacy on proprietary closed source platforms - it is simply infeasible; it is trying to squeeze blood from a stone. I know this truth will likely trigger and upset people with their $1,000+ iPhones, MacBooks and other iToys, and this sunk cost fallacy is really pathetic to witness in grown adults.

Given a lot of journalists and activists use encrypted communications to be able to do their job without being unduly or unjustly persecuted (yes, the bad guys use them too!), and 12 US State Attorney Generals just signed a letter and delivered it to the major news agencies (NYT, CNN, Reuters, AP, etc.) that warns of any "support to terrorist organizations" and specifically points out Hamas, but is not very clear on what "support" or "business relationship" means (sending a camera to do a report where the press is not allowed due to Israel's complete control of the media - echoes of US journalist access during the Iraq War), and puts them on notice. Nothing is safe from Big Brother, anywhere, any country.

Another case of https://en.m.wikipedia.org/wiki/Third-party_doctrine in motion

UnifiedPush[0] seems like a great alternative to notifications passing through Apple/Google's hands, and I wish it was implemented in more apps.

[0] https://unifiedpush.org/

Must be interesting to work on the teams responsible for compliance at Apple/Google. Would talking to someone about these kinds of orders qualify as treason under US law?