Governments spying on Apple, Google users through push notifications

perhaps that democracy is not effective when the state organs are unelected bureacrats with guns

Seems like a pretty open and shut case of unconstitutional restriction of speech in the US. Especially when you consider the wording of the Apple communication saying that they can talk about it openly now that it's public knowledge.

But gagging a company from disclosing untargeted or semi-targeted surveillance, especially if it involves American citizens, seems like it should be unconstitutional on free speech grounds.

I see you have not read the Patriot Act, an Orwellian double-speak of a title if there ever was one.

If I’m not mistaken they’re called NSLs and the legality of them when challenged are reviewed by a secret court with secret laws that have secret interpretations of words. The whole thing as far as I can tell is an out of control nightmare and our corrupt congress doesn’t give a shit.

This is why warrant canaries can be useful in privacy policies, at least for smaller/startup companies. The apple/google/microsoft/amazon/metas of the world would have had to remove the canary long ago, though.

This is why I never believe Apple's "We're super serious about your privacy!"

That is until a government asks them to do things behind the scenes.

What is the point of transparency reports if they don't include major vectors of government surveillance?

How many times did those of us who knew all of this to be a farce warned about this?

Gosh I am so happy to have like the best senator in the senate next to Bernie Sanders in Oregon.

Oregon is an extremely based state. Y'all crap on PDX but the reality is that we have more freedom and less tyranny here than in any other state in the nation, and possibly in the world. PDX is "bad" because it's one of the only places in the world that hated the cops enough to actually muzzle them - and not living in fear of the boot is worth needing to deal with homeless people.

Want to smoke weed? Check (lowest prices in the world). Want to do psychedelics? (functionally legalized) Check. Want to shoot guns? (relatively lax gun laws for a blue state) Check. Want to not be spied on? As check as Ron Wyden can make it!

He even inspired Snowden to expose the illegal mass surveillance programs. IIRC Snowden reached a breaking point when James Clapper, then director of national intelligence, lied under oath to Congress when pressed about domestic surveillance by senator Wyden.

It's sad we don't hear more about people like this in positions of power.

Nine times out of ten, when there's a news piece about a senator advocating for privacy and constitutional rights with regards to tech, it's senator Wyden. He's on the senate intelligence committee and has a decent track record of getting shit done with bipartisan support, so he's not just virtue signaling for votes either (not to mention that he's basically unbeatable in state election with all the support he has in Oregon). He's 74 years old, I do hope someone will step up and carry the torch when he retires. It's a losing battle but it's still important that we have someone who is competent and well respected to fight it for us.

Yeah he's awesome. /s

In May 2017, Wyden co-sponsored the Israel Anti-Boycott Act, Senate Bill 720, which made it a federal crime, punishable by a maximum sentence of 20 years imprisonment,[88] for Americans to encourage or participate in boycotts against Israel and Israeli settlements in the occupied Palestinian territories if protesting actions by the Israeli government. The bill would make it legal for U.S. states to refuse to do business with contractors that engage in boycotts against Israel.[89] https://en.wikipedia.org/wiki/Ron_Wyden#Israel

I'm an Oregonian and my biggest complaint about Ron Wyden is that he's usually ahead of me on technical issues. There are worse problems to have...

So, don’t have Twitter account and/or app installed and you should be good?

Apple's own developer documentation outlines how notifications can trigger when crossing a physical boundary.

Apps notifications can trigger if you enter a "protest zone" for example then gov will know everyone who was there.

If they use IP to deliver notifications, then the gov can demand they hand over the IP address a notification was delivered to. From there, location isn’t hard.

Why bother with this whole process when you can get everything + store & index it yourself?

Who knows? Maybe you want to retroactively look at shit peopke received and decide on new crimes.

Just to make it crystal clear, we recently learned that the FBI served Twitter a search warrant for Trumps account which gave then access to all of his twitter followers. https://www.bbc.com/news/world-us-canada-66365643.amp

Build parallel networks for sections of society to operate and associate outside of what govt has their hands in or with technological guarantees of privacy and safety. I understand this is a tricky constraint to scale but it’s not impossible, current iterative solutions are at hand, and people have coordinated before around successfully building alternative societies in terms of communications, mutual aid, and safety provided to public regardless of family; these are a threat to gov and business though as they minimize people’s reliance on those institutions which is a kind of power money alone can have less control over (so they lean on violence historically - eg battle of blair mountain). I believe technology uniquely makes it possible to scale potential solutions because of how much it’s cheapened unit cost and labor cost thru automation and commodity and open src

I think where we go wrong is to allow the conversation to revolve around what evil corporations are doing with our information, rather than what the evil government is doing with it. I believe the risk to our freedom is much greater from the latter. Of course governments can extract the information from corporations that have it, but let's keep the spotlight on the government itself, and use THAT as a reason to give corps less information about us.

Corporations showing me better-targeted ads is the least of my troubles.

I don't think many people actually care much about privacy. There are a few, and they're loud. But look at what matters in politics -- both major political tribes in the US are only interested in privacy and protection from the government as it relates to their own interest, but they are perfectly happy to use that power against their perceived opponents.

Unfortunately, the constitution isnt very clear on privacy. It should be. There should be a new amendment which makes it crystal clear that the Patriot Act, for example, is completely unconstitutional.

But what the 14th amendment says is that people and their property are protected against searches by the government wherever there is a “reasonable expectation of privacy.” That and some combination of other details imply a right to privacy, but its mot very explicit and clearly limited. In light of this, the Supreme Court has actually ruled quite favorably In practice, the Supreme Court has actually ruled pretty favorably towards a right to privacy, considering whats actually in the constitution.

Assembly 2023 had a fantastic presentation[1] from @BackTheBunny (from X) about precisely this. When the US really wants to do something, the constitution is a parchment guarantee and the media runs cover for them. Many US gov agencies are basically supranational and extrajudicial.

I don't agree with everything he said but the information was well presented and enjoyable.

[1] - https://www.youtube.com/watch?v=rUTcIXuw2f0

The only real way to fix this in the US is via election reform.

The GOP is trying to create an apartheid state where minority rural areas dictate the laws for the majorities that live in urban areas while they extract resources from those areas.

They know this is incredibly unpopular, so they don't even pretend they're trying to get the majority of the vote in most places. Instead, they've been trying to set vote thresholds to > 60% for ballot measures and stripping authority from all elected offices that aren't subject to gerrymandering.

It's also crazy to me that people are frequently arguing over what is the best security app to use for communication arguing over privacy maximalist viewpoints but not considering the old and have forgotten the major flaw we learned about from PGP: can't decrypt, please resend unencrypted. It doesn't matter how good your encryption is if no one will use it. Pareto is a bitch. (This is a crack at the Signal vs Threema or whatever app is hot this month and we discuss next month. But when usernames?)

I so hate when people put words "only" and "metadata" in the same sentence...

     They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don't know what you talked about.

    They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.

    They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don't know what was in the email or what you talked about on the phone.

    They know you received an email from a digital rights activist group with the subject line “Let’s Tell Congress: Stop SESTA/FOSTA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.

    They know you called a gynecologist, spoke for a half hour, and then called the local abortion clinic’s number later that day.

for my understanding, you need that entitlement so you can send an encrypted invisible notification which you can then decrypt locally in your app and push out again as a local notification that doesn't go over the network (i.e. not use apns)? Or is doing this kind of stuff just weirdly tied to that specific entitlement?

We implemented APNS encryption for Firefox iOS without much trouble. Keys are negotiated out of band and message decryption is done in a Notification extension that allows you to pre process incoming notifications. Did not need any special entitlements.

Source code on GitHub.com/mozilla-mobile

Are the ones on Android encrypted i wonder? I hope so

Naive question: why not remove all sensitive data, or all data, from the notification and leave the context for a secondary API call?

Just curious, why do you need filtering permissions for your use case?

Decrypting a push notification appears to be supported using 'mutable-content' with a notification service.

In fact that is the example used here: https://developer.apple.com/documentation/usernotifications/...

It is quite insane how Apple filters entitlements and denies usage of them in a seemingly arbitrary way...

Because the requests likely contain legal cladding to forbid disclosing the request, as is the case in Australia. A lot of people would be vindicated if it turned out one of the “democracies” making these requests was Australia.

We already know, it's the Five Eyes

Anglosphere.

The timing would still give you away - with a privileged network position you can tell that a user sent a message to an messaging service, and that some set of users got notifications from that messaging service moments later. Observe that enough times and you'll have good confidence in the members of a group.

If you're trying to hide from that type of attack you need to send a fixed rate stream of messages (most of which are dummy messages, except the occasional message containing genuine content -- like number stations). Furthermore, every point in the chain also needs to avoid revealing which messages are genuine (by fetching the encrypted message from the server when it receives a genuine notification, you're giving data away).

The operator of the app could send messages at fixed intervals to make it more difficult to correlate the messages (more samples required to have confidence in the recipient). If they send dummy notifications they'd probably fall foul of Apple/Google's constraints around invisible-to-the-user notifications (I know Apple prohibits them, I assume Google does as well)

I can't see that frustrating this type of attack would be interesting to Apple/Google: it would push up power & radio bandwidth requirements for everybody pretty significantly.

Encryption wouldn’t help as the whole point would be to look for coincident timings. I.e. after activity from one user to a known service you see a push occur going to another user. If this pattern repeats you can build confidence they are in contact.

If it’s metadata they’re after (according to the article) would it really matter if the push notifications themselves were encrypted? As long as you’re using Apple/Google’s servers to manage push notifications it seems like there would be some metadata that could be useful for surveillance purposes, encrypted or not.

I don't see why. The system operator knows to whom the message is being sent. They get a court order, ordering them to track messages sent to enumerated entities and they have to comply.

Some apps actually do that. I know at least Rocket.Chat has an option to handle push that way. I'd like to believe other similar chat apps used by groups and communities have it too.

But as others have pointed out, just having the timestamp and target of the notifications already tells a lot.

Here is a better pro-tip- don't do criminal things.

leave your phone at your buddy's house

You'll never be a criminal with that level of opsec.

You have to randomly leave your phone at home for criminal and non-criminal things. That way, there's a plausible alibi that your phone was at home or on you at the time of the crime.

Google-free Android will allow you (force you) to use alternative push servers. That could be your own server (using something like Unified Push) or querying your apps' servers directly. This comes at the cost of battery life, sometimes significantly so, but it does decentralise the notification system.

Of course, your data will still be in the hands of app vendors unless you choose your apps wisely.

You should also block analytics on the network level (using firewall apps or alternative means) because these days developers like to send analytics events for every button pressed, all associated with your phone's unique identifier. If the government can use push notifications for tracking, imagine the tracking they can do through Firebase Analytics or one of its many data hoarding alternatives.

Read at least the summary of James Scott's Seeing Like a State (https://en.wikipedia.org/wiki/Seeing_Like_a_State) and let the concept of legibility percolate for a bit.

Governments view legibility of their constituencies as a feature, not a bug. They want to be able to query the population like a database in order to manage it better. This is exactly like a product manager at a tech company who wants to know whether a certain feature is being used, and asks for more instrumentation in the next release of the product if needed. Over time the product (the population) becomes better and better instrumented.

Of course, the other side of the coin of better legibility is worse privacy. Their feature is your bug.

Are there ways to circumvent or mitigate what's happening? For you, personally, sure. You can turn on all the buried options, add VPNs, proxies, additional profiles/accounts, etc. And for a while it will work.

But you're defeating legibility by doing that, so you're fighting against a very strong opposing force. Over time, the bugs that reduce legibility coverage will be fixed. The options will go away, VPNs will be banned or at least instrumented well enough to nullify their utility, COPPA and porn age-verification laws will extend to make multiple or anonymous identities impractical, and so on. And the few of us who do manage to go online fully anonymously might as well be wearing a "CRIMINAL" hat, because the public will have been trained that only bad actors want privacy, but not to worry if they themselves have nothing to hide.

You can see this already happening with financial transactions. Try to conduct a significant low-legibility transaction (in other words, buy something big with cash). Your bank will ask why you want to withdraw $20,000. Cops might seize the cash, legally and without probable cause, while you're driving to the seller. And when the seller deposits the cash, the bank might file a SAR. This is all working as designed. You're being punished for adding friction to legibility.

Even on HN, where you think people would be ahead of the curve, the PR campaign against financial privacy and censorship resistance is winning. Mention The Digital Currency That Shall Not Be Named, and suddenly the Four Horsemen of the Infocalypse are in control. Why HNers are pro-VPN but anti-Bitcoin, when both stand for privacy and censorship resistance at the price of reduced legibility, is beyond me.

The battle to fight is not just protecting your own privacy. It's protecting your right to protect your privacy without being ipso facto declared a criminal for doing so. Turn on all the options, hold Bitcoin, use VPNs, pay with cash, delete cookies, etc. But above all, be an ordinary, conscientious, law-abiding citizen. Render unto Caesar what is Caesar's. Be average. Be unremarkable. Privacy should be the default. Not unsavory, not for those with something to hide. Just the default.

On iOS, all notifications must go via the centralized APNS, but on non-Google Android (eg Graphene) it is possible to run the device with the Google FCM stuff blocked off. Some apps will break, but stuff that runs in the background for polling or does non-Google notifications will continue to work.

aside from abandoning iOS and Android completely?

These platforms are so opaque and completely controlled by US corporations (so we know they are beholden to NSLs etc). If you care about your data and privacy, the best suggestion is to avoid phone platforms completely for anything important.

And now we understand why they do that.

There were huge downsides for battery life before, and privacy is somewhat orthogonal since you’d be at risk from more companies and they’d all be subject to the same legal demands, so I think the answer has to be regulatory. In the EU, that seems possible but I’m not sure the U.S. government is currently functional enough to do anything about this.

I use Telegram FOSS. They refuse to use firebase for notifications, so I forever have a message in my drawer that leads to this link:

https://github.com/Telegram-FOSS-Team/Telegram-FOSS/blob/mas...

I doubt it solves much but I like to think of it as a little poke in the eye.

UnifiedPush[0] seems like a great project in this area, and I wish it was implemented in more apps.

[0] https://unifiedpush.org/

I'm not sure new laws will matter much considering they've been breaking the existing laws through creative interpretation.

You want the state to write laws to prevent it spying on its citizens?

The Libertarian party might fit our needs for privacy, but very few people belong to the party. As a liberal, I started listening to the Ron Paul (Libertarian, retired US Senator) podcast at least once a week. Maybe because I am older, but what he says mostly makes sense to me.

(Now I expect to get in trouble here because I mentioned a third party, that is fine with me.)

So what are the alternatives here?

You have to be willing to live with something less feature-rich than what you can get on the latest iPhone 27 Max Pro(TM). And you have to be gutsy enough to click an "Install some other OS" button in your web browser with your phone plugged into a USB port.

Then to extend to services, a lot of it depends on your ability to deploy your own stuff. This can involve a lot of time reading how-to guides after you've installed Linux on a machine in your house. Given how much documentation is readily available online most people with a high school diploma can probably figure it all out, but you have to be motivated enough to refuse to be helpless.

Today you can purchase a Pixel 7[|a|Pro] and flash GrapheneOS on it. There's a lot you can get from F-Droid, but if you really want Google Play Store apps, GrapheneOS does a reasonable job sandboxing it. Create a new Google account just for that installation of Google Play Store.

Never sign into anything Google, Microsoft, Apple, Facebook, Twitter/X, LinkedIn, or whatever from your phone. Or at least if you absolutely have to, use a trusted web browser in Incognito or Private Browsing Mode.

Keep location tracking disabled for everything but your favorite maps app. Put your phone in Airplane Mode when you're traveling if you don't want cell towers to capture your location info. GPS reception still works.

WG Tunnel can get you to your server when you're not on your home network. Some people swear by Tailscale, but you have to trust them with your node info.

Syncthing works for backup for a lot of people.

For private maps I've been using Organic Maps with some success. Searching for places isn't necessarily trivial, but the navigation feature has always worked well for me.

For private comms you really need it to go both ways (you and the recipient). The weak point is likely to be the recipient's environment, but at least something like Signal gives you a chance.

Something like Fastmail works for email and calendar, since they're probably not building a profile on you and selling that to advertisers. DAVx5 is free from F-Droid for calendar sync.

Kagi works really well for search. Also, they probably haven't sold out to advertisers. DuckDuckGo is another option with another set of trade-offs.

For music you can serve FLAC files via minidlnad to VLC. minidlnad was a 3-minute tweak to a config file after I apt-got it. There are tons of options here.

Explore F-Droid for stuff that might do better for privacy, like Spotube, FreeOTP, Podverse, Librara FD, Cheogram, etc. I'm not claiming that the F-Droid apps will all give you perfect privacy, but in general they're probably better than a lot of the stuff that's pushed in the Play store.

Check out e-books and audiobooks from your local library. Or copy them to your device via Syncthing after feeding your e-books through Calibre's DeDRM extension. The idea is to keep from having to context license servers from your phone.

Give up on Apple or Google Pay, credit cards, and loyalty programs if you don't want your eReceipts collected and added to your consumer profile by companies that do that sort of thing.

None of this is a surefire way to give yourself perfect privacy, but it can greatly reduce the amount of your personal information that your government and/or corporations collect on you via your mobile device.

Are powerful mobile phones packed with Apps and constant notifications so necessary to a full, fun, enjoyable techy life, really?

I am legitimately surprised that more tech-heads didn't see this state-of-affairs (and all the other obvious drawbacks of The World's Most Featureful Spy Device, controlled end-to-end by a giant multinational, becoming ubiquitous in peoples back pockets) as an obvious, absolute given, right from the very start of the whole smartphone trend. Instead we all seem to have bought into it, hook-line-and-sinker.

Unshackle yourself from Google/Apple and use F-Droid/LineageOS or something similarly FOSS minded.

So what are the alternatives here?

Stop being wilfully ruled by war criminals and start prosecuting their crimes.

The civil means for wresting back control over our government exists - we have to have the courage to use it. That means, prosecuting our own war criminals.

After all, it is the criminals with the most blood on their hands which want to use the tools of the state to repress the public, from which they derive their actual power, and who are the only ones with the resources to actually do something effect about the criminals getting away with it.

These rights-violating mechanisms exist to protect the criminal ruling elite only.

Seriously, to clean up our government: prosecute our war criminals. The war crimes are real, the crimes against humanity are real, the human rights violations are real. What isn't, is the general publics' stomach for the embarrassment they must experience in order to confront the fact of their own wilful rule by dyed-in-the-wool war criminals.

This discomfort at the fallacy of our own moral authority over nations considered to be 'worse human rights violators' has to be replaced with outrage at the actual human rights violations we are allowing to be committed in our name, or else we continue the slide into the abyss..

So what are the alternatives here?

Conduct yourself on your phone the way you would in public in front of friends and family. Only text/browse with stuff you'd be okay with a stranger knowing. I've operated this way for many years for the exact reason that this article highlights.

An interesting point in Glenn Greenwald’s book is that metadata is often more informative than the “real” data.

Consider:

1. A phone call in which Mrs. Smith talks to a receptionist to set an appointment with a doctor for 9:30 next Wednesday.

Vs.

2. Knowing that Mrs. Smith called an abortion clinic.

#2 seems like a bigger violation of privacy. Metadata is the real data.

They already "kill people" based on metadata alone, at least since 2014.[0]

[0]: https://www.nybooks.com/online/2014/05/10/we-kill-people-bas...

Being prohibited from disclosure does not in any way refute their promise to refuse. It would make it hard to prove one way or the other, but that is not the same problem.

wow. Yahoo have a better track record than google or apple on figthing against that https://money.cnn.com/2014/09/11/technology/security/yahoo-f...

I guess now the yahoo phone doesn't sound like that bad of a joke https://www.slashgear.com/wp-content/uploads/2010/05/nokia_y...

We can safely assume they are already doing it, it's just that laws are coming slowly to normalize this survelance so they can't tell us just yet. Vote for those laws to learn more.

I wonder if Apple's Airtag devices use mesh networking of some sort.

Apple AirDrop was basically this, but they neutered it at the request of the Chinese government. It still works, but it automatically turns itself off every 30 minutes, so you can't (for instance) opt-in to allowing people to automatically push uncensored news to your phone during your daily commute (without interacting with the phone every half hour).

(It isn't technically a mesh, since it doesn't support multi-hop routing. Still, it is peer to peer, and doesn't require a data connection.)

They're still a thing, and more of a happening thing than ever because they're useful for IOT. There's a bunch of private LoRa network operators offering a mix of free and paid services. Amazon is already a large player in this space because of their delivery network.

If you were able to do this, and you also had control of the person's ISP/cell network (not unusual for the threat model here), then one thing you could do is interfere with their communications, "shadowbanning" them from their friends/contacts. Say you used a particular app, like LINE, to speak to one particular friend who your "benefactors" didn't want you speaking with, they could drop connections between your device and that app's servers whenever they intercept a push notification from Google or Apple targeted to that app on your device. Effectively preventing the two parties ever communicating.

Depending on specifics, it seems it would be possible to do this cleverly, so the app still thinks it's connected, but just never receives these messages.

I'm not an expert on this, it just seems a plausible possibility. Best effort response to your question! :)

Chat message content?

Compromise a single phone in a target group, send a message to an anonymous chat, and you now know every other member of the group.

Apple needs to know your Apple ID to send you an APNS payload. Now your anonymous chat profile is tied to your real Apple ID. Busted.

Does Waydroid work well on mobile Linux GUIs like Phosh and Plasma Mobile? If it does it could be real handy to sandbox some Android apps you need for work or whatever while still using a proper Linux base

I'm sure you did your research. I'm writing for other readers who are interested.

There are a few alternatives, more can be found but this is a selection of the most prominent offerings.

/e/OS: https://e.foundation/e-os/

GrapheneOS: https://grapheneos.org/

LineageOS: https://lineageos.org/

CalyxOS: https://calyxos.org/

PostmarketOS (based on Alpine Linux rather than Android, and what's used in Pinephones): https://postmarketos.org/ (for some reason the site is currently down)

Alternatively, consider Librem 5, which is more stable, since its software is developed by a dedicated team.

You're kidding yourself if you think three letter agencies don't have LOS users on a list and have capabilities to spy on them on demand with tailored access.

What's GAPless? I've been thinking about trying out LineageOS on a refurbished phone, so I'd love to know what I can do to make it even better.

I’m no expert but in my experience developing mobile applications & push notifications, I’ve only registered a device for notifications (and subsequently sent notifications) if the user opted in. Based on my own experience, I would say if you didn’t enable notifications for a particular service or app, they don’t get sent.

This depends on how the app implements notifications, and which mechanism is used to disable them. I know FCM/Android, not APNS/iOS, so here's a breakdown:

1. The app registers a push token with their backend. This can happen without granting notification permissions, and without notifying the user. So the backend is free to start sending push messages immediately after registration, which is typically done on the first app launch.

2. The controls available in Android's per-app notification settings have nothing to do with push messaging. These allow the user to limit or change how the app displays notifications, regardless of the reason the app is displaying them. Some apps have additional options to disable push messages, but that preference must be communicated to the app's backend to prevent the backend from sending pushes in the first place. Some apps may consider Android's notification settings to determine this preference, but it's extra work to do so.

The concepts of "push messaging" and "notifications" are often used interchangeably, but at least on Android these are separate systems that are tied together with client code. The push messages may also contain notification data, and the official FCM client will display these automatically, so this confusion is understandable.

The article says that Google and Apple know about the push notifications being shown on the phone and governments can make these companies turn over customer data.

I'm not sure if it only covers (for example) the unified notification service on Android or whether Apple and Google know of notifications that don't make use of that API. It's not clear from the article.

It does seem to be notifications on the phone, but (a) that's incredibly surprising and disturbing and (b) it's really unclear why or how that would work when a phone is disconnected from the network. In any event, Google inserting themselves into notifications would be tantamount to reading all my email, texts and everything else, so ... why wouldn't this be restricted to opt-in? Many questions.

A push notification is generally what creates the "you have a new message on <app>" red bubble.

Unless my memory is seriously off, Signal push notifications just tell your device to call and fetch. It’s not like they’re unaware and just sending you stuff in plain text.

My Signal notifications on iOS just say 'Message received!', not sure what else is in the payload but nothing else is displayed... It seems unfathomable that they would push any unencrypted message content or information relating to who is messaging you through notifications that travel over third party servers, so I very much doubt there's much of interest in the payload...

Fortunately, they did foresee this! The push notification only contains enough information to tell the phone that it should fetch the actual notification content from Signal's servers.

Here's a Signal dev talking about it on the Signal-Android GitHub: https://github.com/signalapp/Signal-Android/issues/12961#iss...

And similarly for Signal-iOS: https://github.com/signalapp/Signal-iOS/issues/962#issuecomm...

how do they guarantee that everything is protected and they don’t share data with someone?

I'm probably naive, but what insights could a government gleam from Push Notifications?

Looking at my own phone right now, it just got a push notification that my wife has arrived at home. That could be useful if you wanted to track my wife.

And why aren't push notifications E2EE?

That's a great question. And I hope the answer is "we're on it, they will be E2EE in the next release."

https://news.ycombinator.com/item?id=38544063

Stop promoting and trusting Conversations. Is it bad software which never did OTR verification properly before yanking it unexpectedly and without explanation. To my knowledge it has never been independently audited let alone taken seriously enough by any infosec professionals to warrant such study.

AIU deanonymization happens due to pseudonymity. There are 3 pseudonyms: chat id, push id, phone number. Since all three are constant and linked, they can deanonymize the user. You need some sort of anonymous or confidential protocol to work around it.

You do _not_ need push notifications in the first place. Most definitely not for messaging programs anyway. The "saves battery" arguments are always very fluffy and devices/clients who don't do push notifications (or at least don't force you to) sometimes even have better battery life than devices/clients which do.

I don't think so. I'm German and receive the spam, even though I can be tracked using SMS messages that aren't shown on the display at all.

https://en.wikipedia.org/wiki/SMS#Silent_SMS

Plus, you can always ask the carriers to which tower(s) a phone is connected and simply triangulate from there, without sending any (user) data to the phone.

"We Kill People Based on Metadata"

- Michael Hayden

They mention metadata in the article. Imagine sending a message to a Signal account at time X, then asking Apple a list of all users that received a Signal notification at that specific time.

Others have mentioned the timing attacks but also payloads are not encrypted unless the app developers remember to build that. This linked essay discusses both threats:

https://blog.davidlibeau.fr/push-notifications-are-a-privacy...

FYI what you're describing is https://en.wikipedia.org/wiki/Third-party_doctrine

Are the legal protections against government spying actually worth anything though?

Eg. Parallel construction, FISA, etc etc.

But also, you're whispering right in that if Google and Apple are able to do this, then is that "laundered" spying, I'm that various law enforcement and government agencies can buy this information?

Only now?

once upon a time, I had an app that limited network connection for the whole phone to 30 minute refreshes. It was a pretty cool trick.

From the companies not needing this, it does not follow that various governments don't need this.

My first thought is that this is looking like an especially fun (for the rest of us) popcorn session where someone in one government is shocked to discover that other governments pull the same stunts that they think should be reserved for "our people"… but then I looked up Senator Ron Wyden's Wikipedia page and he seems to be genuinely opposed to such shenanigans from everyone including the US.

So, good for him.

Apple uses “privacy” as a marketing term. They market themselves as protecting your “privacy” from advertisers unlike Google.

Apple open complies with all data requests from government agencies and law enforcement. It is not a hard process for law enforcement to get someone’s iCloud data with a warrant.

https://www.apple.com/privacy/government-information-request...

To add a bit more context here, the "12 US State Attorney Generals" here are 14 Republican US State Attorneys general.

their letter: https://content.govdelivery.com/attachments/IACIO/2023/12/04...

Apps can still do what they want in the content of the notification. This includes encrypting the content however they'd like. By default, though, apps don't encrypt the content. And the metadata (what appleID is receiving notifications from what app) is still known to Apple.

Now you know how the rest of us [abroad in the world] feel regarding the US.

It is ultimately ignorant to think one is not spied upon in daily comings and goings, when the entire human economy is based on data and the study of it (especially at scale), whether by government, private enterprise or sole evil individual.

With Apple/Google you get the comfortable padded jail cell with 24/7 guards to protect - and monitor you; the digital equivalent of having a police officer live with you. You can't go outside of the walled garden and you're told this is for good reason.

Without them, you're totally on your own; you better be prepared and know how to defend yourself. No one will care about your security and privacy. But don't for a second think you're not still under the all-seeing eye of panopticon surveillance, and possibly additional scrutiny therein.