Privacy

38492 readers

620 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

313

Apple Gave Governments Data on Thousands of Push Notifications (www.404media.co)

submitted 3 days ago by [email protected] to c/[email protected]

56 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 2 days ago* (last edited 2 days ago) (1 children)

Not necessarily. I'm not some sort of tech genius but she's using some choice language here:

push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages

metadata is not "contained" in the notification.

When pushed on this she basically changed the subject to "there's no alternative":

Another Twitter user pointed out that rather than the exposure of the text, the bigger issue is that “the push gets sent at all, not what’s in it. It lets an attacker identify somebody by when they get messages, messages the attacker may even have sent.”

To this, Whittaker replied, “So this is an issue worth clarifying. It’s not possible [right now] to build a mass [communications] app [without] push notifications, [especially with] calling. This is a problem, we agree.”

https://www.medianama.com/2023/12/223-signal-push-notifications-content-meredith-whittaker/

I could be misinterpreting these statements but that's how it reads to me. Seems like encrypting metadata would require Google's involvement and I'm sure that's the opposite of what they want.

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago) (1 children)

You are trying to read what isn't there. Push notifications just don't contain any messages, at all, in any form, whether you want to call it data or metadata. They are just telling the Signal app to wake up, and then it securely checks with the server what's up.

The only think authorities are getting then, is the fact your Signal app was told to wake up at time X. Not whether you actually received a message, let alone any information about any messages.

It is confusing the system is called "push notifications", because it has nothing to do with the actual notifications you are seeing on your phone. It's just a mechanism to wake up sleeping apps so that they can check up with their server.

[–] [email protected] 2 points 1 day ago (1 children)

The only think authorities are getting then, is the fact your Signal app was told to wake up at time X

That's called metadata.

It's just a mechanism to wake up sleeping apps so that they can check up with their server.

So why do the authorities want it?

[–] [email protected] 2 points 1 day ago (1 children)

Yes it's called metadata. I don't know why they want it.

[–] [email protected] 2 points 1 day ago (1 children)

It's because it's used in tandem with other data they collect to profile you. To profile all of us.

[–] [email protected] 2 points 1 day ago

Yes, I assume so.