this post was submitted on 11 Dec 2023
365 points (87.9% liked)

Technology

59322 readers
4980 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

In this video I discuss how a recent DOJ letter revealed that Apple and Google were sending peoples push notifications to foreign governments.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 11 months ago* (last edited 11 months ago) (1 children)

You'd expect nothing less from Signal, but there's still metadata left that can be quite useful.

They offer an alternative version for Android that uses a web socket, so not the best solution either, but oh well. I'd like to see them support UnifiedPush officially though. The Molly fork does, for instance.

A lot more elegant than a web socket, and if more apps supported it, you'd have less apps all running their own service in the background. Well, speaking for a degoogled system, where this would matter a lot more.

[–] [email protected] 2 points 11 months ago (1 children)

What metadata are you worried about specifically?

[–] [email protected] 1 points 11 months ago (1 children)

The simple information when you receive a notification for a specific app can be combined with a whole lot of other info about you that's being collected by big tech and/or governments.

Time stamps are a surprisingly telling trail.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

I mean sure, but realistically if you’re worried about the government knowing when you received a push notification you should be worried about your ISP or cell provider being able to provide that information as well. Hiding this metadata completely from the outside world is really hard. You can obfuscate it with garbage packets (e.g., signal could randomly send you push notifications when you don’t have any new messages giving you plausible deniability, or maybe signal could add some random delays to push notifications to make correlation of senders harder), or you can try to hide by not using push and connecting over Tor or something, but I’m not sure the government knowing when you connect to Tor is much better than them knowing when you receive a push notification, haha.

I’m personally not too worried about this particular metadata. I can imagine situations where it could be problematic (maybe you can use timing to guess whether two people are messaging each other), but I think it’s essentially the least valuable information you can leak from a messaging service, and I think mitigating against it isn’t super easy if you consider the whole network to be adversarial. There’s definitely things you can do, but they all have tradeoffs.