Privacy

38498 readers

508 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

291

Apple Gave Governments Data on Thousands of Push Notifications (www.404media.co)

submitted 2 days ago by sabreW4K3@lazysoci.al to c/privacy@lemmy.ml

57 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] dev_null@lemmy.ml 6 points 1 day ago* (last edited 1 day ago) (1 children)

A push notification, from a technical standpoint, is just a way to wake up an app. It doesn't have to contain any information.

So when you get a message, the messaging service sends a push notification through Apple/Google, which is a way of saying "Hey messaging app, wake up". The app then starts running in the background on your phone, connects to it's server, asks if there is anything new to know about, and the server tells it about a new message, if any. This can then generate a notification on your phone, but importantly what you are seeing in the notification did not come through Apple/Google, all that did was the "Hey messaging app, wake up!".

If authorities then request this data from Apple/Google, all they can see is the times at which your messaging app was asked to wake up. Not whether any message was actually received, or what it contained, or from who. Because all that never touched Apple/Google's systems, not even in an encrypted form.

That being said, some data can be sent directly through the Apple/Google system along with the wake up message, so it's not impossible that some apps include some metadata there. In theory they shouldn't. For example simple marketing notifications or ads often are just included with the push, because it's simple to do.

[–] Ulrich@feddit.org 1 points 17 hours ago* (last edited 16 hours ago) (1 children)

all they can see is the times at which your messaging app was asked to wake up. Not whether any message was actually received, or what it contained, or from who.

Here's what Senator Ron Wyden had to say on the matter:

The data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification.

So they know:

What app received the notification
when it was received
who it was sent to

[–] dev_null@lemmy.ml 1 points 17 hours ago (1 children)

I don't know, are they? As far as we know they could only get unsent notifications, which are obviously still with Apple/Google because the target phone is offline and so they couldn't be delivered yet. Which would explain why they only got thousands of them, not billions.