this post was submitted on 07 Dec 2023
148 points (90.2% liked)

Technology

59434 readers
3363 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Apple admits to secretly giving governments push notification data::Apple to update transparency report to break out push notification data requests.

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 49 points 11 months ago (1 children)

As did Google. Both were presented with warrants.

[–] [email protected] 31 points 11 months ago

And both were not allowed to disclose it.

[–] [email protected] 22 points 11 months ago (1 children)

If you can give them that, give me that. Give me a log of my own notifications please!!! Please!!! Ffs...

[–] [email protected] 12 points 11 months ago

Fr. Here I am writing a diary when the NSA could just send me a wrapped instead. But noooooo they can't give me the snooping data 🙄

[–] [email protected] 10 points 11 months ago* (last edited 11 months ago)

Oof that's bad.

Although it should be noted that in well designed apps this should only be metadata. The push notification should just tell the phone that "content is available", which will power up the CPU, launch the app in the background, download your actual message/etc, decrypt it, and finally put a notification on the lock screen.

Metadata is obviously useful to law enforcement, but unless the app is really poorly written they shouldn't be getting your actual notification alerts. Those should be E2EE and therefore can't be disclosed.

Unfortunately the notification system does allow messages to be sent without encryption. Perhaps they should remove that feature.

[–] [email protected] 5 points 11 months ago
[–] [email protected] 2 points 11 months ago (2 children)

What does this mean for apps like signal?

[–] [email protected] 12 points 11 months ago

For Signal, they will know when and how often you receive Signal messages.

Notifications are used to "activate" the app on your device. Then it will connect to Signal servers and download the encrypted messages.

After the software on your device decrypted the message, then it has the sender details and message content.

There are settings to control how much of that information is used when creating the local notification. Because other apps might log notifications.

@jackalope
@L4s

[–] [email protected] 3 points 11 months ago

don't know about iOS, but on Android Signal doesn't send the content of messages through Google's servers.

[–] [email protected] 2 points 11 months ago

This is the best summary I could come up with:


Governments have been secretly tracking the app activity of an unknown number of people using Apple and Google smartphones, US Senator Ron Wyden (D-Ore.) revealed today.

According to Wyden, many app users do not realize that these instant alerts "aren't sent directly from the app provider to users’ smartphones" but instead "pass through a kind of digital post office run by the phone's operating system provider" to "ensure timely and efficient delivery of notifications."

Wyden said his office spent the past year investigating a "tip" received in spring 2022 claiming that "government agencies in foreign countries were demanding smartphone 'push' notification records from Google and Apple."

Ars verified that Apple's law enforcement guidelines now notes that push notification records "may be obtained with a subpoena or greater legal process."

It's unclear if either Apple or Google plans to provide any standalone reporting documenting all past requests for push notification data.

Wyden declined to comment further but wrote in his letter that he is pushing the DOJ to not just end the secrecy but also require even more transparency about these secretive requests.


The original article contains 694 words, the summary contains 182 words. Saved 74%. I'm a bot and I'm open source!

[–] [email protected] 1 points 11 months ago

What’s with the duplicate article? Come on!

[–] [email protected] 1 points 11 months ago

Oh no, who would've thought that they follow the rules of their country... What a surprise..