• Teknikal@lemm.ee
    link
    fedilink
    English
    arrow-up
    66
    ·
    11 months ago

    Shouldn’t it be impossible for them to even be able to hand over your notifications in the first damn place.

    There’s no reason I can think off that they should even have this info.

    • gregorum@lemm.ee
      link
      fedilink
      English
      arrow-up
      27
      ·
      edit-2
      11 months ago

      it’s up to individual app developers to encrypt the data in their push notifications. as for the data about the notifications (the metadata stored on Apple’s/Google’s servers), that could end up being potentially useless if it were just a block of timestamped and encrypted data sitting on Apple’s or Google’s servers. Presently, that data often also includes the full notification contents, unencrypted.

      But when those companies get a court order/subpoena, they have no choice but to cooperate.

      edit: for clarity

      • towerful@programming.dev
        link
        fedilink
        English
        arrow-up
        20
        ·
        11 months ago

        The metadata is actually quite important.
        Sure, chances are it’s a “pending WhatsApp message” notification, but not the actual contents of the message.
        However, with enough metadata and by surveying traffic from WhatsApp data centers, someone could see User A accessed WhatsApps service, which generated a WhatsApp notification for User B.
        That might just be a coincidence, but with enough data and time, the probability that User A is talking to User B can be increased.
        If it also shows that Users C, D and E also get notifications at the same time, it is likely that all those users are in a group chat together.
        It’s called a timing attack.
        And perhaps it isn’t enough evidence to stand up in court, it can help build the profile of the users, and guide investigations to other possible accomplices.

        • gregorum@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          ·
          11 months ago

          I realize that sometimes metadata can be aggregated in nefarious ways. sometimes, however, it’s useless. currently, however, it contains all of the unencrypted contents of the notification itself, not just the metadata, and my point is that’s it’s better to take the step of encrypting the notifications themselves to at least protect that data.

      • Steve@communick.news
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        But why would a copy of the notification history exist outside of the phone itself? I can’t think of a reason why notifications should be collected at all.

        • Railcar8095@lemm.ee
          link
          fedilink
          English
          arrow-up
          7
          ·
          11 months ago

          Imagine you have 20 apps that can send receive notifications from remote (messaging apps, offers, updates…). That would require each app to be active in the background and pulling updates. That’s a massive battery drain.

          Instead, the apps send the notifications to Apple/Google, and the OS checks for all of the apps. The apps don’t need to be awake (the OS could show the notification or wake the app) and there’s only one service checking for the ml notifications.

          It’s a massive oversimplifying and probably I made some mistakes, but that’s my understanding. Hopefully somebody can correct me.

          • Steve@communick.news
            link
            fedilink
            English
            arrow-up
            4
            ·
            11 months ago

            Apparently that’s how it works.

            I’d imagine a notification service on the phone that can receive or pull from all the various sources on behalf of the apps installed. That way the app servers don’t need to hand the data to Apple/Google servers. It just seems like an extra step.

            • pup_atlas
              link
              fedilink
              English
              arrow-up
              3
              ·
              11 months ago

              By doing it that way, you are all the sudden generating tens, if not hundreds of requests per minute to grab notifications for every platform and service, rather than just the one. With a unified approach, the phone can wake up in the background every 5 minutes and ping Google to ask for notifications. If everyone did it individually, your phone would never be able to go to sleep, and would CONSTANTLY be sending out requests to random servers. That also brings up security concerns, since you can get a vague idea of location data from a request, any app that can send notifs can soft track users. They would also open the door for one to be compromised, and send malicious info much easier than it would be to do thru Google. All around, its just a worse solution to the problem with one very small benefit.

            • Railcar8095@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              Well, the problem is that every would need to have their own server with notifications waiting to be pulled (imagine your phone goes offline) and they need to be beefy enough to answer potentially thousands of requests per second. Almost impossible for small devs.

              There’s also additional battery need, as it’s many calls and payloads, and if a server is slow it can affect all the other notifications. Plus more area of attack.

              Not impossible, but I don’t think it’s the direction things will go.

        • gregorum@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          there’s a lot of different reasons why it might exist, depending on how the app or service work. some might have no data history, some might have a lot with a long footprint. some apps/services may benefit from rethinking how their app/services handles/routes this data.

          it’s complicated.

          • Steve@communick.news
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 months ago

            That makes some sense for an individual app collecting its own history.

            Apple or Google collecting all notifications seems like data collection for its own sake, with no real useful purpose.

            • gregorum@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              11 months ago

              oh, I se the misunderstanding— you’re confusing simple on-device app notifications with notifications using the Push service, which actually requires being sent through Apple’s or Google’s servers and may originate outside or your device from a service on a 3rd-party server.

              • Steve@communick.news
                link
                fedilink
                English
                arrow-up
                2
                ·
                11 months ago

                Oh! I didn’t realize they actually went through Google or Apple servers. Not sure why that’s a necessary step, but at least it explains why they would have the data at all.

                Thanks

                • gregorum@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  11 months ago

                  Yeah, not all notifications originate from apps on your device. If, say, Amazon, updates, your delivery status, a push notification gets sent to your Amazon app from Amazon, then you get a notification on your device. That push notification goes through either googles servers or apples servers before it gets to you, that way, they know what device to send it to. That device ID is registered the app on your device with either Apple or Google on their servers. 

      • zeluko@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        would end up being mostly useless if it were just a block of timestamped and encrypted data sitting on Apple’s or Google’s servers

        If you are only interested in the data, sure.
        But metadata is also very powerful, specially when aggregated

        • gregorum@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          11 months ago

          But metadata is also very powerful, specially when aggregated

          it can be, depending on the context and what metadata you get. it can also be useless or of very limited value, even in aggregate. it’s really a roll of the dice, depending on the case. while I agree that no data access would be preferable to a little, my point is that encrypting the notification contents (a step which app devs can and should take) provides far better protection than what the cops get now, which is all.

  • Dave@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    1
    ·
    11 months ago

    The article is incorrect in equating Apple’s stance to Google’s. As far as I can tell Google does not require a warrant, only a subpoena (which doesn’t require a judge’s review), while Apple’s change does require a court order or a warrant, both of which require a judge to sign off.

    • Ghostalmedia@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      11 months ago

      From Google

      Requests from US government agencies in civil, administrative, and criminal cases

      The Fourth Amendment to the US Constitution and the Electronic Communications Privacy Act (ECPA) restrict the government’s ability to force a provider to disclose user information. US authorities must at least do the following:

      In all cases: Issue a subpoena to compel disclosure of basic subscriber registration information and certain IP addresses

      In criminal cases Get a court order to compel disclosure of non-content records, such as the To, From, CC, BCC, and Timestamp fields in emails Get a search warrant to compel disclosure of the content of communications, such as email messages, documents, and photos

      https://policies.google.com/terms/information-requests?hl=en-US

    • Ghostalmedia@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      3
      ·
      11 months ago

      IMHO, they have much more to lose if they decide to start getting shady around privacy and security stuff in western nations. They’ve sunk too much money into building a brand around privacy and security.

          • BlackSkinnedJew@lemmynsfw.com
            link
            fedilink
            English
            arrow-up
            8
            arrow-down
            8
            ·
            edit-2
            11 months ago

            It depends in what you define as “mainstream” in my personal pov I would prefer to go for degoogled rooted AOSP for privacy concerns if you know how to use it there isn’t anything better than it out there.

            • wsweg@lemmy.world
              link
              fedilink
              English
              arrow-up
              13
              ·
              11 months ago

              I mean, of course, yeah. By mainstream I mean what your average consumer would purchase and use. They almost certainly will not be rooting a device

              • subtext@lemmy.world
                link
                fedilink
                English
                arrow-up
                10
                ·
                edit-2
                11 months ago

                I am the family tech support and I certainly will not be rooting a device.

                And I would almost certainly recommend Apple to my family for the “mainstream privacy”

            • pup_atlas
              link
              fedilink
              English
              arrow-up
              12
              ·
              11 months ago

              Rooted, degoogled AOSP is definitively not “mainstream”. Mainstream to me means something you can but off the shelf and start using without having to modify it.

              • BlackSkinnedJew@lemmynsfw.com
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                5
                ·
                11 months ago

                I believe it depends on what exactly someone defines as mainstream, for me using degoogled AOSP it’s something normal idk if it’s mainstream but what exactly it’s mainstream depends on the POV don’t you believe? But in my humble POV definitely Apple it’s not exactly all rainbows about privacy and security, unless you don’t mind your “encrypted” stuff being seen by the CIA and the NSA of course.

            • GBU_28@lemm.ee
              link
              fedilink
              English
              arrow-up
              9
              ·
              11 months ago

              Are you kidding man? The options are things you can buy off the shelf and turn on.

              If you are rooting, configuring etc you are off the mainstream

              • BlackSkinnedJew@lemmynsfw.com
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                6
                ·
                11 months ago

                There is nothing what you can buy out of the shelf and turn it on which respect your privacy and security at all wo a minimum effort and knowledge by the user, nor apple nor google are trustworthy at all, I mean if you will use their “encrypted” clouds to storage pics of your fat wife in them there is no problem but I wouldn’t recommend any of those big corps spyware out of the shelf to anyone involved into politics or really concerned about their privacy at all.

                • GBU_28@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  7
                  arrow-down
                  1
                  ·
                  edit-2
                  11 months ago

                  The fuck is wrong with you? You type like a child with carbon monoxide poisoning

        • Tempo@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          5
          ·
          11 months ago

          Well, we know they’re not, but the people that eat up all the ads Apple makes about their shallow privacy features you have to manually turn on don’t.

  • ngons@feddit.nu
    link
    fedilink
    English
    arrow-up
    18
    ·
    11 months ago

    How do people read giz? I block the ads, but still there’s a sticky video overlay, and “related” links everywhere… unreadable

  • ItsComplicated@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    11 months ago

    Would it be possible for Apple to just encrypt this data or, not keep this data? Then there would be nothing to give law enforcement or government. (Forgive my ignorance, I have no idea how all this works.)

    • kirklennon@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      11 months ago

      The developer of the app sends the push notification through Apple’s service. Developers have always been able to encrypt it, at which point it can be decrypted only by their app, but not all developers do this. There’s also still limited metadata about the fact that a notification was sent, even if the contents are encrypted.

      • ItsComplicated@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        Would it not make more sense to remove metadata and not even collect it? Maybe have an encrypted protocol for push notifications all developers use regardless of the app?

        • skulblaka@kbin.social
          link
          fedilink
          arrow-up
          5
          ·
          11 months ago

          Your phone has to be informed somehow, from the internet, that it has data to present as a notification. The fact that you got a notification at 3:32 and then again at 3:35 is trackable data, pretty much no matter what anyone does with it, encrypted or not. Doubly so if someone has MITM attacked your data stream. They may not know what the notification contains or even what app it was sent to, but the act of transmitting and then receiving this data packet over cell network or internet is a trackable event. And I don’t really know what Apple could even do about that beyond attempting to build Internet 2 solely for the purposes of keeping the cops out of it, which is unlikely at best.

        • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          11 months ago

          Honestly I think developers should just use push notifications to tell the app to directly fetch the notification contents from their server, rather than sending the contents of the notification using push, where it is stored by Apple/Google.

          Or do what Element and Syncthing do, which is bypass that entire Google push infrastructure (FCM, formerly GCM?) and connect directly to their own ones instead - at the expense of some additional battery consumption, particularly when there’s poor cell service. Due to iOS restrictions on background apps, this probably isn’t possible on that platform?

          Edit: add clarification

        • kirklennon@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          11 months ago

          Why not chuck the data when it’s no longer being used, though?

          They do. Apple is sending literally trillions of push notifications per year and certainly doesn’t want to save them longer than necessary (a useless expense), but the government can also ask that information for a targeted user be retained, going forward from the request, even though it would normally be purged.

    • gregorum@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      11 months ago

      It’s possible that they could encrypt and anonymize this data with yet another set of tokenization, but that would be quite an effort on their part. As for not keeping the data, the metadata, itself, it’s necessary in order to coordinate the sending and delivery of push notifications between apps, services, and your devices. It needs to exist.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    This is the best summary I could come up with:


    Senator Ron Wyden wrote a letter to the Department of Justice last week accusing foreign governments of spying on Americans through push notification data.

    Senator Wyden says Apple was “doing the right thing by matching Google and requiring a court order to hand over push notification-related data,” in a statement to Reuters Tuesday.

    This metadata flows through Google and Apple’s servers and could be used by law enforcement to expose the true identities of anonymous online users.

    If a government wants information to associate an APN token with your Apple ID, those “records may be obtained with an order under 18 USC 3703(d) or a search warrant.” Both of these provisions require a judge’s consent to hand over this data but call into question how easy it was for law enforcement to access it in the past.

    As Wyden calls out in his statement today, Apple’s update matches Google’s language in its Privacy and Terms, which also requires a subpoena or court order to hand over metadata about users.

    Google was the first to publish a transparency report detailing how many government requests the company receives for disclosing user information.


    The original article contains 345 words, the summary contains 189 words. Saved 45%. I’m a bot and I’m open source!

  • Cossty@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    I have zero Google services on my phone only microG. Does police still have access to my push notifications if they ask for it?

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      11 months ago

      It’s not the services, it’s the push notification itself. It’s like a book, where the push notification is the cover, and the app is the pages. The government can’t open the book, but they are able to look at the cover all they want.

      This is apples move towards putting a cover on top of the books cover… kinda. The metaphor breaks down when you get into what Apple is doing here to be honest.

    • Stantana@lemmy.sambands.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      gmsCore (microG) is an open source way of using Google Services.

      You re-implemented Google Services (albeit open source instead of proprietary), from what I understand you’re exactly as vulnerable as everyone else - But you have a giant “I’m trying to hide!” sign painted on your account.

    • gregorum@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      11 months ago

      Since google wasn’t requiring a court order before this (like Apple), I’m not sure how this makes them better. From this statement, both Google and Apple will be moving forward with a legal requirement to access this metadata in the future. They seem to be doing this together.

      it seems they were both caught giving up data without a court order before and are now both doing the right thing.

    • random65837@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      11 months ago

      Google has always had good privacy and security, it just doesn’t apply to them! Which is the problem.