In this video I discuss how a recent DOJ letter revealed that Apple and Google were sending peoples push notifications to foreign governments.

  • G4ME@feddit.de
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    11 months ago

    That’s why you should disable notifications for apps who shows sensitive information.

    Signal does a good way of doing it they only signal (hehe) their app that their is a notification, then the apps gets this information itself.

    • potoo22
      link
      fedilink
      English
      arrow-up
      12
      ·
      11 months ago

      I was wondering how Signal handles this. Thanks for the info.

    • narc0tic_bird@lemm.ee
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      3
      ·
      11 months ago

      I want to add that WhatsApp doesn’t send message content within notifications either.

      I know WhatsApp isn’t very popular around here (for valid reasons), but it uses end-to-end encryption, notifications or not.

      • Claidheamh@slrpnk.net
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        2
        ·
        11 months ago

        it uses end-to-end encryption

        At least they say they do, but we can’t really verify that.

      • Gekoloniseerd@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        11 months ago

        Well they say they don’t but when the police wants insight on the conversations they will get it quick.

        Fuck Facebook Fuck meta Fuck google Fuck Microsoft Fuck apple

    • miss_brainfart@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      11 months ago

      You’d expect nothing less from Signal, but there’s still metadata left that can be quite useful.

      They offer an alternative version for Android that uses a web socket, so not the best solution either, but oh well. I’d like to see them support UnifiedPush officially though. The Molly fork does, for instance.

      A lot more elegant than a web socket, and if more apps supported it, you’d have less apps all running their own service in the background. Well, speaking for a degoogled system, where this would matter a lot more.

        • miss_brainfart@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          The simple information when you receive a notification for a specific app can be combined with a whole lot of other info about you that’s being collected by big tech and/or governments.

          Time stamps are a surprisingly telling trail.

          • Chobbes@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 months ago

            I mean sure, but realistically if you’re worried about the government knowing when you received a push notification you should be worried about your ISP or cell provider being able to provide that information as well. Hiding this metadata completely from the outside world is really hard. You can obfuscate it with garbage packets (e.g., signal could randomly send you push notifications when you don’t have any new messages giving you plausible deniability, or maybe signal could add some random delays to push notifications to make correlation of senders harder), or you can try to hide by not using push and connecting over Tor or something, but I’m not sure the government knowing when you connect to Tor is much better than them knowing when you receive a push notification, haha.

            I’m personally not too worried about this particular metadata. I can imagine situations where it could be problematic (maybe you can use timing to guess whether two people are messaging each other), but I think it’s essentially the least valuable information you can leak from a messaging service, and I think mitigating against it isn’t super easy if you consider the whole network to be adversarial. There’s definitely things you can do, but they all have tradeoffs.

    • LdyMeow@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      11 months ago

      What I wonder about is if the push notifications are ‘sent’ anyway, ie through the network and the phone just doesn’t do anything with them? Does anyone know?

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Exactly. The issue is that the app still sends the notification to the cloud server. The cloud server doesn’t forward that notif to your device if you have notifs turned off, but it still gets sent to the server regardless. Which means it’s still subject to be shared with the government.

    • narc0tic_bird@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      3
      ·
      11 months ago

      I want to add that WhatsApp doesn’t send message content within notifications either.

      I know WhatsApp isn’t very popular around here (for valid reasons), but it uses end-to-end encryption, notifications or not.