this post was submitted on 13 Dec 2023
275 points (94.5% liked)
Technology
59390 readers
2569 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Shouldn't it be impossible for them to even be able to hand over your notifications in the first damn place.
There's no reason I can think off that they should even have this info.
it’s up to individual app developers to encrypt the data in their push notifications. as for the data about the notifications (the metadata stored on Apple’s/Google’s servers), that could end up being potentially useless if it were just a block of timestamped and encrypted data sitting on Apple’s or Google’s servers. Presently, that data often also includes the full notification contents, unencrypted.
But when those companies get a court order/subpoena, they have no choice but to cooperate.
edit: for clarity
The metadata is actually quite important.
Sure, chances are it's a "pending WhatsApp message" notification, but not the actual contents of the message.
However, with enough metadata and by surveying traffic from WhatsApp data centers, someone could see User A accessed WhatsApps service, which generated a WhatsApp notification for User B.
That might just be a coincidence, but with enough data and time, the probability that User A is talking to User B can be increased.
If it also shows that Users C, D and E also get notifications at the same time, it is likely that all those users are in a group chat together.
It's called a timing attack.
And perhaps it isn't enough evidence to stand up in court, it can help build the profile of the users, and guide investigations to other possible accomplices.
I realize that sometimes metadata can be aggregated in nefarious ways. sometimes, however, it’s useless. currently, however, it contains all of the unencrypted contents of the notification itself, not just the metadata, and my point is that’s it’s better to take the step of encrypting the notifications themselves to at least protect that data.