this post was submitted on 04 Mar 2024
149 points (96.3% liked)

Privacy

31991 readers
563 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

"App developers can encrypt these messages when they're stored (in transit they're protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted."

you are viewing a single comment's thread
view the rest of the comments
[–] gravitywell@sh.itjust.works 2 points 8 months ago* (last edited 8 months ago) (8 children)

How is getting a push notification any better at tracking someone than the actual gps and tower data that their phone is CONSTANTLY sending out to their cell providers?

Seems really overblown, like most people hearing this assume it's including contents of the notifications but it doesn't, and if law enforcement wants to put a suspect at a crime scene, they can just get the data from T-Mobile, if it gets to the point they're asking Google or Apple for info, id be much more concerned about all the data and emails stored on the cloud, which they already have no problems giving out.

Am I missing something? What can law enforcement gain from push notification data that they can't get with data from the cell provider already or the wealth of other data collected by Gmail, maps, Uber, etc, which is way more useful than anything a push notification would contain.

Not defending the practice of course, I don't get push notifications because I don't have Google apps installed on my grapheneOS phone, but I'm pretty sure T-Mobile knows my location just as well.

[–] ryannathans@aussie.zone 2 points 8 months ago (4 children)

You can even read message contents sometimes. You know what apps they are using and can precisely correlate messages with those services

[–] gravitywell@sh.itjust.works 1 points 8 months ago* (last edited 8 months ago) (2 children)

So assuming the app isnt E2EE then there would be many ways to read message contents, for example if the subpoena your email provider, or SMS provider. Google play store and apple store again also already have all the details of what apps you use, how often you update them or when you removed them.... There is just no benefit to using push for this kind of data gathering, there is always one or more much better ways of obtaining any of this data... wanna know when a woman left the state to go to health clinic? Cell towers. Husband suspected of murdering wife and you want to know what dating apps he used? Google play store has logs of every dating app they joined, and all those dating apps will gladly hand over chat logs and other data to proper authorites when asked nicely... And its not like the pushnotifications themselves are just open air unencrypted broadcasts anyone can monitor, Law enforcment at the very least has to submit the requests to google and apple anyway, so why would they care about push notifications when they can get access to a suspects entire cloud storage and emails?

I'll bet whats really happening here isnt even that cops are "super interested" in push data, but rather they realized that its one of many forms of data that they include when make a request. I'd bet tey also grab any kind of "fitness" related data , and things like your advertising preferences too, because why not? Investegators don't usually go around asking for just the bare minimum they need to incriminate someone or prove an allegation, they just fill out the data request form and check "all of the above".

Go look at how many different options google takeout has, and imagine they probably have a few bonus ones just for law encforcment, Push notifications is just a drop in the bucket in terms of the data that we're all giving away freely by depending on the duopoly of google/apple for all our mobile communications.

[–] RandoCalrandian@kbin.social 1 points 8 months ago* (last edited 8 months ago) (1 children)

Using weak examples and how they are better served in a different way doesn’t mean much

With push data like this you can identify something like every other member of an encrypted group chat by correlating the push notification metadata

They are demanding this for a reason

[–] gravitywell@sh.itjust.works 1 points 8 months ago

That's actually a really good point I hadn't thought of. I still think other data would be more useful, but your example is the first one I'm hearing that maybe could have work if they had no other data to work with

load more comments (1 replies)
load more comments (4 replies)