this post was submitted on 07 Dec 2023
98 points (98.0% liked)

Apple

17540 readers
64 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 11 months ago

If you follow a link on that page that says "coverage from yesterday" it reveals why anyone would want your push notification info:

But push data can still reveal a lot about you. Even push notifications from apps as innocuous as food delivery services might reveal where a delivery is coming from, and therefore your approximate location. An Uber notification might contain a message from a driver telling you where to meet. And so on.

Patterns of data could also reveal a lot. For example, if a foreign government was obtaining your iMessage push data – and that of one of your contacts – then even without the actual message content, they could see the two of you were exchanging lot of messages on a particular day. That could be tied to known events to draw conclusions about the likely content of those messages.

For example, imagine a US journalist exchanging messages with a Chinese whistleblower about human rights abuses. A report on the abuses appears today, and the push data shows that the source and journalist exchanged many back-and-forth messages yesterday. That could easily be enough to confirm the source of the leak.

I think there are more elegant ways to glean much more useful information about a target but in an attack I guess all data is valuable. The article doesn't specify how long this has been going on or exactly which governments have been requesting data about who, which would be interesting to know.