this post was submitted on 06 Dec 2023
354 points (86.3% liked)

Technology

60440 readers
3880 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
all 50 comments
sorted by: hot top controversial new old
[–] [email protected] 276 points 1 year ago* (last edited 1 year ago) (5 children)

This headline is ridiculous; I expect better from Ars Technica. You "admit" to things you shouldn't have done. In this case the government compelled Apple to disclose certain data and simultaneously prohibited Apple from disclosing the disclosure. Thanks to a senator's letter, Apple is now free to disclose something that they previously wanted to disclose, about something they were forced to do in the first place.

Compare to the Reuters headline: "Governments spying on Apple, Google users through push notifications - US senator." The emphasis and agency are correctly placed on the bad actors.

[–] [email protected] 95 points 1 year ago (3 children)
[–] [email protected] 14 points 1 year ago (1 children)

It's so telling, how good chat gpt is at creating click bait.

Ask for 10 click bait titles to any essay. It'll be better than your title.

[–] [email protected] 7 points 1 year ago

You won’t believe these top 10 generated clickbait titles!

[–] [email protected] 9 points 1 year ago (1 children)

I was hoping moving to Lemmy would get me away from them but I was wrong.

[–] [email protected] 18 points 1 year ago

Lemmy isn't really that different, beside being decentralized and has less restrictions (and downvotes/upvotes don't mean shit here). People are people and news outlets are the same.

[–] [email protected] 4 points 1 year ago (1 children)

We need a bot that puts a better title in the comments, or an automod bot that physically changes the titles to be plain

[–] [email protected] 2 points 1 year ago (1 children)

This is when AI is actually useful.

[–] [email protected] 2 points 1 year ago (1 children)

Out of curiosity, what was it?

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 5 points 1 year ago

Ah I accidentally deleted it and I guess the deletion didn’t federate completely, now I un-deleted so we’re good!

[–] [email protected] 31 points 1 year ago

yeah, it looks like most of the other new agencies are attributing it correctly as the government. IMO it's the damn gag order that's most damning. You will spy on them for us and tell no-one.

[–] [email protected] 23 points 1 year ago

To be fair Google was already making this information public via their transparency reports, albeit in aggregate, since 2010 [0].

"Google's transparency report, Ars confirmed, already documents requests for push notification data in aggregated data of all government requests for user information."

Apple conveniently played it safe until the coast was clear. Maybe they'd have been allowed to comment on this privacy issue if they published it in aggregate like Google - e.g. not specifically calling out the U.S. Govt? But that wasn't a risk Apple was willing to take for its users.

[0] https://en.wikipedia.org/wiki/Transparency_report

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

I actually scrolled straight to the bottom of the article to see if it was flagged as being "republished from another Condé Nast property." Just hoping there was an excuse for Ars.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

A letter from a senator doesn't carry much legal force. From my understanding of the article, Apple claims they were prohibited from sharing this information, but a simple letter couldn't overturn something like a legal order or court mandate. The change here doesn't support the claim.

It reads more like Apple chose not to disclose in order to avoid the ire of the DOJ, even though it would have been morally more correct to tell the public sooner.

[–] [email protected] 41 points 1 year ago (3 children)

How are we not suing the ever living shit out of the government for violating peoples 4th ammendment rights? This is a gross violation of the unreasonable search and seizure clause in the constitution.

[–] [email protected] 22 points 1 year ago (2 children)

Third party doctrine for one: the data held by third parties has no expectation of privacy, even if it's about you.

From Wikipedia:

The third-party doctrine is a United States legal doctrine that holds that people who voluntarily give information to third parties—such as banks, phone companies, internet service providers (ISPs), and e-mail servers—have "no reasonable expectation of privacy" in that information. A lack of privacy protection allows the United States government to obtain information from third parties without a legal warrant and without otherwise complying with the Fourth Amendment prohibition against search and seizure without probable cause and a judicial search warrant.

Basically the government's argument: if you wanted it to remain private, you wouldn't have given it to someone else.

I'm reality, it's an area of law that desperately needs to be updated.

[–] [email protected] 15 points 1 year ago

The problem is that you almost can't function in modern society without having a phone. So their argument is in bad faith, and really should be checked.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Laughs in GDPR

(as an EU citizen)

[–] thecrotch 2 points 1 year ago

The same EU that's desperately trying to ban end to end encryption and dictate which certification authorities browsers have to support so they can spy on you better?

[–] [email protected] 4 points 1 year ago (1 children)

It will take someone being brought in on evidence gathered by this method to get it overturned. It would probably wind its way up to the Supreme Court.

[–] [email protected] 21 points 1 year ago (2 children)
[–] [email protected] 4 points 1 year ago

What if push messages doesn't happen on your phone but is somehow "pushed" from somewhere else?

[–] [email protected] 6 points 1 year ago

This is the best summary I could come up with:


Governments have been secretly tracking the app activity of an unknown number of people using Apple and Google smartphones, US Senator Ron Wyden (D-Ore.) revealed today.

According to Wyden, many app users do not realize that these instant alerts "aren't sent directly from the app provider to users’ smartphones" but instead "pass through a kind of digital post office run by the phone's operating system provider" to "ensure timely and efficient delivery of notifications."

Wyden said his office spent the past year investigating a "tip" received in spring 2022 claiming that "government agencies in foreign countries were demanding smartphone 'push' notification records from Google and Apple."

Ars verified that Apple's law enforcement guidelines now notes that push notification records "may be obtained with a subpoena or greater legal process."

It's unclear if either Apple or Google plans to provide any standalone reporting documenting all past requests for push notification data.

Wyden declined to comment further but wrote in his letter that he is pushing the DOJ to not just end the secrecy but also require even more transparency about these secretive requests.


The original article contains 694 words, the summary contains 182 words. Saved 74%. I'm a bot and I'm open source!

[–] [email protected] 1 points 1 year ago

(Also Google, and both by force)

[–] [email protected] -5 points 1 year ago (1 children)

The only push notifications I get are from post mates.

What other, more sensitive information would they be collecting this way?

[–] [email protected] 12 points 1 year ago (3 children)

Pretty much any app that has message details in the notification. For instance, if I get a comment response on Lemmy, my app sends a push notification. If that notification contains details about the message, the government would supposedly be able to read that data.

Secure messaging apps have moved away from including message info specifically for this reason. For instance, Signal only sends a notification that you received a message. The push notification doesn’t say who the message was from, or what the message said.

But when Snapchat tells you that a specific friend is typing/has sent a message, the government could conceivably see that and connect you to that person. Maybe not a huge deal if it’s just a friend with nothing to hide. But we all know that “you have nothing to hide so you have nothing to fear” is a horrible excuse. Because it could land you on a list if that friend is a dealer, or becomes radicalized in the future, or has family who has ties to illegal activity, or any number of other things that the government may want to start watching them for.

[–] brbposting 4 points 1 year ago (1 children)

…Signal only sends a notification that you received a message.

Signal on iOS shows previews by default. It even reads messages over AirPods as they come in.

iOS must be doing something special here, right? They can’t be sending message contents through the same route as push notification metadata, or it would be breaking end-to-end encryption… right?

[–] [email protected] 4 points 1 year ago

Correct, messages aren't E2E encrypted if the push has the data.

If there's any reason to preserve privacy the push only has an identifier of the message to be downloaded on the device. When it comes in, the device downloads it and then if you've allowed it, will show it on a notification

[–] [email protected] 3 points 1 year ago

Oh, got it. I turn all those off to avoid being bothered. Post mates is only on so I don’t miss it if “the driver is trying to contact” me.

Does this apply to when I get a text or voice message on my iPhone? There is a message preview before clicking on it.

[–] [email protected] 1 points 1 year ago (1 children)

Good thing I block/disable all of that crap and if a program does it I will just uninstall...I don't need some shit device to tell me what to do and when to do it.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (3 children)

I mean, notifications are an integral part of many apps. You think people just randomly decide to open their phone app, texts, or emails, just to see if they have any unread messages or if they’re actively receiving a call? No, they wait for a notification to prompt them. Nobody is just randomly browsing through all their various apps to check for new messages.

Saying you don’t use notifications is like saying you only turn your phone on when you’re actively making a call, then you turn it right back off again. While it may be true for you, it’s intentionally missing the point and definitely isn’t the typical use case.

Hell, if you’re reading this comment now, it’s likely because you got a notification that I responded.

[–] [email protected] 5 points 1 year ago

People are out here letting Lemmy comments interrupt their day?!

[–] merde 3 points 1 year ago* (last edited 1 year ago) (1 children)

apart from signal (molly), all my app notifications, like the previous commenter, are off. If i open the app, i can see that you replied to me in the inbox. if i don't open one of these apps, then i'm not interested, at that moment, in what's happening on lemmy (or any other platform)

some people are alright with all that nagging buzz, some find it irritating. i grew up before mobile phones, present time was pure and distractions were scarce

that said, i find it troubling to learn that notifications too were being used to collect even more information. but, am i surprised?

[–] [email protected] 5 points 1 year ago (3 children)

Does turning the notifications off mean that it isn't sending these messages or is the app or OS just not displaying them?

[–] [email protected] 3 points 1 year ago (1 children)

I think it means that notifications aren't sent, but it's a good question.

[–] [email protected] 1 points 1 year ago (1 children)

Thinking this through a bit more. It's the server (eg. Signal) that sends the push notifications to Apple/Google. So turning off notifications on your phone presumably means that that Apple/Google doesn't send them to your device. However they are presumably still be going from the server to Apple/Google (because how would Signal know that you've turned notifications off on your phone)?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Based on my understanding, Signal (their servers) won't know and neither will Apple. The local app installed on your phone knows, as that's the client handling what to do with the send/receive requests. I've very little experience with mobile development, though, so I could be very off mark here.

[–] merde 1 points 1 year ago

interesting question, like others too have wrote.

My guess is that because most apps ask explicitly for permission (after the 1st install) unless they're permitted by the user they don't register for the push (just a guess :/

app makers pay for notifications, iirc (wrong?), they wouldn't want to pay for notifications that are turned off on devices

[–] merde 1 points 1 year ago

another question would be: After uninstalling google services, if you install degoogled signal and choose to connect directly to signal servers, do signal still send information to google for push?

[–] [email protected] 1 points 1 year ago

I check my apps daily for updates..I don't rely on my device to tell me what to do, ever.