this post was submitted on 04 Mar 2024
145 points (96.2% liked)

Privacy

32177 readers
687 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

"App developers can encrypt these messages when they're stored (in transit they're protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted."

all 31 comments
sorted by: hot top controversial new old
[–] [email protected] 30 points 9 months ago (1 children)

Many services and companies argue that metadata is not personal data, but even if that were true by definition of the word, the means to correlate metadata to a real person have existed for how long now?

Just knowing that I receive messages, at certain times, in a certain app, might not be a lot on its own, but as soon as you cross-reference that with other users, it becomes a surveillance goldmine.

And that's what many people seem to miss, I think.
Individually, there might not actually be much, depending on how you use your device. But the word individually gets thrown out the window in our world where everything is interconnected 24/7.

[–] [email protected] 7 points 9 months ago

I was talking to a friend recently about how the mechanisms of surveillance capitalism reminds me of a dark and a hollow version of how communities work. Earlier in the conversation, she used the phrase "communities are when 1+1 = 3", i.e. when the collective output and capacity is greater than the sum of its parts. Data works a lot like that — you're completely right that overemphasis on the value of individuals' data misses the point

[–] [email protected] 25 points 9 months ago (1 children)

And of course nobody is going to fix these vulnerabilities because the governments want to be able to view that data

[–] [email protected] 6 points 9 months ago* (last edited 9 months ago) (2 children)

The fix would be very easy. Just don't store that data. But Google and Apple obviously want that data for themselves as well, for advertising.

[–] [email protected] 3 points 9 months ago (1 children)

Tbh I absolutely do not understand why they decided to collect any data for push notifications in the first place. But yea now nobody will fix it. Though I'm wondering if it's only the proprietary part (Firebase or whatever the name is) or the system itself that collects data. I mean if I use a degoogled phone that doesn't even have that proprietary part (means notifications from IMSes don't work either), am I safe from this or not? And does the collected data go to Google or to the app's developers?

[–] [email protected] 1 points 9 months ago (1 children)

I already explained how the whole push notification thing works in this comment. If you're using a degoogled phone, you'll be fine. MicroG has the option to use Firebase but you need to be logged in with a Google account, enable device registration and enable cloud messaging for it to use it. Google has the data about when you got a push notification from what app since it goes through their server and the app developer can obviously log the notification data from their app.

[–] [email protected] 0 points 9 months ago (1 children)

BRUH push notifications with Firebase require everything going through a Google server? What in the deleted is that design?

[–] [email protected] 1 points 9 months ago (1 children)

I don't like Google either but this design makes perfect sense. There's a reason UnifiedPush works the same way. It sucks that you can't choose a different server but that's just how Google does things.

[–] [email protected] 0 points 9 months ago (1 children)

In my opinion there's absolutely no point in sending notifications through Google. It can be done differently and in a much less overengineered way. Unification doesn't make sense here. The additional features don't work in half of the apps now anyways

[–] [email protected] 1 points 9 months ago (1 children)

If you have a better way to do this, I'd really like to hear it. Also, what additional features are you talking about?

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)
  1. I'm not a very advanced Android programmer but I know it's possible to make something like universal instructions and dependency lists (if you want unification which I personally don't support). Linux has push notifications for years and on Android they work too if the app is running in the background. In my opinion the app should control the contact with its servers. Just make a daemon or something like that so the whole app doesn't have to stay in memory. Yes it's messy and battery life will be worse but monopolizing is always bad. Federating Firebase is a good idea too but I personally prefer the other method because it gives more flexibility
  2. Video/music progress bar on Firefox for example
[–] [email protected] 2 points 9 months ago (1 children)

Apps running in the background was how it was done before but it drained a lot of battery, which is why it's done this way now. Even KDE is implementing UnifiedPush. Things like the Firefox progress bar notification also don't use this system at all.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

Well here it's a matter of personal preference. For me privacy is more important than battery life and I consider Firebase extremely immoral. It can be different for other people. And thank you for telling about Firefox

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago) (1 children)

But that's why UnifiedPush exists, an open standard where you can choose what server to use or selfhost it

[–] [email protected] 1 points 9 months ago (1 children)

As I said earlier, this idea is good too. Open push standards are generally the best for efficiency but they can become proprietary or die (usually after getting bought by a big tech company) and even if a fork emerges it may be difficult to switch to it since it's an important component and 100% compatibility with the previous standard is not always possible. That's the main problem with unification and monopolization. The open standards can run into severe issues and then everything may collapse. When apps control the notifications, such risk is almost completely mitigated. Even though the described scenario is generally unlike to happen, push notifications have always been very "interesting" for big tech which rises the concerns about the stability of open push standards. Fortunately it's possible to make an app that can work in both push and standalone modes (e.g. Telegram) which is good I guess

[–] [email protected] 1 points 8 months ago

The UnifiedPush standard is actually so simple, I don't think a company could even make that proprietary if they wanted to. You need to keep in mind that it's not sending the notification contents but just that there is a notification for a specific app.

I definitely agree that it's best when apps support all methods, so UnifiedPush, running in the background and Firebase (that one just for the Google Play build). That way you can use whatever is best for you.

[–] [email protected] 1 points 8 months ago (1 children)

The fix would be different - not have it go through "someone else's computer". Whenever "someone else's computer" is involved, you should just assume they log everything. Even if they don't do it and don't want to - they can be silently made to do so.

[–] [email protected] 3 points 8 months ago

But there's also UnifiedPush. If apps used that, you could just selfhost that server. A lot of open source apps do use it. I, for example, have a phone with MicroG and I didn't enable cloud messaging. I also have a Nextcloud server, where I installed the UnifiedPush provider and I use NextPush on my phone as the UnifiedPush app. Works great and that way a lot of apps I have don't need to run in the background constantly.

[–] [email protected] 19 points 9 months ago

Another quote from the article: "The data that is required to 'turn on any push notification service' is quite invasive and can unexpectedly reveal/track your location/store your movement with a third-party marketing company or one of the app stores, which is merely a court order or subpoena away from potentially exposing those personal details."

[–] [email protected] 6 points 9 months ago

I use UnifiedPush so at least Apple and Google don't have that data either.

[–] gravitywell 2 points 9 months ago* (last edited 9 months ago) (3 children)

How is getting a push notification any better at tracking someone than the actual gps and tower data that their phone is CONSTANTLY sending out to their cell providers?

Seems really overblown, like most people hearing this assume it's including contents of the notifications but it doesn't, and if law enforcement wants to put a suspect at a crime scene, they can just get the data from T-Mobile, if it gets to the point they're asking Google or Apple for info, id be much more concerned about all the data and emails stored on the cloud, which they already have no problems giving out.

Am I missing something? What can law enforcement gain from push notification data that they can't get with data from the cell provider already or the wealth of other data collected by Gmail, maps, Uber, etc, which is way more useful than anything a push notification would contain.

Not defending the practice of course, I don't get push notifications because I don't have Google apps installed on my grapheneOS phone, but I'm pretty sure T-Mobile knows my location just as well.

[–] [email protected] 14 points 9 months ago (1 children)

I think the whole thing is that it's a class of data that has very few privacy protections on it and is therefore more easily accessible by assholes

[–] gravitywell 4 points 9 months ago

If we're talking about these agencies subpoenaing in order to get the data, that kinda sounds like privacy protections are in place for it. I think whats really happening here is that push data is now one of a hundred or so other things (like emails, google/app maps data, web search history), that's now being included when agencies make requests for a users data... they arent specifically going after push notifications any more then they're going after how many steps your fitbit is counting, they just want all the information they can get, and by voluntarily giving it to these companies we put ourselves at risk, its a very distopian trade off.

[–] [email protected] 2 points 9 months ago (2 children)

You can even read message contents sometimes. You know what apps they are using and can precisely correlate messages with those services

[–] [email protected] 2 points 9 months ago

This.

If there’s a notification for an encrypted group chat, you can use that metadata to identify the devices of all parties involved in that chat, because the push system has to queue all that up and send it at the same time.

That’s just one valuable use of this data.

[–] gravitywell 1 points 9 months ago* (last edited 9 months ago) (1 children)

So assuming the app isnt E2EE then there would be many ways to read message contents, for example if the subpoena your email provider, or SMS provider. Google play store and apple store again also already have all the details of what apps you use, how often you update them or when you removed them.... There is just no benefit to using push for this kind of data gathering, there is always one or more much better ways of obtaining any of this data... wanna know when a woman left the state to go to health clinic? Cell towers. Husband suspected of murdering wife and you want to know what dating apps he used? Google play store has logs of every dating app they joined, and all those dating apps will gladly hand over chat logs and other data to proper authorites when asked nicely... And its not like the pushnotifications themselves are just open air unencrypted broadcasts anyone can monitor, Law enforcment at the very least has to submit the requests to google and apple anyway, so why would they care about push notifications when they can get access to a suspects entire cloud storage and emails?

I'll bet whats really happening here isnt even that cops are "super interested" in push data, but rather they realized that its one of many forms of data that they include when make a request. I'd bet tey also grab any kind of "fitness" related data , and things like your advertising preferences too, because why not? Investegators don't usually go around asking for just the bare minimum they need to incriminate someone or prove an allegation, they just fill out the data request form and check "all of the above".

Go look at how many different options google takeout has, and imagine they probably have a few bonus ones just for law encforcment, Push notifications is just a drop in the bucket in terms of the data that we're all giving away freely by depending on the duopoly of google/apple for all our mobile communications.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

Using weak examples and how they are better served in a different way doesn’t mean much

With push data like this you can identify something like every other member of an encrypted group chat by correlating the push notification metadata

They are demanding this for a reason

[–] gravitywell 1 points 8 months ago

That's actually a really good point I hadn't thought of. I still think other data would be more useful, but your example is the first one I'm hearing that maybe could have work if they had no other data to work with

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

You are discussing two different things. Just because they can use cell data, it does justify additional needless spying.

At least with cell data there is veneer of that's only way to do it. Here our dear corpo tech lords could just make a product that does [not] leak data but they chose not to... why do we pay for such treatment?