Privacy

31182 readers

1812 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

Investigators seek push notification metadata in 130 cases (go.theregister.com)

submitted 6 months ago by [email protected] to c/[email protected]

10 comments fedilink hide all child comments

"App developers can encrypt these messages when they're stored (in transit they're protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted."

top 10 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 6 months ago (1 children)

Many services and companies argue that metadata is not personal data, but even if that were true by definition of the word, the means to correlate metadata to a real person have existed for how long now?

Just knowing that I receive messages, at certain times, in a certain app, might not be a lot on its own, but as soon as you cross-reference that with other users, it becomes a surveillance goldmine.

And that's what many people seem to miss, I think.
Individually, there might not actually be much, depending on how you use your device. But the word individually gets thrown out the window in our world where everything is interconnected 24/7.

[–] [email protected] 2 points 6 months ago

I was talking to a friend recently about how the mechanisms of surveillance capitalism reminds me of a dark and a hollow version of how communities work. Earlier in the conversation, she used the phrase "communities are when 1+1 = 3", i.e. when the collective output and capacity is greater than the sum of its parts. Data works a lot like that — you're completely right that overemphasis on the value of individuals' data misses the point

[–] [email protected] 2 points 6 months ago (1 children)

And of course nobody is going to fix these vulnerabilities because the governments want to be able to view that data

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

The fix would be very easy. Just don't store that data. But Google and Apple obviously want that data for themselves as well, for advertising.

[–] [email protected] 0 points 6 months ago (1 children)

The fix would be different - not have it go through "someone else's computer". Whenever "someone else's computer" is involved, you should just assume they log everything. Even if they don't do it and don't want to - they can be silently made to do so.

[–] [email protected] 2 points 6 months ago

But there's also UnifiedPush. If apps used that, you could just selfhost that server. A lot of open source apps do use it. I, for example, have a phone with MicroG and I didn't enable cloud messaging. I also have a Nextcloud server, where I installed the UnifiedPush provider and I use NextPush on my phone as the UnifiedPush app. Works great and that way a lot of apps I have don't need to run in the background constantly.

[–] [email protected] 1 points 6 months ago

Another quote from the article: "The data that is required to 'turn on any push notification service' is quite invasive and can unexpectedly reveal/track your location/store your movement with a third-party marketing company or one of the app stores, which is merely a court order or subpoena away from potentially exposing those personal details."

[–] [email protected] 0 points 6 months ago* (last edited 6 months ago) (1 children)

How is getting a push notification any better at tracking someone than the actual gps and tower data that their phone is CONSTANTLY sending out to their cell providers?

Seems really overblown, like most people hearing this assume it's including contents of the notifications but it doesn't, and if law enforcement wants to put a suspect at a crime scene, they can just get the data from T-Mobile, if it gets to the point they're asking Google or Apple for info, id be much more concerned about all the data and emails stored on the cloud, which they already have no problems giving out.

Am I missing something? What can law enforcement gain from push notification data that they can't get with data from the cell provider already or the wealth of other data collected by Gmail, maps, Uber, etc, which is way more useful than anything a push notification would contain.

Not defending the practice of course, I don't get push notifications because I don't have Google apps installed on my grapheneOS phone, but I'm pretty sure T-Mobile knows my location just as well.

[–] [email protected] 0 points 6 months ago (1 children)

You can even read message contents sometimes. You know what apps they are using and can precisely correlate messages with those services

[–] [email protected] 1 points 6 months ago

This.

If there’s a notification for an encrypted group chat, you can use that metadata to identify the devices of all parties involved in that chat, because the push system has to queue all that up and send it at the same time.

That’s just one valuable use of this data.