this post was submitted on 11 Dec 2023
365 points (87.9% liked)

Technology

59466 readers
3522 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

In this video I discuss how a recent DOJ letter revealed that Apple and Google were sending peoples push notifications to foreign governments.

top 44 comments
sorted by: hot top controversial new old
[–] Sneptaur@pawb.social 76 points 11 months ago* (last edited 11 months ago)
[–] RTRedreovic@feddit.ch 48 points 11 months ago (1 children)

This is a good time to make aware that an alternative exists - UnifiedPush.

[–] noodlejetski@lemm.ee 16 points 11 months ago (1 children)

sadly not enough apps support it.

[–] miss_brainfart@lemmy.ml 13 points 11 months ago* (last edited 11 months ago)

Which is why we need to spread awareness. People can't ask developers to consider it if they don't even know that it exists.

More people knowing about something is the first thing that needs to happen.

[–] StenSaksTapir@feddit.dk 48 points 11 months ago (2 children)

Stupid headlines like this, are making us collectively dumber.

[–] Mr_Blott@lemmy.world 45 points 11 months ago* (last edited 11 months ago)

Also, headline-type titles then "In this video I will waffle on for 20 minutes and give you one minute's worth of info

[–] garretble@lemmy.world 8 points 11 months ago

Yeah, I’m not clicking any link that starts with: odysee.com/@AlphaNerd:8

[–] G4ME@feddit.de 40 points 11 months ago (5 children)

That’s why you should disable notifications for apps who shows sensitive information.

Signal does a good way of doing it they only signal (hehe) their app that their is a notification, then the apps gets this information itself.

[–] potoo22@programming.dev 12 points 11 months ago

I was wondering how Signal handles this. Thanks for the info.

[–] narc0tic_bird@lemm.ee 7 points 11 months ago (2 children)

I want to add that WhatsApp doesn't send message content within notifications either.

I know WhatsApp isn't very popular around here (for valid reasons), but it uses end-to-end encryption, notifications or not.

[–] Claidheamh@slrpnk.net 11 points 11 months ago (1 children)

it uses end-to-end encryption

At least they say they do, but we can't really verify that.

[–] Rai@lemmy.dbzer0.com 6 points 11 months ago

Based and never-trust-Facebook-pilled

[–] Gekoloniseerd@lemmy.world 3 points 11 months ago* (last edited 11 months ago)

Well they say they don’t but when the police wants insight on the conversations they will get it quick.

Fuck Facebook Fuck meta Fuck google Fuck Microsoft Fuck apple

[–] miss_brainfart@lemmy.ml 5 points 11 months ago* (last edited 11 months ago) (1 children)

You'd expect nothing less from Signal, but there's still metadata left that can be quite useful.

They offer an alternative version for Android that uses a web socket, so not the best solution either, but oh well. I'd like to see them support UnifiedPush officially though. The Molly fork does, for instance.

A lot more elegant than a web socket, and if more apps supported it, you'd have less apps all running their own service in the background. Well, speaking for a degoogled system, where this would matter a lot more.

[–] Chobbes@lemmy.world 2 points 11 months ago (1 children)

What metadata are you worried about specifically?

[–] miss_brainfart@lemmy.ml 1 points 11 months ago (1 children)

The simple information when you receive a notification for a specific app can be combined with a whole lot of other info about you that's being collected by big tech and/or governments.

Time stamps are a surprisingly telling trail.

[–] Chobbes@lemmy.world 1 points 11 months ago* (last edited 11 months ago)

I mean sure, but realistically if you’re worried about the government knowing when you received a push notification you should be worried about your ISP or cell provider being able to provide that information as well. Hiding this metadata completely from the outside world is really hard. You can obfuscate it with garbage packets (e.g., signal could randomly send you push notifications when you don’t have any new messages giving you plausible deniability, or maybe signal could add some random delays to push notifications to make correlation of senders harder), or you can try to hide by not using push and connecting over Tor or something, but I’m not sure the government knowing when you connect to Tor is much better than them knowing when you receive a push notification, haha.

I’m personally not too worried about this particular metadata. I can imagine situations where it could be problematic (maybe you can use timing to guess whether two people are messaging each other), but I think it’s essentially the least valuable information you can leak from a messaging service, and I think mitigating against it isn’t super easy if you consider the whole network to be adversarial. There’s definitely things you can do, but they all have tradeoffs.

[–] LdyMeow@sh.itjust.works 2 points 11 months ago (2 children)

What I wonder about is if the push notifications are ‘sent’ anyway, ie through the network and the phone just doesn’t do anything with them? Does anyone know?

[–] Skimmer@lemmy.zip 5 points 11 months ago* (last edited 11 months ago) (1 children)

Removing the notifications permission doesn't prevent them from being sent. Source

[–] LdyMeow@sh.itjust.works 2 points 11 months ago

Awesome, thanks for the source!

[–] PM_Your_Nudes_Please@lemmy.world 3 points 11 months ago

Exactly. The issue is that the app still sends the notification to the cloud server. The cloud server doesn’t forward that notif to your device if you have notifs turned off, but it still gets sent to the server regardless. Which means it’s still subject to be shared with the government.

[–] narc0tic_bird@lemm.ee -1 points 11 months ago

I want to add that WhatsApp doesn't send message content within notifications either.

I know WhatsApp isn't very popular around here (for valid reasons), but it uses end-to-end encryption, notifications or not.

[–] CyanFen@lemmy.one 25 points 11 months ago (4 children)

Why in the hell do push notifications need to be generated on google/apple servers? I'm sure our phones are more than capable of processing the information from the app to the lock screen.

[–] HeartyBeast@kbin.social 72 points 11 months ago

Because having multiple applications continuously running in the background polling multiple servers for notifications in real time is a good way to run down your battery very quickly

[–] fartsparkles@sh.itjust.works 27 points 11 months ago* (last edited 11 months ago) (1 children)

The general design is a single system component wakes up the device when it’s sleeping (such as during screen off) and checks in with Apple/Google servers to see if there are any notifications.

Why?

Imagine if every app needed to wake up your device and make network requests to check for notifications etc. The more apps, the faster your battery drain as a queue of apps grows, constantly waking up your device to call home and check for notifications.

Hence Push Notification Services. Instead, developers send a notification to Apple/Google who then pool those notifications with notifications from other apps/developers. Then the single notification service on your device periodically wakes up the device and checks for notifications.

Additionally, push notification systems by OSs are designed with efficiency and minimal networks requests and bandwidth utilisation so an app can’t chew up user’s data quotas due to being poorly written.

TL;DR: It saves battery and network data, enabling users to use more apps.

[–] HarkMahlberg@kbin.social 1 points 11 months ago* (last edited 11 months ago) (2 children)

I'm curious why "push notifications" really act like "pull notifications." Your phone has to request updates from Google/Apple's server. You're still just polling a server frequently. Why is it not the other way around? Why is your phone not the server, and Google/Apple make the "request" to your phone?

[–] AProfessional@lemmy.world 5 points 11 months ago* (last edited 11 months ago)

Phones are very dynamic devices constantly migrating between unknown networks, they suck as a server.

Plus the whole point is to control device wakeups. The opposite is true for a server.

[–] fartsparkles@sh.itjust.works 1 points 11 months ago

The term “push notification” comes from how it enables developers to “push” users, even when they’re not active.

An app developer can (potentially) vibrate a device, make it emit noise, flash a light, appear on the screen, and exist in a set of notifications pinned to the tops of the screens.

Check out Three Minute Games’ mobile game series Lifeline. I think that it beautifully illustrates “pushing”. How the game pushes you to help someone survive in real time, through messages that appear alongside your real notifications.

The game tells you when you’re playing, not the other way round. Buzz buzz, come and play with me.

[–] echo64@lemmy.world 16 points 11 months ago

App server > apple push server > app > lock screen.

For battery efficiency reasons it's better to use the apple push server that's hooked into ios rather than your own push server

[–] JohnEdwa@sopuli.xyz 7 points 11 months ago

It's the difference between polling notifications, where each app wakes up once a minute and goes to ask their respective servers if there are any new notifications, and push notifications which, as the name suggests, are pushed to your phone once they arrive so those apps can sleep.

[–] Binthinkin@kbin.social 16 points 11 months ago* (last edited 11 months ago) (2 children)

I think leaders and elites are so out of touch they know nothing about us and have to rely on bad data to try and decipher what we want but wind up being stupid and just applying control measures because they’re not smart enough to just listen to our complaints.

[–] Mubelotix@jlai.lu 32 points 11 months ago (1 children)

Bold of you to assume the interests of the people intersect with the interests of rulers

[–] jeremyparker@programming.dev 3 points 11 months ago

None of the rules and restrictions that they impose on us will ever impact them or anyone in their families, political power is just about maintaining and increasing political power. If we ever get any protections or services it's just because doing so will enable them to get reelected.

I don't think most people understand how politicians live - every room they go into, everyone in the room is suddenly their servant; they live every moment surrounded by sycophants who are making a career out of preventing access to you. There are a handful of people that have more power than you, but you hardly ever encounter them. A few months of that would change anyone - imagine living years like that?

One day, someone taps you on the shoulder; it's some dirty 20 something who doesn't even know what wagu steak is, much less why you shouldn't be interrupted while it's still hot.

What the fuck do you want, kid?

I'm up to my ears in medical bills, is there anything you can do about socializing our healthcare?

You look around the table apologetically at the people you're eating with, three of whom work for health care companies. They don't say, "that would destroy our line-goes-up" or "any normal job will get this kid health insurance, he just doesn't want to work." They don't say anything. They just roll their eyes and flash a sheepish, such an embarrassment kind of look.

Now's not a great time, ok? But call my office and we'll set something up.

But there never really is a good time, is there? You turn back to your plate, your beef is still mostly hot, and don't bother giving the kid your number. You forget the kid a moment later and don't think of him again until years later. What ever happened to that kid? I hope he figured out his debt problem.

[–] MrPoopbutt@lemmy.world 4 points 11 months ago

They don't give a fuck about you.

You are less than dog shit to them.

They don't want to make your life better.

[–] foggy@lemmy.world 8 points 11 months ago (1 children)

Good thing I have push notifications off for fucking everything

[–] dabu@lemmy.world 2 points 11 months ago (1 children)

The question is - are they off so they are not sent or are they off so you don't see them? Sorry for tinfoil

[–] foggy@lemmy.world 0 points 11 months ago (1 children)

So I don't see em. Who needs em? Not me!

[–] Guest_User@lemmy.world 1 points 11 months ago

I think they are saying the notifications are still sent. They are going from the app servers to the push servers. From the push servers they COULD go to the Gov and to your phone. Your have the notifications turned off so they don't go to your phone. Doesn't mean they don't get sent elsewhere though

[–] Merlin404@lemmy.world 8 points 11 months ago

Is that why i dont get my notifications sometimes? /S

[–] Matty_r@programming.dev 8 points 11 months ago

I use Pushover for my own notifications and was curious to see if they had any info on this. Fortunately they've got a note on their page: https://blog.pushover.net/posts/2023/12/encryption

[–] cryptix@discuss.tchncs.de 7 points 11 months ago

Fuck Google play services

[–] TserriednichThe4th@lemmy.world 6 points 11 months ago

Not google proven. Just apple.

[–] moitoi@feddit.de 5 points 11 months ago

Apple, privacy, my data, etc.