Apple And Google Are Sending Your Push Notifications to The Government - eviltoast

In this video I discuss how a recent DOJ letter revealed that Apple and Google were sending peoples push notifications to foreign governments.

  • Chobbes@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    11 months ago

    I mean sure, but realistically if you’re worried about the government knowing when you received a push notification you should be worried about your ISP or cell provider being able to provide that information as well. Hiding this metadata completely from the outside world is really hard. You can obfuscate it with garbage packets (e.g., signal could randomly send you push notifications when you don’t have any new messages giving you plausible deniability, or maybe signal could add some random delays to push notifications to make correlation of senders harder), or you can try to hide by not using push and connecting over Tor or something, but I’m not sure the government knowing when you connect to Tor is much better than them knowing when you receive a push notification, haha.

    I’m personally not too worried about this particular metadata. I can imagine situations where it could be problematic (maybe you can use timing to guess whether two people are messaging each other), but I think it’s essentially the least valuable information you can leak from a messaging service, and I think mitigating against it isn’t super easy if you consider the whole network to be adversarial. There’s definitely things you can do, but they all have tradeoffs.