Investigators seek push notification metadata in 130 cases - eviltoast

“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”

  • EngineerGaming@feddit.nl
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    The fix would be different - not have it go through “someone else’s computer”. Whenever “someone else’s computer” is involved, you should just assume they log everything. Even if they don’t do it and don’t want to - they can be silently made to do so.

    • Fisch@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago

      But there’s also UnifiedPush. If apps used that, you could just selfhost that server. A lot of open source apps do use it. I, for example, have a phone with MicroG and I didn’t enable cloud messaging. I also have a Nextcloud server, where I installed the UnifiedPush provider and I use NextPush on my phone as the UnifiedPush app. Works great and that way a lot of apps I have don’t need to run in the background constantly.