Comment by Ensorceled

2 years ago

I see that there is a lot of signal coming over my push notifications ... how would using this signal make spies incompetent?

10 comments

Ensorceled

Reply
jruohonen  2 years ago

> I see that there is a lot of signal

What signals are you talking about? Someone tends to respond to Tinder's notifications at 6 PM on weekends, and such useless data?

  • popcalc  2 years ago

    It would indicate that they're lonely and looking for a partner. If you were looking to turn them into an intelligence asset, you could have an officer approach and seduce them.

    If it's Grindr instead of Tinder, or if they're married, you have a blackmailing angle. In a lot of countries it would be very effective.

    • chatmasta  2 years ago

      There's no need for notification snooping when these apps are spamming requests to unique subdomains on analytics services and their own APIs. DNS snooping is a much easier method of getting that metadata.

      Although I suppose one advantage of push notifications compared to DNS is that they're delivered even when the app isn't open, and more generally they can also serve as a liveness check (successful delivery means your device is online).

      Push notifications would be most valuable for p2p metadata (e.g. iMessage key exchange handshake between two users) and, to the degree they can snoop on the message content, obviously that would be valuable.

      5 replies →

  • ImPostingOnHN  2 years ago

    Suppose you use an anonymous app for messaging. The government sees the conversation ("good day to you") but doesn't know who is on one side (perhaps both).

    So they ask Apple "who exactly sent or received on their phone a push notification for 'good day to you'?" Or perhaps "who sent or received push notifications from secure messaging app around 8:24:39.124 pm, 8:26:12.322, etc.?"

    Apple tells them, and now they know the identity of the "anonymous" recipient. Replace "good day to you" with any text disliked by any format or current or future government.

    • galad87  2 years ago

      The content of almost every messaging app push notification is already encrypted. So I think it's mainly for knowing when someone receives a notification.