Comment by jruohonen
2 years ago
> I see that there is a lot of signal
What signals are you talking about? Someone tends to respond to Tinder's notifications at 6 PM on weekends, and such useless data?
2 years ago
> I see that there is a lot of signal
What signals are you talking about? Someone tends to respond to Tinder's notifications at 6 PM on weekends, and such useless data?
It would indicate that they're lonely and looking for a partner. If you were looking to turn them into an intelligence asset, you could have an officer approach and seduce them.
If it's Grindr instead of Tinder, or if they're married, you have a blackmailing angle. In a lot of countries it would be very effective.
There's no need for notification snooping when these apps are spamming requests to unique subdomains on analytics services and their own APIs. DNS snooping is a much easier method of getting that metadata.
Although I suppose one advantage of push notifications compared to DNS is that they're delivered even when the app isn't open, and more generally they can also serve as a liveness check (successful delivery means your device is online).
Push notifications would be most valuable for p2p metadata (e.g. iMessage key exchange handshake between two users) and, to the degree they can snoop on the message content, obviously that would be valuable.
Just because some apps use insecure but highly identifiable DNS lookups doesn’t mean everyone does, or that DNS-over-HTTPS will never be deployed (iOS shipped support in 2020 and Android was only a couple of years later). There’s a 0% chance that anyone smart would say they should rely on that alone and not develop other sources for that information, and intelligence agencies have hired many smart technical people.
4 replies →
Suppose you use an anonymous app for messaging. The government sees the conversation ("good day to you") but doesn't know who is on one side (perhaps both).
So they ask Apple "who exactly sent or received on their phone a push notification for 'good day to you'?" Or perhaps "who sent or received push notifications from secure messaging app around 8:24:39.124 pm, 8:26:12.322, etc.?"
Apple tells them, and now they know the identity of the "anonymous" recipient. Replace "good day to you" with any text disliked by any format or current or future government.
The content of almost every messaging app push notification is already encrypted. So I think it's mainly for knowing when someone receives a notification.