Comment by bryancoxwell
2 years ago
If it’s metadata they’re after (according to the article) would it really matter if the push notifications themselves were encrypted? As long as you’re using Apple/Google’s servers to manage push notifications it seems like there would be some metadata that could be useful for surveillance purposes, encrypted or not.
Getting rid of all metadata is fundamentally hard, unless providers are willing to deploy PIR or anonymity networks. But I think it's a mistake to assume metadata means "just the timing of a message": these push messages may include a lot of detailed content that is being described in this article as metadata, and all of that stuff can and should be encrypted.
Additionally, with a little bit of work (well, really quite a lot) the push messages can be made to hide the source. This would make it harder to distinguish a Gmail or DoorDash notification from a WhatsApp notification.