Comment by chatmasta
2 years ago
There's no need for notification snooping when these apps are spamming requests to unique subdomains on analytics services and their own APIs. DNS snooping is a much easier method of getting that metadata.
Although I suppose one advantage of push notifications compared to DNS is that they're delivered even when the app isn't open, and more generally they can also serve as a liveness check (successful delivery means your device is online).
Push notifications would be most valuable for p2p metadata (e.g. iMessage key exchange handshake between two users) and, to the degree they can snoop on the message content, obviously that would be valuable.
Just because some apps use insecure but highly identifiable DNS lookups doesn’t mean everyone does, or that DNS-over-HTTPS will never be deployed (iOS shipped support in 2020 and Android was only a couple of years later). There’s a 0% chance that anyone smart would say they should rely on that alone and not develop other sources for that information, and intelligence agencies have hired many smart technical people.
In general, I agree DNS-over-HTTPS is a step in the right direction, in terms of eliminating the low-hanging fruit of snooping over the wire. But it's still the same major companies providing the resolvers. And if you're sending them an NSL for push notifications, you may as well send one for DNS too.
That’s usually untrue - for example, if I’m on Comcast but I use Firefox, my DoH requests go instead to Cloudflare who don’t log IPs – but also the larger point is that DNS isn’t complete enough: sometimes it’s unique companies but a lot of the time it’s just a shared endpoint. Push notifications don’t have that problem and happen every time, not just when a cache expires.
2 replies →