Comment by fidotron
2 years ago
Encryption wouldn’t help as the whole point would be to look for coincident timings. I.e. after activity from one user to a known service you see a push occur going to another user. If this pattern repeats you can build confidence they are in contact.
It would very much help if you wanted to stop the government hoovering up the content of chat messages sent as push notifications
Encrypted messengers aren’t sending unencrypted push payloads, at least not deliberately.
A lot of apps don’t even put much in the push messages themselves at all, they are mainly an indicator to phone home for more information.
Consequently no gov has been getting meaningful info from the content of this stuff for many years - it will all be what you can infer from observed patterns, which is a lot.
I'm not sure I'd trust dating apps and weaker chat apps not to just be sending the contents of messages to a TLS push notification endpoint that Apple/Google could do whatever with before forwarding on to devices.
Differential privacy, meet notifications: just add random notifications as noise to everyone. If payload decrypts to junk, then drop/ignore as a faux-notification; else, trigger notification.
Eh, what’s a few orders of magnitude increase in notification infrastructure overhead anyway? /s