Comment by Klonoar
2 years ago
This is not necessarily true. You’re assuming that all the info is in push notifications themselves.
E.g: if I get a push notification that is simply “you have a new event, poll the server”, and then I poll the server for (encrypted) batch updates, where exactly do you see the leak that ties an anonymous profile to an Apple ID? Given a large enough service, that same generic batch update endpoint would be getting hammered and I have to think it would effectively be camouflaged to a degree.
Granted, not every app is going to use this design - but if or when done properly I don’t see that much of an issue here.
(I am open to being wrong, mind you)
Very delayed reply here, but it's a timing attack, I think.
If the government has access to telco resources (I think it's safe to assume that they can and do), then they can line up the timing of a chat message with the push notifications it triggers.
If we are chatting and the government doesn't know who I am, it will only be a matter of time before the number and timing of the push notifications I receive line up in a unique way to the messages you sent me. That would work for every member of the group.
Apple could bundle up multiple push notifications to obfuscate it a bit, but it would hurt real-time communications and wouldn't be that strong of a mitigation anyway.