Governments spying on Apple, Google users through push notifications

We implemented APNS encryption for Firefox iOS without much trouble. Keys are negotiated out of band and message decryption is done in a Notification extension that allows you to pre process incoming notifications. Did not need any special entitlements.

Source code on GitHub.com/mozilla-mobile

Just curious, why do you need filtering permissions for your use case?

Decrypting a push notification appears to be supported using 'mutable-content' with a notification service.

In fact that is the example used here: https://developer.apple.com/documentation/usernotifications/...

for my understanding, you need that entitlement so you can send an encrypted invisible notification which you can then decrypt locally in your app and push out again as a local notification that doesn't go over the network (i.e. not use apns)? Or is doing this kind of stuff just weirdly tied to that specific entitlement?

Naive question: why not remove all sensitive data, or all data, from the notification and leave the context for a secondary API call?

It is quite insane how Apple filters entitlements and denies usage of them in a seemingly arbitrary way...

Are the ones on Android encrypted i wonder? I hope so

He even inspired Snowden to expose the illegal mass surveillance programs. IIRC Snowden reached a breaking point when James Clapper, then director of national intelligence, lied under oath to Congress when pressed about domestic surveillance by senator Wyden.

It's sad we don't hear more about people like this in positions of power.

Nine times out of ten, when there's a news piece about a senator advocating for privacy and constitutional rights with regards to tech, it's senator Wyden. He's on the senate intelligence committee and has a decent track record of getting shit done with bipartisan support, so he's not just virtue signaling for votes either (not to mention that he's basically unbeatable in state election with all the support he has in Oregon). He's 74 years old, I do hope someone will step up and carry the torch when he retires. It's a losing battle but it's still important that we have someone who is competent and well respected to fight it for us.

Gosh I am so happy to have like the best senator in the senate next to Bernie Sanders in Oregon.

Oregon is an extremely based state. Y'all crap on PDX but the reality is that we have more freedom and less tyranny here than in any other state in the nation, and possibly in the world. PDX is "bad" because it's one of the only places in the world that hated the cops enough to actually muzzle them - and not living in fear of the boot is worth needing to deal with homeless people.

Want to smoke weed? Check (lowest prices in the world). Want to do psychedelics? (functionally legalized) Check. Want to shoot guns? (relatively lax gun laws for a blue state) Check. Want to not be spied on? As check as Ron Wyden can make it!

Are powerful mobile phones packed with Apps and constant notifications so necessary to a full, fun, enjoyable techy life, really?

I am legitimately surprised that more tech-heads didn't see this state-of-affairs (and all the other obvious drawbacks of The World's Most Featureful Spy Device, controlled end-to-end by a giant multinational, becoming ubiquitous in peoples back pockets) as an obvious, absolute given, right from the very start of the whole smartphone trend. Instead we all seem to have bought into it, hook-line-and-sinker.

> So what are the alternatives here?

Conduct yourself on your phone the way you would in public in front of friends and family. Only text/browse with stuff you'd be okay with a stranger knowing. I've operated this way for many years for the exact reason that this article highlights.

> So what are the alternatives here?

Stop being wilfully ruled by war criminals and start prosecuting their crimes.

The civil means for wresting back control over our government exists - we have to have the courage to use it. That means, prosecuting our own war criminals.

After all, it is the criminals with the most blood on their hands which want to use the tools of the state to repress the public, from which they derive their actual power, and who are the only ones with the resources to actually do something effect about the criminals getting away with it.

These rights-violating mechanisms exist to protect the criminal ruling elite only.

Seriously, to clean up our government: prosecute our war criminals. The war crimes are real, the crimes against humanity are real, the human rights violations are real. What isn't, is the general publics' stomach for the embarrassment they must experience in order to confront the fact of their own wilful rule by dyed-in-the-wool war criminals.

This discomfort at the fallacy of our own moral authority over nations considered to be 'worse human rights violators' has to be replaced with outrage at the actual human rights violations we are allowing to be committed in our name, or else we continue the slide into the abyss..

> So what are the alternatives here?

You have to be willing to live with something less feature-rich than what you can get on the latest iPhone 27 Max Pro(TM). And you have to be gutsy enough to click an "Install some other OS" button in your web browser with your phone plugged into a USB port.

Then to extend to services, a lot of it depends on your ability to deploy your own stuff. This can involve a lot of time reading how-to guides after you've installed Linux on a machine in your house. Given how much documentation is readily available online most people with a high school diploma can probably figure it all out, but you have to be motivated enough to refuse to be helpless.

Today you can purchase a Pixel 7[|a|Pro] and flash GrapheneOS on it. There's a lot you can get from F-Droid, but if you really want Google Play Store apps, GrapheneOS does a reasonable job sandboxing it. Create a new Google account just for that installation of Google Play Store.

Never sign into anything Google, Microsoft, Apple, Facebook, Twitter/X, LinkedIn, or whatever from your phone. Or at least if you absolutely have to, use a trusted web browser in Incognito or Private Browsing Mode.

Keep location tracking disabled for everything but your favorite maps app. Put your phone in Airplane Mode when you're traveling if you don't want cell towers to capture your location info. GPS reception still works.

WG Tunnel can get you to your server when you're not on your home network. Some people swear by Tailscale, but you have to trust them with your node info.

Syncthing works for backup for a lot of people.

For private maps I've been using Organic Maps with some success. Searching for places isn't necessarily trivial, but the navigation feature has always worked well for me.

For private comms you really need it to go both ways (you and the recipient). The weak point is likely to be the recipient's environment, but at least something like Signal gives you a chance.

Something like Fastmail works for email and calendar, since they're probably not building a profile on you and selling that to advertisers. DAVx5 is free from F-Droid for calendar sync.

Kagi works really well for search. Also, they probably haven't sold out to advertisers. DuckDuckGo is another option with another set of trade-offs.

For music you can serve FLAC files via minidlnad to VLC. minidlnad was a 3-minute tweak to a config file after I apt-got it. There are tons of options here.

Explore F-Droid for stuff that might do better for privacy, like Spotube, FreeOTP, Podverse, Librara FD, Cheogram, etc. I'm not claiming that the F-Droid apps will all give you perfect privacy, but in general they're probably better than a lot of the stuff that's pushed in the Play store.

Check out e-books and audiobooks from your local library. Or copy them to your device via Syncthing after feeding your e-books through Calibre's DeDRM extension. The idea is to keep from having to context license servers from your phone.

Give up on Apple or Google Pay, credit cards, and loyalty programs if you don't want your eReceipts collected and added to your consumer profile by companies that do that sort of thing.

None of this is a surefire way to give yourself perfect privacy, but it can greatly reduce the amount of your personal information that your government and/or corporations collect on you via your mobile device.

Unshackle yourself from Google/Apple and use F-Droid/LineageOS or something similarly FOSS minded.

Apple AirDrop was basically this, but they neutered it at the request of the Chinese government. It still works, but it automatically turns itself off every 30 minutes, so you can't (for instance) opt-in to allowing people to automatically push uncensored news to your phone during your daily commute (without interacting with the phone every half hour).

(It isn't technically a mesh, since it doesn't support multi-hop routing. Still, it is peer to peer, and doesn't require a data connection.)

They're still a thing, and more of a happening thing than ever because they're useful for IOT. There's a bunch of private LoRa network operators offering a mix of free and paid services. Amazon is already a large player in this space because of their delivery network.

I wonder if Apple's Airtag devices use mesh networking of some sort.

The timing would still give you away - with a privileged network position you can tell that a user sent a message to an messaging service, and that some set of users got notifications from that messaging service moments later. Observe that enough times and you'll have good confidence in the members of a group.

If you're trying to hide from that type of attack you need to send a fixed rate stream of messages (most of which are dummy messages, except the occasional message containing genuine content -- like number stations). Furthermore, every point in the chain also needs to avoid revealing which messages are genuine (by fetching the encrypted message from the server when it receives a genuine notification, you're giving data away).

The operator of the app could send messages at fixed intervals to make it more difficult to correlate the messages (more samples required to have confidence in the recipient). If they send dummy notifications they'd probably fall foul of Apple/Google's constraints around invisible-to-the-user notifications (I know Apple prohibits them, I assume Google does as well)

I can't see that frustrating this type of attack would be interesting to Apple/Google: it would push up power & radio bandwidth requirements for everybody pretty significantly.

If it’s metadata they’re after (according to the article) would it really matter if the push notifications themselves were encrypted? As long as you’re using Apple/Google’s servers to manage push notifications it seems like there would be some metadata that could be useful for surveillance purposes, encrypted or not.

Some apps actually do that. I know at least Rocket.Chat has an option to handle push that way. I'd like to believe other similar chat apps used by groups and communities have it too.

But as others have pointed out, just having the timestamp and target of the notifications already tells a lot.

Encryption wouldn’t help as the whole point would be to look for coincident timings. I.e. after activity from one user to a known service you see a push occur going to another user. If this pattern repeats you can build confidence they are in contact.

I don't see why. The system operator knows to whom the message is being sent. They get a court order, ordering them to track messages sent to enumerated entities and they have to comply.

I'm not sure new laws will matter much considering they've been breaking the existing laws through creative interpretation.

You want the state to write laws to prevent it spying on its citizens?

The Libertarian party might fit our needs for privacy, but very few people belong to the party. As a liberal, I started listening to the Ron Paul (Libertarian, retired US Senator) podcast at least once a week. Maybe because I am older, but what he says mostly makes sense to me.

(Now I expect to get in trouble here because I mentioned a third party, that is fine with me.)

UnifiedPush[0] seems like a great project in this area, and I wish it was implemented in more apps.

[0] https://unifiedpush.org/

I use Telegram FOSS. They refuse to use firebase for notifications, so I forever have a message in my drawer that leads to this link:

https://github.com/Telegram-FOSS-Team/Telegram-FOSS/blob/mas...

I doubt it solves much but I like to think of it as a little poke in the eye.

There were huge downsides for battery life before, and privacy is somewhat orthogonal since you’d be at risk from more companies and they’d all be subject to the same legal demands, so I think the answer has to be regulatory. In the EU, that seems possible but I’m not sure the U.S. government is currently functional enough to do anything about this.

And now we understand why they do that.

Apple uses “privacy” as a marketing term. They market themselves as protecting your “privacy” from advertisers unlike Google.

Apple open complies with all data requests from government agencies and law enforcement. It is not a hard process for law enforcement to get someone’s iCloud data with a warrant.

https://www.apple.com/privacy/government-information-request...