Now get rid of it
Right? Either get rid of it or make the notification say “the feds are tracking you now babbyyyy😎”
They need to implement an Orange dot like when its recording you that tells you you’re being tracked or they are listening and parsing your shit. Fucking sunlight is the best disinfectant, not some Privacy Transparency thing buried in the depths of Settings 3-4 levels deep
Right? It shouldn’t be that hard. It should be possible to enable E2EE for this using a private / public key approach, where the app delivering notifications encrypts them using a private key unknown to Apple, but it’s encrypted such that all the devices receiving the notifications can decrypt the notifications.
Also, for anyone really worried about this, there are modified versions of Android that avoid using any cloud notification features (including the Google one that spies just like Apple’s). I know that doesn’t help if you want to use an iPhone, but phones do exist that bypass this whole thing. It’s also one of the reasons I wish Apple would open up iPhone more. Why do I get the option to remove the spying features on Android but not iOS?
If you follow a link on that page that says “coverage from yesterday” it reveals why anyone would want your push notification info:
But push data can still reveal a lot about you. Even push notifications from apps as innocuous as food delivery services might reveal where a delivery is coming from, and therefore your approximate location. An Uber notification might contain a message from a driver telling you where to meet. And so on.
Patterns of data could also reveal a lot. For example, if a foreign government was obtaining your iMessage push data – and that of one of your contacts – then even without the actual message content, they could see the two of you were exchanging lot of messages on a particular day. That could be tied to known events to draw conclusions about the likely content of those messages.
For example, imagine a US journalist exchanging messages with a Chinese whistleblower about human rights abuses. A report on the abuses appears today, and the push data shows that the source and journalist exchanged many back-and-forth messages yesterday. That could easily be enough to confirm the source of the leak.
I think there are more elegant ways to glean much more useful information about a target but in an attack I guess all data is valuable. The article doesn’t specify how long this has been going on or exactly which governments have been requesting data about who, which would be interesting to know.
