Source: Apple
Apple Makes It Harder for Police to Access Your Push Notifications
Submitted 11 months ago by celmit@lemmy.ca to technology@lemmy.world
https://gizmodo.com/apple-harder-police-access-your-push-notifications-1851095527
Comments
BlackSkinnedJew@lemmynsfw.com 11 months ago
Ghostalmedia@lemmy.world 11 months ago
IMHO, they have much more to lose if they decide to start getting shady around privacy and security stuff in western nations. They’ve sunk too much money into building a brand around privacy and security.
BlackSkinnedJew@lemmynsfw.com 11 months ago
Apple it’s very far away of being a brand of privacy and security.
drahardja@lemmy.world 11 months ago
The article is incorrect in equating Apple’s stance to Google’s. As far as I can tell Google does not require a warrant, only a subpoena (which doesn’t require a judge’s review), while Apple’s change does require a court order or a warrant, both of which require a judge to sign off.
Ghostalmedia@lemmy.world 11 months ago
From Google
Requests from US government agencies in civil, administrative, and criminal cases
The Fourth Amendment to the US Constitution and the Electronic Communications Privacy Act (ECPA) restrict the government’s ability to force a provider to disclose user information. US authorities must at least do the following:
In all cases: Issue a subpoena to compel disclosure of basic subscriber registration information and certain IP addresses In criminal cases Get a court order to compel disclosure of non-content records, such as the To, From, CC, BCC, and Timestamp fields in emails Get a search warrant to compel disclosure of the content of communications, such as email messages, documents, and photos
lazynooblet@lazysoci.al 11 months ago
Thank you for the facts.
catastrophicblues@lemmy.ca 11 months ago
A good step, but seems like spilled milk after the previous news.
ngons@feddit.nu 11 months ago
How do people read giz? I block the ads, but still there’s a sticky video overlay, and “related” links everywhere… unreadable
lazynooblet@lazysoci.al 11 months ago
I’m using pihole for DNS and ublock for Firefox on android and I get no adverts.
Rai@lemmy.dbzer0.com 11 months ago
Saaaame and the stupid video still follows me.
Lotta white space.
I can see why these web sites are dying.
ItsComplicated@sh.itjust.works 11 months ago
Would it be possible for Apple to just encrypt this data or, not keep this data? Then there would be nothing to give law enforcement or government. (Forgive my ignorance, I have no idea how all this works.)
kirklennon@kbin.social 11 months ago
The developer of the app sends the push notification through Apple's service. Developers have always been able to encrypt it, at which point it can be decrypted only by their app, but not all developers do this. There's also still limited metadata about the fact that a notification was sent, even if the contents are encrypted.
ItsComplicated@sh.itjust.works 11 months ago
Would it not make more sense to remove metadata and not even collect it? Maybe have an encrypted protocol for push notifications all developers use regardless of the app?
gregorum@lemm.ee 11 months ago
It’s possible that they could encrypt and anonymize this data with yet another set of tokenization, but that would be quite an effort on their part. As for not keeping the data, the mid data, itself, is necessary in order to coordinate the sending and delivery of push notifications between apps, services, and your devices. It needs to exist.
autotldr@lemmings.world [bot] 11 months ago
This is the best summary I could come up with:
Senator Ron Wyden wrote a letter to the Department of Justice last week accusing foreign governments of spying on Americans through push notification data.
Senator Wyden says Apple was “doing the right thing by matching Google and requiring a court order to hand over push notification-related data,” in a statement to Reuters Tuesday.
This metadata flows through Google and Apple’s servers and could be used by law enforcement to expose the true identities of anonymous online users.
If a government wants information to associate an APN token with your Apple ID, those “records may be obtained with an order under 18 USC 3703(d) or a search warrant.” Both of these provisions require a judge’s consent to hand over this data but call into question how easy it was for law enforcement to access it in the past.
As Wyden calls out in his statement today, Apple’s update matches Google’s language in its Privacy and Terms, which also requires a subpoena or court order to hand over metadata about users.
Google was the first to publish a transparency report detailing how many government requests the company receives for disclosing user information.
The original article contains 345 words, the summary contains 189 words. Saved 45%. I’m a bot and I’m open source!
Fades@lemmy.world 11 months ago
Your move googs
ChiefGhost295@lemmy.one 11 months ago
Read the article. Google already requires a warrant before handing out this data.
Earthwormjim91@lemmy.world 11 months ago
Google only requires a subpoena.
firecat@kbin.social 11 months ago
That’s the problem, I don’t want Google to have my messages. It should in fact be in my phone.
LWD@lemm.ee 11 months ago
[deleted]tsonfeir@lemm.ee 11 months ago
Google doesn’t require a warrant, Apple does.
gregorum@lemm.ee 11 months ago
Since google wasn’t require a court order before this (like Apple), I’m not sure how this makes them better. From this statement, both Google and Apple will be moving forward with a legal requirement to access this metadata in the future. They seem to be doing this together.
random65837@lemmy.world 11 months ago
Google has always had good privacy and security, it just doesn’t apply to them! Which is the problem.
tsonfeir@lemm.ee 11 months ago
But they’ll sell it to you.
Cossty@lemmy.world 11 months ago
I have zero Google services on my phone only microG. Does police still have access to my push notifications if they ask for it?
KairuByte@lemmy.dbzer0.com 11 months ago
It’s not the services, it’s the push notification itself. It’s like a book, where the push notification is the cover, and the app is the pages. The government can’t open the book, but they are able to look at the cover all they want.
This is apples move towards putting a cover on top of the books cover… kinda. The metaphor breaks down when you get into what Apple is doing here to be honest.
registrert@lemmy.sambands.net 11 months ago
gmsCore (microG) is an open source way of using Google Services.
You re-implemented Google Services (albeit open source instead of proprietary), from what I understand you’re exactly as vulnerable as everyone else - But you have a giant “I’m trying to hide!” sign painted on your account.
chemicalwonka@discuss.tchncs.de 11 months ago
Because Apple doesn’t like competitors
Teknikal@lemm.ee 11 months ago
Shouldn’t it be impossible for them to even be able to hand over your notifications in the first damn place.
There’s no reason I can think off that they should even have this info.
gregorum@lemm.ee 11 months ago
it’s up to individual app developers to encrypt the data in their push notifications. as for the data about the notifications (the metadata stored on Apple’s/Google’s servers), that would end up being mostly useless if it were just a block of timestamped and encrypted data sitting on Apple’s or Google’s servers. Presently, that data often also includes the full notification contents, unencrypted.
But when those companies get a court order/subpoena, they have no choice but to cooperate.
towerful@programming.dev 11 months ago
The metadata is actually quite important.
Sure, chances are it’s a “pending WhatsApp message” notification, but not the actual contents of the message.
However, with enough metadata and by surveying traffic from WhatsApp data centers, someone could see User A accessed WhatsApps service, which generated a WhatsApp notification for User B.
That might just be a coincidence, but with enough data and time, the probability that User A is talking to User B can be increased.
If it also shows that Users C, D and E also get notifications at the same time, it is likely that all those users are in a group chat together.
It’s called a timing attack.
And perhaps it isn’t enough evidence to stand up in court, it can help build the profile of the users, and guide investigations to other possible accomplices.
Steve@communick.news 11 months ago
But why would a copy of the notification history exist outside of the phone itself? I can’t think of a reason why notifications should be collected at all.
zeluko@kbin.social 11 months ago
If you are only interested in the data, sure.
But metadata is also very powerful, specially when aggregated