Leaked: The Feds Can See Your Notifications
Vložit
- čas přidán 2. 06. 2024
- 👉 Free $100 Cloud Computing Credit
seytonic.cc/linode
0:00 The Feds Can Do What?!
0:19 How This Works?
2:09 Don't Blame The Tech Giants
3:29 Prevention
Sources:
www.macrumors.com/2023/12/06/...
www.reuters.com/technology/cy...
forums.macrumors.com/threads/...
www.engadget.com/apple-and-go...
appleinsider.com/articles/23/...
blog.davidlibeau.fr/push-noti...
===============================================
My Website: www.seytonic.com/
Follow me on TWTR: / seytonic
Follow me on INSTA: / jhonti
=============================================== - Zábava
"Privacy is a fundamental human right. It's also one of our core values", said Apple 😂
Such bastards, they've been exposed for selling users data but always say they value our privacy. Disgusting.
At this point, anyone who buys an apple product will believe anything they make up.
It’s not entirely Apple’s fault. Both them and Google were forced into doing this and keeping quiet. If they wouldn’t’ve they could’ve lost huge markets, especially Apple since North America, specifically the US, is their biggest market, not including the unspecified “allies of the US” that were also practising the same behaviour the US DOJ is.
Dipshit it's Google too. And the feds were making them both shut up about it.
@@tdrg_ They could've said that they aren't allowed to disclose it, no? And how can the govt. force a company to do this? They can just tell anyone to just say nothing! They could secretly remove their claims about privacy being a human right and people would notice.
Basically if you want to commit crime, stick to pen and paper
Worked for Hamas
Make sure you are not using those flithy ballpoints and have got a cheap fountain pen
@@twilight9615apart from there's physical evidence??
@@twilight9615you're not familiar with the power of a lemon then, i.e. Invisible ink. Top that!
no its ultra genius @@twilight9615
I do not know that senator or what he does but I just gained mad respect for him. It‘s not often that a Senator discloses how the government spies on citizens.
Might have disclosed it by sheer incompetence
No it was an open letter from him
@@privateassman8839 you have sheer incompetence 🤦♀
Everybody spies on everybody. Not just governments. You are being spied on as you comment and read these comments.
Senator ron wydens an og. He might be a bit crazy in other areas but he does genuinely give a shit about the tech and privacy sector.
oh look, there goes my trust in the government, wait it's already gone
Cry about it, appleman
@@koghs bruv
@@koghs I'm and androit guy but android also spies....
Look; most of us are safe. But that’s not enough. DOJ’s practices are somewhat both understandable and overkill, expected and surprising. Neither Apple nor Google had a choice.
@@koghsyes because its our phones not the government 🗿
Do we even know to a reasonable degree disabling push notifications would prevent this?
From a surveillance perspective you wouldn't want something so easily turned off. Makes me wonder if disabling push notification only stops you from getting it on your end but the test of it still plays out exactly the same.
It depends on the app in question. More privacy-focused apps allow to disable notifications from being sent completely.
If you use microg you could disable apps from using them altogether
They're surveiling millions of people. It doesn't matter if some of them turn this surveillance method off, its feds. They have many other ways to get your data.
That’s what I said too. Your phone just refuses the push but it probably still goes to the servers.
It should be possible to tell if data still gets sent to apple / google even when you have push notifications disabled, there's no way they could get away with that, someone would've already noticed
As a bonus: turning off notifications restores your attention to your life where you can set times for checking messages and social when it's appropriate. No need to have a device demand your attention.
Ok gramps. Let's get you back to bed.
@@n0mad385what a stupid take. I've had notifications off for years. Must be hard for coomsoomers to do
@@n0mad385 what he says is true, no one should immediately jump at a notification anyways, i only respond when i'm able to, usually ~20mins after.
@@n0mad385 ???
@@n0mad385hes right and you had no reason to insult him. if you want to be a slave to a device go ahead. but going about, insulting people because y00 4r3 an addicted selfmade slave, is rather petty and borderline sad.
You could tell me tomorrow that the feds have full access to every file on your phone. Even system and app files that Apple and Android try to hide from users, and I wouldn’t be the least bit surprised.
I would, because that's impossible based upon android's current architecture. You've obviously never had much interaction with AOSP or software development in general, and it shows. You really don't have to worry about this unless you're using iOS.
@@RokeJulianLockhart.s13ouq wait until this shows up on the news
@@RokeJulianLockhart.s13ouqtell me you are naive right out telling me you are naive
they do and anybody who thinks thats not possible is a fucking idiot backdoors are built in the HARDWARE no software can protect your info data or privacy the us government would never allow a product that cant be invaded to be sold why do you think most phone batteries cant be removed anymore why every little thing requires a phone number these days every single little thing out there is against us to spy on and control us as a population there are no accidents or coincidences its all carefully planned going off grid with nothing wont help either then you just get a personal drone you get to share with everyone else they want to watch in a 40 mile radius
You don't even need direct access to files to snoop. Anything wireless is prone to MITM attacks. Even if you're at home and using a wired connection, without a VPN your ISP is acting as a MITM between your browsing and if the feds send them a subpoena they're probably not going to stand in the way to protect you.
I like how signal devs are consistently 1 step ahead at all times
To be honest, this just shines more light on the problem. It's open information that notifications go through cloud servers (read about GCM and FCM) and the fact that they're unencrypted was also not hidden.
The fact that governments try to get all the data that's even possibly available to them should be understood by default.
@@Versette The creator of a privacy-focused messaging app can avoid push notifications going through Google or Apple servers by setting up a WebSocket that is only accessed while the app is open and Polling for timed/intermittent checks for new messages while the app is closed, and neither of these setups degrade the ability to send E2EE messages...
It literally doesn't matter whether your notifications or messages are encrypted if your threat model is government. They can just read the e2e encrypted message when they get decrypted on your phone. Like yeah your data isn't readable in their servers but they have full control over your devices so they don't need to be able to read them while passing their servers.
@@luimu How the hell would the government have full control over my devices?
@@luimu Not quite how it works.
It's possible if they have physical access to your device (reading it from memory for example), but how would they do it remotely without sending any requests, etc.?
You can get a local MITM proxy or use a traffic monitoring tool like Wireshark to check all connections on message arrival.
if I had a dollar for every time someone said "the feds can see you do this" I would have enough money to buy the FBI.
i used to be afraid of this stuff, id even cover my webcam as a kid. luckily i got over this fear, i realised theres much better people to be watching. the fbi or hacker would get bored
@@stjeepright until some criminal hacker plants notifications to frame you for their crimes.
Never forget that the false conviction rate is above 6%, anyone could be one of the lucky 2000+ that get behind bars for the crimes of others.
@@BugsBunns the chances of this happening to me are very low, i think ill take my chances
That explains why I haven't gotten any notifications since I disabled Google Play services.
@@contradictorycrow4327 Nah, it's for optimization
Don't worry guys, push notifications have been around for 14+ years and you're JUST now hearing about this. That must mean they completely respect you're privacy!
/s
10000 years
your*
@@oggunlukarmy4901 👍🏾
@@oggunlukarmy4901 Both of them works fine
Did you autograph your comment?
Another way to help with this is to delay notifications by a random amount of time. It likely would only mitigate the issue, but it'd be a step towards making it harder.
I am going to start setting that up, thank you.
My phone does this by default by sending me the notification at random, or until I open the app...:(
@@DenOfTimbsllcAre you an app developer?
@@DenOfTimbsllc The creator of a privacy-focused messaging app can avoid push notifications going through Google or Apple servers by setting up a WebSocket that is only accessed while the app is open and Polling for timed/intermittent checks for new messages while the app is closed, and neither of these setups degrade the ability to send E2EE messages...
@@johnchristian7788, leaning to be one. Why do you ask?
If they're storing my notification history anyway, they should let me access it so I can see what that notification I accidentally swiped away before I could read it said lmao
Depending on your phone you can enable notification history which allows you to see all the notifications you had even if you swiped them away ;)
@@jean-lucsedits4319 That is true, but unfortunately I have an iPhone right now. Man I miss Android lol
HOLY COW WHAT
Not surprising, but still concerning they are spying.
Push notifications need to be e2e encrypted and include the app type as such, that way at most the metadata would include the timestamp, but not application. Option for delaying/grouping would be nice too, say you want apple to group all your notifications every 15 mins and only send one bigger one, that would effectively make the timestamps pointless.
They’ve been spying for almost 20 years on your devices at this point.
Even if there was actual encryption I wouldn’t doubt the U.S. wouldn’t have a backdoor into it and find a way to get data anyways. They know how to pull strings.
It's problematic to implement, because notification servers need to somehow know how to route these notifications. One of the possible solutions to anonymize data about user and used app would be to use asymmetric keypairs for identification and encryption. But even then, notification server would know IP of server sending notification and IP of user receiving it, so we can't really hide app's or user's identity here. Grouping notifications can be implemented as a security option, but this would lead to important notifications being delayed, which can be problematic in work scenarios. And anyway, this should be implemented on the app servers side, not in the notification servers, as we can't really trust them
all of these can be implemented by the app developer, well except which app it is for. but yes delaying/grouping should effectively solve it, but then again it defeats the purpose of push notifications, might as well just use on device checking at that point
That stuff needs to be implemented by the App developers. The app or at least developer can probably never be anonymised, because not every random is supposed to send you a notification as app xyz or spam your phone with invalid messages. So there needs to be some verification/authentication.
Delaying/grouping on Googles/Apples side would make no sense too, they would still have logs when the message actually arrived.
@@Rikonardo The creator of a privacy-focused messaging app can avoid push notifications going through Google or Apple servers by setting up a WebSocket that is only accessed while the app is open and Polling for timed/intermittent checks for new messages while the app is closed, and neither of these setups degrade the ability to send E2EE messages...
Apple is so secure, Tim Apple said so, it has to be true.
yeah but the iphone 18 has 6 cameras and its only 2 years behind androids and 2,000$ so it has to be good he knows what hes doing
More secure than Google’s completely unencrypted cloud storage on Android though. Apple has a TNO (trust no-one) encryption option for iCloud storage. Does Google offer that?
Apple be cooked?
lol 😂
@daniellundqvist2926 let Tim Cook
there are open source push notification servers, it would be best for apps to offer the option to specify the server to use.
If you stick to only installing software via F-Droid, most there will use Ntfy.
At least on iOS, they can’t. It’s against apple’s app store guidelines. And honestly, that’s not the real fix. The fix would be to end-to-end encrypt push notifications properly and to deliver them in a way that’s not easily tied to timing side channels (e.g. delaying them a bit when flagged as sensitive)
No, unless they changed it, even with your own server Apple still has to receive a request when you do it.
Firebase Cloud Messaging (FCM) is the only Google approved way to send push messages to Android devices.
For Apple, the request has to go to their Apple Push Notification (APN) server, and there is no way around this.
It is entirely possible. But lets say everyone is ready to switch to that open-source push-notification service. But who will be hosting it? Where will they get the funding to deliver notifications as fast as google or apple? And how will they prevent feds from requesting data? (remember that services are legally required to disclose the data they hold)
@@FlorianWendelborn it just widens the time window a bit, with enough data you can still correlate between user activity in app and sent notifications. And adding too big of a delay would lead to a lot of problems.
The real solution is to get rid of notifications servers entirely. While keeping direct connection with multiple servers were expensive back in the days, with modern efficient CPUs and much bigger batteries it is no longer that problematic. There is no need for the app to run in background, we can simply make existing notification service manage multiple connections at the same time and wake the apps up when needed.
Adoption of IPv6 will also play a big role, as it will allow using on-demand UDP packets instead of keeping relatively expensive TCP/QUIC connections open 24/7.
Well, that's what happens when people don't pay attention to what the Patriot act is allowed the government to do, Apple got screwed over because people didn't fight back against the Patriot act, which allows the government to do this kind of nonsense. I honestly kind of feel bad for both of them because it makes them look worse than it does the government, despite the fact it's the government that's doing it, and not them.
"If you arent doing anything dodgy you have nothing to worry about" doesn't cut it anymore - The lack of awareness of the average person to the erosion of their rights is staggering.
Why do you blame the people? Do you think our societies are actually democratic 😂
@@EggEnjoyer Exactly - Its being eroded slowly over time - which proves my point. Look up boiling frog.
@@paulw7404, amen! We really to start fighting for our rights again.
@@EggEnjoyer , Clearly you didn’t understand why our founding fathers fought so hard for the rights of all people. I suggest you go back and read the Constitution.
Just wish people will refuse and STAND UP!!!!!!!
So, the only solution I can think of is, for app developers to just have some sort of notification delay, and pad in fake notifications that doesn’t show up.
Feels like a lot of work, but can potentially eliminate the possibility of the timestamp attack demonstrated.
And turning push notifications off on system level doesn’t mean the app server won’t send them to APNS anyway, just means you won’t receive them, so there is really no point.
FCM or APNS needs the token to publish a notification. If the user did not consent to push notification, the app did not have an FCM/APNS token to associate to the user/device, then how can the app try to publish the notification via FCM/APNS? Honest question, I have little knowledge about this, just read how they work in chatGPT.
@@malemmutum5049I can't quite remember since I've implemented a notification system a year ago or so, but I'm 99% sure that the token isn't tied to notification permission. You can also use the FCM/apns Network to deliver data notifications. In the end, the data packets (not necessarily push notification) are sent to your app and the app decides when and how to display them. Usually it's immediate with the given title and body of the notification, but it doesn't have to be.
@@malemmutum5049 I can’t say anything for android, but as an iOS developer, thats not entirely true
While you do need a device token for APNS, the user doesn’t have to consent to push notifications for you to receive that token
APNS enables developers to send “silent” notifications to phones, that notify the app of some new available content that should be downloaded even if the app is not open (first example i can think of could be updating a widget)
since these “notifications” aren’t visible to the user, they don’t need explicit permission, but still require the device token, therefore there has to be a way to get that without notification permissions
@@malemmutum5049interested in a response to this
@@malemmutum5049This is true, well at least for GPS (google play services). When I developed an app, if I couldn't request the devices token for sending notifications I just assume that they don't have GPS installed. I'm not sure how it works with apple though. An app knows if you enable or disable notifications as well, so I highly doubt if you disable notifications they're still going to attempt to send them as it's just going to waste bandwidth.
bold of them to assume i will get notifications
Turning push notifications off would not solve anything right, since that's only an OS specific option (the phone receives the notification that a new message is available, but doesn't create a notification for you on the local device).
The alternative is, delete the app and use the service in the browser, with a vpn. Sacrificing live notifications probably isn’t that big a deal if there’s information you want kept from the feds.
So happy I found this channel at the start of the year, such great content and such high quality production, keep up the good work mate we all appreciate it 🤝
It's funny to see how people are afraid of Tiktok and/or any chinese related software. But at the same time, after so many occurrences like that, people still put confidence on american software.
Its a matter of who has the data, I am less concerned when my own government has info on me then a foreign actor whos motives are well displayed to not be within my best interest. In the same vain, I would rather the US government has info on me then a private for profit company
Thank you Senator Ron Wyden
"We are proud to introduce lockdown mode"
Subscribed! Great content, although not surprising this has been going on for years.
What else do people need to experience to realize theyre not focusing on just criminality? And theyre not there to help you, but rather negatively affect your life? They know everything but allow the crimes that affect the innocent on a mass basis. That doesn't scream we're here to protect you, not like protection is even a right anyone but yourself has over your own safety. While they move to restrict more and more of the personal protection from being used.. Its just mind boggling people think this modern government is your ally.
Your name is literally "nwerd," get off that podium.
Democratic governments have good reason to keep you happy, which might not make them your ally, but for sure not your enemy either.
@@JaMaMaa1 And yours is a meme, get off that high horse yourself buddy, maybe when you grow up you'll realize exercising free speech has nothing to do with ones character.
@@Aci_yt its not really "democratic" its a heavily heavily socialized version of faux capitalism. A more free market would be in everyone's benefit that's why theyre not committed to it.
Social democrats are not anyones ally, they'll use anything to grab a hold of power.
im from the government and im here to help
This makes more sense now after I worked in a school with an MDM solution that required you sign in to an apple portal and update the push notification certificate details every 180 / 365 days ... Scary though!
Definitely going to be a bunch of people switching to de-googled phones after this
You mean Apple? Google is probably even worse, haha. Use an Android phone with a custom open source OS if you care about security.
@@DanniDuckthat's what a degoogled phone is. Android without the Google spyware.
@@DanniDuckDo you know de-googled android is?
@@Redwan777100% COMPLETELY IF ITS A COMPLETELY OPEN SOURCE OS VERSION THAT CAN BE 100% FLOWCHARTED DECOMPILED & SUM CHECKED FROM FRONT TO BACK YOU IDIOT ..........
Is this your burner account Rob Braxman?
Turning off push notifications won’t work, I believe that only turns off notifications client side. The app still sends out the push notification to apples servers, your phone just refuses them. Doesn’t that mean they could still get linked?
This is why good opsec is important. This type of thing is of limited usefulness in and of itself. It does, however, become a really powerful tool when combined with other security flaws, such as associating with sloppy idiots.
Think of it another way - the Enigma is secure as long as you never transmit identical messages with different settings. Guess what the Germans did repeatedly during the war... Yeh, defeated by the humble weather report, transmitted every morning like clockwork. The Bletchley Park team couldn't have asked for a better f-ck up.
Sorry what? Context on the WW2 German bit?
@@AccountHolder007 The Bletchley Park team (OG glow boys) used known keywords, such as "Weather report" (in German obvs), transmitted on a known schedule (at the crack of dawn or something like that) to more or less entirely automate the bruteforcing of the day's Enigma settings. They'd have that ready within a few hours and could then decode the whole day's traffic. The machine they used for that was called The Bombe (named after the Polish Bomba, the first proper go at breaking that stuff). It was designed (and IIRC also mostly built) by Alan Turing himself.
A bad, but not completely abhorent implementation (key flaw - couldn't encode a letter as itself, that made cryptanalysis much easier), coupled with hideous opsec, cost those idiots their secrecy.
Apparently their implementation of the Lorenz cipher was even worse, and one of the mathemagicians at Bletchley managed to completely reverse engineer the key logic just by cryptanalysis. Again, bad opsec didn't help the nazis. From time to time they'd have to retransmit a message, which would be sent using the exact same key, but with slight variations in the message itself. That allowed the team to reveal parts of the key sequence. Again though, it's the automated bruteforcing that ultimately made their work useful to the war effort. The Lorenz cipher needed a much more piwerful machine though, so a guy who worked at the General Post Office built them a digital computer out of thermionic valves. It was aptly named Colossus and pre-dates the American electronic digital computers by some years, but the British saw fit to keep it secret until quite recently rather than claim credit for the invention. Also I think the guy who built it got sacked from the GPO after having a heated argument with his boss about building valve-based automated phone exchanges. Those would have been child's play after building the Colossus, but that couldn"t be disclosed under the official secrets act, so the short-sighted idiots killed the project before it could start. Deemed "too difficult" and a "waste of resource". Come to think of it, maybe the guy just rage quit after that meeting. I would have.
The whole secrecy thing didn't end there though. For decades no one knew about the team at Bletchley Park or what they did. Alan Turing was chemically castrated in the '50s for being gay and ended himself shortly thereafter. Most of the others got next to no recognition while they were alive either, and their work was never given a chance to benefit the nation & humanity, on account of being kept secret until it was long obsolete. I suppose if the British had their way, the same thing would have happened to AES, RSA, and all the others too.
Anyway the Computerphile channel has a LOT of material on this WW2 stuff, it's worth a binge.
There is some stuff can be done by apps to help prevent this, for example using their own servers to push notifications, always encrypt data, try to send notifications at specific timestamp for everyone (instead of instantly sending in a pool every 5sec)
the feds also have back doored ALL your cpu chips inside of all your computers........ welcome to reality people LOL
Time to turn off notification on everything
You realize that just keeps *you* from seeing the notification - it doesn't prevent them from being generated and sent to you. 🥸
I've said so many times to avoid any apps as much as possible (not only because of this -- but because a lot of them never get updated on time, use outdated APIs, etc) and this pretty much verifies all my suspicions.
i already did this because i dont need 99% of my notifications excrpt viber lmao
i am so surprised!!! look at my shocked face!!😮
who did not see this classic coming?
I imagine hearing Edward Snowden saying: "I tried to tell you this back in 2013".
Thanks for the vod. I do hate feeding this part of my brain though...... 😮💨
There are billions of people with phones, why should I be worried???
love your channel. i don't have push notifications on anyway
the right answer only if you run Graphene with Briar or Session with no GMS
So how does this work for notifications from Android apps that aren't on the Play Store (F-Droid, etc) and don't use Google Play Services? And what about de-Googled phones or using a DNS not run by Google?
From what I understand, distros like Graphene use a proxy account with googles servers to push notifications. So it's pretty much pooled with a bunch of other users. I could be wrong though so do some research.
On standard android (the one pre-installed on your phone), you would almost certainly be at risk. Google has such a low level control that I wouldn't trust any "removal" of google play, services, etc. Merely installing an app via Fdroid, Aurora, or sideloading would not prevent the app from calling out to google's servers for notifications.
On alternative android systems such as GrapheneOS, it depends on how you set it up. As long as you don't use google play services and don't have it installed you are fine. In the case of something like GrapheneOS, by default it does not have it installed and therefore would not reach out to google's servers for notifications, which is why you may notice that notifications don't work on some apps. It depends on if the developer only implemented the google approach or another approach as well. If you do have google services installed and enabled, then you would likely still be at risk, even with GrapheneOS restrictions on google's control within your device, at the end of the day it would still be hitting google's servers (to my knowledge). I'm not as knowledgeable about other android projects, but I would assume this applies pretty much across the board (if google is not installed, you are safe).
No google framework -> no notifications. Idk about graphine, speaking from LineageOS experience. However there are apps like telegram and langis (signal with a patch) which do somewhat work.
@@liquidsky7-bb8pc True, I hadn't considered firewall or dns blocking, both of which would fix this. Though for people that want out of the box solutions, I think that can be a little more daunting than a de-googled phone, though that's highly subjective. Great point either way!
great vid
Even if you turn off push notifications, apps sometimes send the data to apples server to attempt to send push notification.
sweet part here is in the US the 4th amendment prevents this data from being used in court.
hahahahhahaahhhahaha. The feds do not respect their own laws. Also, they can just purchase the metrics and data from Apple or Google therefore bypassing the 4th amendment. They do this all the time IE: geofencing data and warrants. Also, the data can come from one of the 5 eyes countries. The US constitution has been turned into toilet paper by the wealthy.
your implying courts will be fair enough to people to accept that defense 😂
It doesn't apply since law enforcement can request this data from the company's servers instead of the individual's phone.
I feel really bad for anyone who thought otherwise. They have hard lives ahead of them.
The things is, why am I not shocked or surprised?
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
would be interesting to know about the updated apple transparency report and google if any
So you turn off your notification? 😂 I’ve been doing that for years
That's actually scary.
very helpful
I’m glad have had push notification off for years now , but that’s more for keeping the sneaky links on dl
A partial solution would be to send push notification's at a random offset as a setting in apps a better one would be to have the trade off of battery life.
And we’re surprised because no one remembered Edward Snowden I guess.
I wonder though, how is it possible to recieve notifications while not connected to the internet, if all notifications have to go through servers?
They don't have to. Apps can create their own local notifcations. This is for server-to-app pings
Of course they can.
I thought push notifications work simply by connecting to each app server. I didn't know that google/apple were in the middle of this system too!
honestly i only knew because I was getting discord notifications behind a firewall
@@bitten2up wait... I use dns filtering and my discord notification never appearing, what was the domain? is it owned by google or discord?
@@bitten2upYou pay for notifications?
@@prabhsaini1 tf
Certified apple moment, again
Certified government moment tbh
its literally the same with google and all because of the govt so idk what you're on about
@@Samstercraft77 to be fair, google and privacy is something everybody knows to not exist. But google themself actually give us the possibility to degoogle our androids and make it as private/secure as we want. Good luck trying to deapple a I-Phone or flashing a custom ROM onto it.
so turn off all push notifications for privacy focused tasks
This is UNACCEPTABLE!
Let’s get it boys.
I remember this technology being used on I94 in Chicago..
Signal can add a 1-5 second delay before sending a notification
So much for the "Apple is more secure" myth
The creator of a privacy-focused messaging app can avoid push notifications going through Google or Apple servers by setting up a WebSocket that is only accessed while the app is open and Polling for timed/intermittent checks for new messages while the app is closed, and neither of these setups degrade the ability to send E2EE messages...
The point of push notifications is immediacy. Polling can only provide that if you want to drain your battery.
how did i miss your video on this lmao
I can see theirs too
Errr we are not forced to use APPLE or GOOGLE to send push notifications, there simpler to intergrate but a coupple apps i run and manage send there own push notifications via our own push server completely taking apple and google out of the loop.
It can be done, it should be done, but apple and googles default intergrations for using notifications and push notif, is so well done youd be mental almost to use anything else!
People don’t even know that there’s increased encryption and account security for iPhones phones and Apple accounts, or even where it is or how to turn it on.
Oh you expanded the comment?
Encryption: Account-iCloud-scroll to bottom-advanced data protection-read everything there-turn it on.
For more security you can make sure faceID requires your whole face and you to be looking at your phone to unlock it, as well as making sure nobody else’s face is stored in it. You can also enable lockdown mode if you want to, which makes it so that certain attack and surveillance vectors are no longer usable.
The person next to me on the train can see my notifications...
imagine having a group chat named something like 9 / 11;
"Two new messages in 9 / 11";
The FBI' already at your door
3:45 - Would it though? How is one server vs many a battery saver when the requests and data are the same?
Cant they just randomize when you get a notification within 2 minutes?
All recent Apple marketing is about privacy, this news leaves them in a bad position about their marketing
How are our politicians still alive?
NOTIFICATIONS SHOULD BE OPT-IN!
to fix that issue could be made if a messenger or other apps just send regular pings for everyone but this would reduce batterylife a bit
BTW that method if linking two datasources together like that (the push notification and the encrypted Signal chat) is called fingerprinting.
I will never find a reason to dislike Signal.
Yeah I always knew this. Now that the feds spoke up, my NDA is null. This has always been the case. From jump. Americans don't have a right to privacy. That unfortunately means EVERYONE using American made tech is impacted.
If you think the NSA doesn't know every goddamn thing you're doing, you're delulu.
Friends and family have gotten frustrated with me moving back to offline communication. I'm not sorry about this. It's necessary. You have no privacy online really. Operate accordingly.
Use GrapheneOS and something like a Murena. And turn off push notifs. Badges are enough. Or just make a habit of checking apps periodically. I only have sound alerts on and customize them per person or app when possible. Lots of stress reduction.
Apple was probably told not to announce this because “privacy” was their only selling point.
throwing my phone away and revoking citizenship i hate it here im moving to a secluded japanese mountain
is there really no alternative to google / apple push notifications? I faintly remember ungoogled android, like on the Fairphone, to have push notifications with apps like Threema.
“Big brother loves you”
It’s time for a privacy “bill of rights”.
Good thing that Huawei was banned based on suspicions! Your data is so safe now
GASP! NO!
LOL. I use a simple no smartphone Nokia. That number is with my bank account and gov services, so only works with classic SMS, and rarely I receive notificactions or even anwer that number.
I just dont understand, why you need to send your application notifications to a server and then back to the phone? This sound utterly stupid.
Because apps aren't allowed to stay running perpetually in the background keeping open connections on phones nowadays as a battery saving measure.
Hence the usage of Apple Push Notifications Service (APNS) or Firebase Cloud Messaging (FCM) to handle push notifications. Since the system itself keeps an open connection to apple/google servers which all push notifications are relayed through.
So all apps / services wishing to make use of push notifications, have to send it through that way.
Because, if the developer was able to send messages directly to the phone the phone would either need to expose something to the internet for the dev to connect to or the phone would need to make outgoing connections to servers owned by the devs. If the phone connected to the developer then the phone would need to maintain all of those connections to a bunch of different apps (so, if you had 100 apps on your phone, then you'd have to connect to 100 servers to check for notifications). Letting the dev connect to the phone would be very difficult but even if you did it anyways opening up a server on the phone which is accessible to the internet would open it up to attacks from anyone.
These reasons are odd. My apps send me information from the app, not from the internet or from a developer. Notifications are notifications, not messages as messages.
Just example, do you know how bad things goes if my email application on my desktop, sends information about new emails first to some odd notification server and then to the application own notification system? Nobody will use that email client, because security. So people are ok with this because battery save.. are you kidding me?
@@survivor303 Apps can also create local notifications. This is about apps that need to be notified by a server. They can't be open in the background all the time on a device with such a small battery, so something like this is used to solve that. Yes, people would rather have about 5 times the battery life than the ultimate privacy. Most people like convenience over privacy.
On android apps can at least still do it if you say the app can be open in the background in settings. On iOS it's actually completely impossible, all apps must use their notification gateway. I like that Android at least gives some amount of choice.
@@louis-lau ok.
I think that a pretty good PGP app idea would be to create an app that receives notifications for you and then sends push notifications that indicate that you have a notification from one of your accounts. It would not disclose what the notification is until you open the app to reveal which application you need to check. I think a good way to implement this would to use an API as a third party so that users can avoid receiving notifications on their phones from applications they would prefer the government does not see. I am sure there is a better way to explain this, but someone with more expertise could take the time to do that and even make the app themselves
Why can't the companies just... Ignore such vague government requests like "don't mention this and that it in your reports"? What can the government even do, legally? Sure, the government has the legal right to request the information when authorized by the court, as long as the company is registered within its jurisdiction and isn't protected by another country that has no respect to the US/UK/EU laws (i.e. every country that isn't in the "grey zone"), but this?
Afraid to have them mess with their bottom line in many ways. How much tax did Meta and G paid last year? Maybe they want to keep it like that...
I'm only ever surprised that everyone didn't already assume this was the case.
Signal does have an option to use it's own background process
I hope they can hear me too
Why can't they put a random delay in the push notification?
Apps can definitely do that. They'll just have to deal with all the users complaining about delayed notifications. It would need to be delayed by minutes to prevent the identity matching described in the video.
Would turn off your notifications even help though?
Using your example of a messaging app, the sender doesn't know wether the receiver(s) have mobile notifications on or off so the request is sent to Apple's servers anyways
I doubt it helps. YOU won't get pinged but Apple and Google WILL still get the notification.
@@CoreDreamStudios depends on the app. Disabling notifications in OS settings wouldn't do much in most cases, but in some apps you can disable push notifications right in the app, and this setting will be applied serverside.
It will be up to the devs of privacy focussed apps to implement push notifications in a way that you can disable them at the application level rather than the OS level. Turning them off in the OS won’t make any difference to the records in most cases.
why dont companies just hold the notifications and send all in one minute together? or maybe 5/10 second batch?
Question, why do they want to know what we are talking about or anything to do with our privacy on our cellphones, what need do they have to know this? What is it for? How can it help them in any way?
And this sort of thing is why I've alreadylong since given up any hope that anything I ever do will ever not be known by the government. I just live my life with that in mind and try to fly under the radar by being as uninteresting to the people who would have access to all this info as possible
Something messaging apps could do is set a random time for each message before the notification sent, obfuscating who is whi
Doesn't some apps use other system for notifications ? Like Threema or Session ?