Leaked: The Feds Can See Your Notifications

Such bastards, they've been exposed for selling users data but always say they value our privacy. Disgusting.

At this point, anyone who buys an apple product will believe anything they make up.

It’s not entirely Apple’s fault. Both them and Google were forced into doing this and keeping quiet. If they wouldn’t’ve they could’ve lost huge markets, especially Apple since North America, specifically the US, is their biggest market, not including the unspecified “allies of the US” that were also practising the same behaviour the US DOJ is.

Dipshit it's Google too. And the feds were making them both shut up about it.

@@tdrg_ They could've said that they aren't allowed to disclose it, no? And how can the govt. force a company to do this? They can just tell anyone to just say nothing! They could secretly remove their claims about privacy being a human right and people would notice.

Worked for Hamas

Make sure you are not using those flithy ballpoints and have got a cheap fountain pen

​@@twilight9615apart from there's physical evidence??

​@@twilight9615you're not familiar with the power of a lemon then, i.e. Invisible ink. Top that!

no its ultra genius @@twilight9615

Might have disclosed it by sheer incompetence

No it was an open letter from him

@@privateassman8839 you have sheer incompetence 🤦‍♀

Everybody spies on everybody. Not just governments. You are being spied on as you comment and read these comments.

Senator ron wydens an og. He might be a bit crazy in other areas but he does genuinely give a shit about the tech and privacy sector.

Cry about it, appleman

@@koghs bruv

@@koghs I'm and androit guy but android also spies....

Look; most of us are safe. But that’s not enough. DOJ’s practices are somewhat both understandable and overkill, expected and surprising. Neither Apple nor Google had a choice.

@@koghsyes because its our phones not the government 🗿

It depends on the app in question. More privacy-focused apps allow to disable notifications from being sent completely.

If you use microg you could disable apps from using them altogether

They're surveiling millions of people. It doesn't matter if some of them turn this surveillance method off, its feds. They have many other ways to get your data.

That’s what I said too. Your phone just refuses the push but it probably still goes to the servers.

It should be possible to tell if data still gets sent to apple / google even when you have push notifications disabled, there's no way they could get away with that, someone would've already noticed

Ok gramps. Let's get you back to bed.

​@@n0mad385what a stupid take. I've had notifications off for years. Must be hard for coomsoomers to do

@@n0mad385 what he says is true, no one should immediately jump at a notification anyways, i only respond when i'm able to, usually ~20mins after.

@@n0mad385 ???

​​@@n0mad385hes right and you had no reason to insult him. if you want to be a slave to a device go ahead. but going about, insulting people because y00 4r3 an addicted selfmade slave, is rather petty and borderline sad.

I would, because that's impossible based upon android's current architecture. You've obviously never had much interaction with AOSP or software development in general, and it shows. You really don't have to worry about this unless you're using iOS.

@@RokeJulianLockhart.s13ouq wait until this shows up on the news

@@RokeJulianLockhart.s13ouqtell me you are naive right out telling me you are naive

they do and anybody who thinks thats not possible is a fucking idiot backdoors are built in the HARDWARE no software can protect your info data or privacy the us government would never allow a product that cant be invaded to be sold why do you think most phone batteries cant be removed anymore why every little thing requires a phone number these days every single little thing out there is against us to spy on and control us as a population there are no accidents or coincidences its all carefully planned going off grid with nothing wont help either then you just get a personal drone you get to share with everyone else they want to watch in a 40 mile radius

You don't even need direct access to files to snoop. Anything wireless is prone to MITM attacks. Even if you're at home and using a wired connection, without a VPN your ISP is acting as a MITM between your browsing and if the feds send them a subpoena they're probably not going to stand in the way to protect you.

To be honest, this just shines more light on the problem. It's open information that notifications go through cloud servers (read about GCM and FCM) and the fact that they're unencrypted was also not hidden.
The fact that governments try to get all the data that's even possibly available to them should be understood by default.

@@Versette The creator of a privacy-focused messaging app can avoid push notifications going through Google or Apple servers by setting up a WebSocket that is only accessed while the app is open and Polling for timed/intermittent checks for new messages while the app is closed, and neither of these setups degrade the ability to send E2EE messages...

It literally doesn't matter whether your notifications or messages are encrypted if your threat model is government. They can just read the e2e encrypted message when they get decrypted on your phone. Like yeah your data isn't readable in their servers but they have full control over your devices so they don't need to be able to read them while passing their servers.

@@luimu How the hell would the government have full control over my devices?

@@luimu Not quite how it works.
It's possible if they have physical access to your device (reading it from memory for example), but how would they do it remotely without sending any requests, etc.?
You can get a local MITM proxy or use a traffic monitoring tool like Wireshark to check all connections on message arrival.

i used to be afraid of this stuff, id even cover my webcam as a kid. luckily i got over this fear, i realised theres much better people to be watching. the fbi or hacker would get bored

​@@stjeepright until some criminal hacker plants notifications to frame you for their crimes.
Never forget that the false conviction rate is above 6%, anyone could be one of the lucky 2000+ that get behind bars for the crimes of others.

@@BugsBunns the chances of this happening to me are very low, i think ill take my chances

@@contradictorycrow4327 Nah, it's for optimization

10000 years

your*

@@oggunlukarmy4901 👍🏾

@@oggunlukarmy4901 Both of them works fine

Did you autograph your comment?

I am going to start setting that up, thank you.

My phone does this by default by sending me the notification at random, or until I open the app...:(

​@@DenOfTimbsllcAre you an app developer?

@@DenOfTimbsllc The creator of a privacy-focused messaging app can avoid push notifications going through Google or Apple servers by setting up a WebSocket that is only accessed while the app is open and Polling for timed/intermittent checks for new messages while the app is closed, and neither of these setups degrade the ability to send E2EE messages...

@@johnchristian7788, leaning to be one. Why do you ask?

Depending on your phone you can enable notification history which allows you to see all the notifications you had even if you swiped them away ;)

@@jean-lucsedits4319 That is true, but unfortunately I have an iPhone right now. Man I miss Android lol

They’ve been spying for almost 20 years on your devices at this point.
Even if there was actual encryption I wouldn’t doubt the U.S. wouldn’t have a backdoor into it and find a way to get data anyways. They know how to pull strings.

It's problematic to implement, because notification servers need to somehow know how to route these notifications. One of the possible solutions to anonymize data about user and used app would be to use asymmetric keypairs for identification and encryption. But even then, notification server would know IP of server sending notification and IP of user receiving it, so we can't really hide app's or user's identity here. Grouping notifications can be implemented as a security option, but this would lead to important notifications being delayed, which can be problematic in work scenarios. And anyway, this should be implemented on the app servers side, not in the notification servers, as we can't really trust them

all of these can be implemented by the app developer, well except which app it is for. but yes delaying/grouping should effectively solve it, but then again it defeats the purpose of push notifications, might as well just use on device checking at that point

That stuff needs to be implemented by the App developers. The app or at least developer can probably never be anonymised, because not every random is supposed to send you a notification as app xyz or spam your phone with invalid messages. So there needs to be some verification/authentication.
Delaying/grouping on Googles/Apples side would make no sense too, they would still have logs when the message actually arrived.

@@Rikonardo The creator of a privacy-focused messaging app can avoid push notifications going through Google or Apple servers by setting up a WebSocket that is only accessed while the app is open and Polling for timed/intermittent checks for new messages while the app is closed, and neither of these setups degrade the ability to send E2EE messages...

yeah but the iphone 18 has 6 cameras and its only 2 years behind androids and 2,000$ so it has to be good he knows what hes doing

More secure than Google’s completely unencrypted cloud storage on Android though. Apple has a TNO (trust no-one) encryption option for iCloud storage. Does Google offer that?

Apple be cooked?

lol 😂

@daniellundqvist2926 let Tim Cook

If you stick to only installing software via F-Droid, most there will use Ntfy.

At least on iOS, they can’t. It’s against apple’s app store guidelines. And honestly, that’s not the real fix. The fix would be to end-to-end encrypt push notifications properly and to deliver them in a way that’s not easily tied to timing side channels (e.g. delaying them a bit when flagged as sensitive)

No, unless they changed it, even with your own server Apple still has to receive a request when you do it.
Firebase Cloud Messaging (FCM) is the only Google approved way to send push messages to Android devices.
For Apple, the request has to go to their Apple Push Notification (APN) server, and there is no way around this.

It is entirely possible. But lets say everyone is ready to switch to that open-source push-notification service. But who will be hosting it? Where will they get the funding to deliver notifications as fast as google or apple? And how will they prevent feds from requesting data? (remember that services are legally required to disclose the data they hold)

​@@FlorianWendelborn it just widens the time window a bit, with enough data you can still correlate between user activity in app and sent notifications. And adding too big of a delay would lead to a lot of problems.
The real solution is to get rid of notifications servers entirely. While keeping direct connection with multiple servers were expensive back in the days, with modern efficient CPUs and much bigger batteries it is no longer that problematic. There is no need for the app to run in background, we can simply make existing notification service manage multiple connections at the same time and wake the apps up when needed.
Adoption of IPv6 will also play a big role, as it will allow using on-demand UDP packets instead of keeping relatively expensive TCP/QUIC connections open 24/7.

"If you arent doing anything dodgy you have nothing to worry about" doesn't cut it anymore - The lack of awareness of the average person to the erosion of their rights is staggering.

Why do you blame the people? Do you think our societies are actually democratic 😂

​@@EggEnjoyer Exactly - Its being eroded slowly over time - which proves my point. Look up boiling frog.

@@paulw7404, amen! We really to start fighting for our rights again.

@@EggEnjoyer , Clearly you didn’t understand why our founding fathers fought so hard for the rights of all people. I suggest you go back and read the Constitution.

FCM or APNS needs the token to publish a notification. If the user did not consent to push notification, the app did not have an FCM/APNS token to associate to the user/device, then how can the app try to publish the notification via FCM/APNS? Honest question, I have little knowledge about this, just read how they work in chatGPT.

​@@malemmutum5049I can't quite remember since I've implemented a notification system a year ago or so, but I'm 99% sure that the token isn't tied to notification permission. You can also use the FCM/apns Network to deliver data notifications. In the end, the data packets (not necessarily push notification) are sent to your app and the app decides when and how to display them. Usually it's immediate with the given title and body of the notification, but it doesn't have to be.

⁠​⁠​⁠@@malemmutum5049 I can’t say anything for android, but as an iOS developer, thats not entirely true
While you do need a device token for APNS, the user doesn’t have to consent to push notifications for you to receive that token
APNS enables developers to send “silent” notifications to phones, that notify the app of some new available content that should be downloaded even if the app is not open (first example i can think of could be updating a widget)
since these “notifications” aren’t visible to the user, they don’t need explicit permission, but still require the device token, therefore there has to be a way to get that without notification permissions

@@malemmutum5049interested in a response to this

@@malemmutum5049This is true, well at least for GPS (google play services). When I developed an app, if I couldn't request the devices token for sending notifications I just assume that they don't have GPS installed. I'm not sure how it works with apple though. An app knows if you enable or disable notifications as well, so I highly doubt if you disable notifications they're still going to attempt to send them as it's just going to waste bandwidth.

The alternative is, delete the app and use the service in the browser, with a vpn. Sacrificing live notifications probably isn’t that big a deal if there’s information you want kept from the feds.

Its a matter of who has the data, I am less concerned when my own government has info on me then a foreign actor whos motives are well displayed to not be within my best interest. In the same vain, I would rather the US government has info on me then a private for profit company

Your name is literally "nwerd," get off that podium.

Democratic governments have good reason to keep you happy, which might not make them your ally, but for sure not your enemy either.

@@JaMaMaa1 And yours is a meme, get off that high horse yourself buddy, maybe when you grow up you'll realize exercising free speech has nothing to do with ones character.

@@Aci_yt its not really "democratic" its a heavily heavily socialized version of faux capitalism. A more free market would be in everyone's benefit that's why theyre not committed to it.
Social democrats are not anyones ally, they'll use anything to grab a hold of power.

im from the government and im here to help

You mean Apple? Google is probably even worse, haha. Use an Android phone with a custom open source OS if you care about security.

​@@DanniDuckthat's what a degoogled phone is. Android without the Google spyware.

​​​@@DanniDuckDo you know de-googled android is?

​​@@Redwan777100% COMPLETELY IF ITS A COMPLETELY OPEN SOURCE OS VERSION THAT CAN BE 100% FLOWCHARTED DECOMPILED & SUM CHECKED FROM FRONT TO BACK YOU IDIOT ..........

Is this your burner account Rob Braxman?

Sorry what? Context on the WW2 German bit?

@@AccountHolder007 The Bletchley Park team (OG glow boys) used known keywords, such as "Weather report" (in German obvs), transmitted on a known schedule (at the crack of dawn or something like that) to more or less entirely automate the bruteforcing of the day's Enigma settings. They'd have that ready within a few hours and could then decode the whole day's traffic. The machine they used for that was called The Bombe (named after the Polish Bomba, the first proper go at breaking that stuff). It was designed (and IIRC also mostly built) by Alan Turing himself.
A bad, but not completely abhorent implementation (key flaw - couldn't encode a letter as itself, that made cryptanalysis much easier), coupled with hideous opsec, cost those idiots their secrecy.
Apparently their implementation of the Lorenz cipher was even worse, and one of the mathemagicians at Bletchley managed to completely reverse engineer the key logic just by cryptanalysis. Again, bad opsec didn't help the nazis. From time to time they'd have to retransmit a message, which would be sent using the exact same key, but with slight variations in the message itself. That allowed the team to reveal parts of the key sequence. Again though, it's the automated bruteforcing that ultimately made their work useful to the war effort. The Lorenz cipher needed a much more piwerful machine though, so a guy who worked at the General Post Office built them a digital computer out of thermionic valves. It was aptly named Colossus and pre-dates the American electronic digital computers by some years, but the British saw fit to keep it secret until quite recently rather than claim credit for the invention. Also I think the guy who built it got sacked from the GPO after having a heated argument with his boss about building valve-based automated phone exchanges. Those would have been child's play after building the Colossus, but that couldn"t be disclosed under the official secrets act, so the short-sighted idiots killed the project before it could start. Deemed "too difficult" and a "waste of resource". Come to think of it, maybe the guy just rage quit after that meeting. I would have.
The whole secrecy thing didn't end there though. For decades no one knew about the team at Bletchley Park or what they did. Alan Turing was chemically castrated in the '50s for being gay and ended himself shortly thereafter. Most of the others got next to no recognition while they were alive either, and their work was never given a chance to benefit the nation & humanity, on account of being kept secret until it was long obsolete. I suppose if the British had their way, the same thing would have happened to AES, RSA, and all the others too.
Anyway the Computerphile channel has a LOT of material on this WW2 stuff, it's worth a binge.

You realize that just keeps *you* from seeing the notification - it doesn't prevent them from being generated and sent to you. 🥸

I've said so many times to avoid any apps as much as possible (not only because of this -- but because a lot of them never get updated on time, use outdated APIs, etc) and this pretty much verifies all my suspicions.

i already did this because i dont need 99% of my notifications excrpt viber lmao

the right answer only if you run Graphene with Briar or Session with no GMS

From what I understand, distros like Graphene use a proxy account with googles servers to push notifications. So it's pretty much pooled with a bunch of other users. I could be wrong though so do some research.

On standard android (the one pre-installed on your phone), you would almost certainly be at risk. Google has such a low level control that I wouldn't trust any "removal" of google play, services, etc. Merely installing an app via Fdroid, Aurora, or sideloading would not prevent the app from calling out to google's servers for notifications.
On alternative android systems such as GrapheneOS, it depends on how you set it up. As long as you don't use google play services and don't have it installed you are fine. In the case of something like GrapheneOS, by default it does not have it installed and therefore would not reach out to google's servers for notifications, which is why you may notice that notifications don't work on some apps. It depends on if the developer only implemented the google approach or another approach as well. If you do have google services installed and enabled, then you would likely still be at risk, even with GrapheneOS restrictions on google's control within your device, at the end of the day it would still be hitting google's servers (to my knowledge). I'm not as knowledgeable about other android projects, but I would assume this applies pretty much across the board (if google is not installed, you are safe).

No google framework -> no notifications. Idk about graphine, speaking from LineageOS experience. However there are apps like telegram and langis (signal with a patch) which do somewhat work.

@@liquidsky7-bb8pc True, I hadn't considered firewall or dns blocking, both of which would fix this. Though for people that want out of the box solutions, I think that can be a little more daunting than a de-googled phone, though that's highly subjective. Great point either way!

hahahahhahaahhhahaha. The feds do not respect their own laws. Also, they can just purchase the metrics and data from Apple or Google therefore bypassing the 4th amendment. They do this all the time IE: geofencing data and warrants. Also, the data can come from one of the 5 eyes countries. The US constitution has been turned into toilet paper by the wealthy.

your implying courts will be fair enough to people to accept that defense 😂

It doesn't apply since law enforcement can request this data from the company's servers instead of the individual's phone.

They don't have to. Apps can create their own local notifcations. This is for server-to-app pings

honestly i only knew because I was getting discord notifications behind a firewall

​@@bitten2up wait... I use dns filtering and my discord notification never appearing, what was the domain? is it owned by google or discord?

@@bitten2upYou pay for notifications?

@@prabhsaini1 tf

Certified government moment tbh

its literally the same with google and all because of the govt so idk what you're on about

@@Samstercraft77 to be fair, google and privacy is something everybody knows to not exist. But google themself actually give us the possibility to degoogle our androids and make it as private/secure as we want. Good luck trying to deapple a I-Phone or flashing a custom ROM onto it.

The point of push notifications is immediacy. Polling can only provide that if you want to drain your battery.

Because apps aren't allowed to stay running perpetually in the background keeping open connections on phones nowadays as a battery saving measure.
Hence the usage of Apple Push Notifications Service (APNS) or Firebase Cloud Messaging (FCM) to handle push notifications. Since the system itself keeps an open connection to apple/google servers which all push notifications are relayed through.
So all apps / services wishing to make use of push notifications, have to send it through that way.

Because, if the developer was able to send messages directly to the phone the phone would either need to expose something to the internet for the dev to connect to or the phone would need to make outgoing connections to servers owned by the devs. If the phone connected to the developer then the phone would need to maintain all of those connections to a bunch of different apps (so, if you had 100 apps on your phone, then you'd have to connect to 100 servers to check for notifications). Letting the dev connect to the phone would be very difficult but even if you did it anyways opening up a server on the phone which is accessible to the internet would open it up to attacks from anyone.

These reasons are odd. My apps send me information from the app, not from the internet or from a developer. Notifications are notifications, not messages as messages.
Just example, do you know how bad things goes if my email application on my desktop, sends information about new emails first to some odd notification server and then to the application own notification system? Nobody will use that email client, because security. So people are ok with this because battery save.. are you kidding me?

​@@survivor303 Apps can also create local notifications. This is about apps that need to be notified by a server. They can't be open in the background all the time on a device with such a small battery, so something like this is used to solve that. Yes, people would rather have about 5 times the battery life than the ultimate privacy. Most people like convenience over privacy.
On android apps can at least still do it if you say the app can be open in the background in settings. On iOS it's actually completely impossible, all apps must use their notification gateway. I like that Android at least gives some amount of choice.

@@louis-lau ok.

Afraid to have them mess with their bottom line in many ways. How much tax did Meta and G paid last year? Maybe they want to keep it like that...

Apps can definitely do that. They'll just have to deal with all the users complaining about delayed notifications. It would need to be delayed by minutes to prevent the identity matching described in the video.

I doubt it helps. YOU won't get pinged but Apple and Google WILL still get the notification.

​@@CoreDreamStudios depends on the app. Disabling notifications in OS settings wouldn't do much in most cases, but in some apps you can disable push notifications right in the app, and this setting will be applied serverside.

It will be up to the devs of privacy focussed apps to implement push notifications in a way that you can disable them at the application level rather than the OS level. Turning them off in the OS won’t make any difference to the records in most cases.