This headline is ridiculous; I expect better from Ars Technica. You “admit” to things you shouldn’t have done. In this case the government compelled Apple to disclose certain data and simultaneously prohibited Apple from disclosing the disclosure. Thanks to a senator’s letter, Apple is now free to disclose something that they previously wanted to disclose, about something they were forced to do in the first place.
Compare to the Reuters headline: “Governments spying on Apple, Google users through push notifications - US senator.” The emphasis and agency are correctly placed on the bad actors.
Clickbaits need to die
It’s so telling, how good chat gpt is at creating click bait.
Ask for 10 click bait titles to any essay. It’ll be better than your title.
You won’t believe these top 10 generated clickbait titles!
I was hoping moving to Lemmy would get me away from them but I was wrong.
Lemmy isn’t really that different, beside being decentralized and has less restrictions (and downvotes/upvotes don’t mean shit here). People are people and news outlets are the same.
We need a bot that puts a better title in the comments, or an automod bot that physically changes the titles to be plain
This is when AI is actually useful.
Out of curiosity, what was it?
What was what?
Ah I accidentally deleted it and I guess the deletion didn’t federate completely, now I un-deleted so we’re good!
yeah, it looks like most of the other new agencies are attributing it correctly as the government. IMO it’s the damn gag order that’s most damning. You will spy on them for us and tell no-one.
To be fair Google was already making this information public via their transparency reports, albeit in aggregate, since 2010 [0].
“Google’s transparency report, Ars confirmed, already documents requests for push notification data in aggregated data of all government requests for user information.”
Apple conveniently played it safe until the coast was clear. Maybe they’d have been allowed to comment on this privacy issue if they published it in aggregate like Google - e.g. not specifically calling out the U.S. Govt? But that wasn’t a risk Apple was willing to take for its users.
I actually scrolled straight to the bottom of the article to see if it was flagged as being “republished from another Condé Nast property.” Just hoping there was an excuse for Ars.
A letter from a senator doesn’t carry much legal force. From my understanding of the article, Apple claims they were prohibited from sharing this information, but a simple letter couldn’t overturn something like a legal order or court mandate. The change here doesn’t support the claim.
It reads more like Apple chose not to disclose in order to avoid the ire of the DOJ, even though it would have been morally more correct to tell the public sooner.
How are we not suing the ever living shit out of the government for violating peoples 4th ammendment rights? This is a gross violation of the unreasonable search and seizure clause in the constitution.
Third party doctrine for one: the data held by third parties has no expectation of privacy, even if it’s about you.
From Wikipedia:
The third-party doctrine is a United States legal doctrine that holds that people who voluntarily give information to third parties—such as banks, phone companies, internet service providers (ISPs), and e-mail servers—have “no reasonable expectation of privacy” in that information. A lack of privacy protection allows the United States government to obtain information from third parties without a legal warrant and without otherwise complying with the Fourth Amendment prohibition against search and seizure without probable cause and a judicial search warrant.
Basically the government’s argument: if you wanted it to remain private, you wouldn’t have given it to someone else.
I’m reality, it’s an area of law that desperately needs to be updated.
The problem is that you almost can’t function in modern society without having a phone. So their argument is in bad faith, and really should be checked.
Laughs in GDPR
(as an EU citizen)
The same EU that’s desperately trying to ban end to end encryption and dictate which certification authorities browsers have to support so they can spy on you better?
It will take someone being brought in on evidence gathered by this method to get it overturned. It would probably wind its way up to the Supreme Court.
deleted by creator
PATRIOT
ACT
What if push messages doesn’t happen on your phone but is somehow “pushed” from somewhere else?
deleted by creator
This is the best summary I could come up with:
Governments have been secretly tracking the app activity of an unknown number of people using Apple and Google smartphones, US Senator Ron Wyden (D-Ore.) revealed today.
According to Wyden, many app users do not realize that these instant alerts “aren’t sent directly from the app provider to users’ smartphones” but instead “pass through a kind of digital post office run by the phone’s operating system provider” to “ensure timely and efficient delivery of notifications.”
Wyden said his office spent the past year investigating a “tip” received in spring 2022 claiming that “government agencies in foreign countries were demanding smartphone ‘push’ notification records from Google and Apple.”
Ars verified that Apple’s law enforcement guidelines now notes that push notification records “may be obtained with a subpoena or greater legal process.”
It’s unclear if either Apple or Google plans to provide any standalone reporting documenting all past requests for push notification data.
Wyden declined to comment further but wrote in his letter that he is pushing the DOJ to not just end the secrecy but also require even more transparency about these secretive requests.
The original article contains 694 words, the summary contains 182 words. Saved 74%. I’m a bot and I’m open source!
The only push notifications I get are from post mates.
What other, more sensitive information would they be collecting this way?
Pretty much any app that has message details in the notification. For instance, if I get a comment response on Lemmy, my app sends a push notification. If that notification contains details about the message, the government would supposedly be able to read that data.
Secure messaging apps have moved away from including message info specifically for this reason. For instance, Signal only sends a notification that you received a message. The push notification doesn’t say who the message was from, or what the message said.
But when Snapchat tells you that a specific friend is typing/has sent a message, the government could conceivably see that and connect you to that person. Maybe not a huge deal if it’s just a friend with nothing to hide. But we all know that “you have nothing to hide so you have nothing to fear” is a horrible excuse. Because it could land you on a list if that friend is a dealer, or becomes radicalized in the future, or has family who has ties to illegal activity, or any number of other things that the government may want to start watching them for.
…Signal only sends a notification that you received a message.
Signal on iOS shows previews by default. It even reads messages over AirPods as they come in.
iOS must be doing something special here, right? They can’t be sending message contents through the same route as push notification metadata, or it would be breaking end-to-end encryption… right?
Correct, messages aren’t E2E encrypted if the push has the data.
If there’s any reason to preserve privacy the push only has an identifier of the message to be downloaded on the device. When it comes in, the device downloads it and then if you’ve allowed it, will show it on a notification
Oh, got it. I turn all those off to avoid being bothered. Post mates is only on so I don’t miss it if “the driver is trying to contact” me.
Does this apply to when I get a text or voice message on my iPhone? There is a message preview before clicking on it.
Good thing I block/disable all of that crap and if a program does it I will just uninstall…I don’t need some shit device to tell me what to do and when to do it.
I mean, notifications are an integral part of many apps. You think people just randomly decide to open their phone app, texts, or emails, just to see if they have any unread messages or if they’re actively receiving a call? No, they wait for a notification to prompt them. Nobody is just randomly browsing through all their various apps to check for new messages.
Saying you don’t use notifications is like saying you only turn your phone on when you’re actively making a call, then you turn it right back off again. While it may be true for you, it’s intentionally missing the point and definitely isn’t the typical use case.
Hell, if you’re reading this comment now, it’s likely because you got a notification that I responded.
People are out here letting Lemmy comments interrupt their day?!
apart from signal (molly), all my app notifications, like the previous commenter, are off. If i open the app, i can see that you replied to me in the inbox. if i don’t open one of these apps, then i’m not interested, at that moment, in what’s happening on lemmy (or any other platform)
some people are alright with all that nagging buzz, some find it irritating. i grew up before mobile phones, present time was pure and distractions were scarce
that said, i find it troubling to learn that notifications too were being used to collect even more information. but, am i surprised?
Does turning the notifications off mean that it isn’t sending these messages or is the app or OS just not displaying them?
I think it means that notifications aren’t sent, but it’s a good question.
Thinking this through a bit more. It’s the server (eg. Signal) that sends the push notifications to Apple/Google. So turning off notifications on your phone presumably means that that Apple/Google doesn’t send them to your device. However they are presumably still be going from the server to Apple/Google (because how would Signal know that you’ve turned notifications off on your phone)?
interesting question, like others too have wrote.
My guess is that because most apps ask explicitly for permission (after the 1st install) unless they’re permitted by the user they don’t register for the push (just a guess :/
app makers pay for notifications, iirc (wrong?), they wouldn’t want to pay for notifications that are turned off on devices
another question would be: After uninstalling google services, if you install degoogled signal and choose to connect directly to signal servers, do signal still send information to google for push?
I check my apps daily for updates…I don’t rely on my device to tell me what to do, ever.
lol…. No they didn’t. Ars Technica is now among the untrusted/unreliable sources in my book. Bummer, because I used to respect them.
One bad headline brings you to that conclusion? Damn, remind me never to make a mistake in your presence.
How many should we accept?
It’s more than just one. It’s a trend. And I couldn’t care less what you do “in my presence.” You’re a random person on the internet trying to make a pointless point for no purpose other than to stir a pot.
Nah I’m just trying to help you realize not to throw the baby out with the bathwater. Not everything is meant to be confrontational.
Their articles have become sensationalistic bullshit.