Shouldn’t it be impossible for them to even be able to hand over your notifications in the first damn place.
There’s no reason I can think off that they should even have this info.
The article is incorrect in equating Apple’s stance to Google’s. As far as I can tell Google does not require a warrant, only a subpoena (which doesn’t require a judge’s review), while Apple’s change does require a court order or a warrant, both of which require a judge to sign off.
From Google
Requests from US government agencies in civil, administrative, and criminal cases
The Fourth Amendment to the US Constitution and the Electronic Communications Privacy Act (ECPA) restrict the government’s ability to force a provider to disclose user information. US authorities must at least do the following:
In all cases: Issue a subpoena to compel disclosure of basic subscriber registration information and certain IP addresses
In criminal cases Get a court order to compel disclosure of non-content records, such as the To, From, CC, BCC, and Timestamp fields in emails Get a search warrant to compel disclosure of the content of communications, such as email messages, documents, and photos
https://policies.google.com/terms/information-requests?hl=en-US
Thank you for the facts.
Source: Apple
IMHO, they have much more to lose if they decide to start getting shady around privacy and security stuff in western nations. They’ve sunk too much money into building a brand around privacy and security.
Apple it’s very far away of being a brand of privacy and security.
Better than every mainstream alternative, no?
It depends in what you define as “mainstream” in my personal pov I would prefer to go for degoogled rooted AOSP for privacy concerns if you know how to use it there isn’t anything better than it out there.
I mean, of course, yeah. By mainstream I mean what your average consumer would purchase and use. They almost certainly will not be rooting a device
I am the family tech support and I certainly will not be rooting a device.
And I would almost certainly recommend Apple to my family for the “mainstream privacy”
Nobody would define that as mainstream.
I believe it depends on what exactly someone defines as mainstream, for me using degoogled AOSP it’s something normal idk if it’s mainstream but what exactly it’s mainstream depends on the POV don’t you believe? But in my humble POV definitely Apple it’s not exactly all rainbows about privacy and security, unless you don’t mind your “encrypted” stuff being seen by the CIA and the NSA of course.
Nobody would define that as mainstream.
Rooted, degoogled AOSP is definitively not “mainstream”. Mainstream to me means something you can but off the shelf and start using without having to modify it.
Are you kidding man? The options are things you can buy off the shelf and turn on.
If you are rooting, configuring etc you are off the mainstream
There is nothing what you can buy out of the shelf and turn it on which respect your privacy and security at all wo a minimum effort and knowledge by the user, nor apple nor google are trustworthy at all, I mean if you will use their “encrypted” clouds to storage pics of your fat wife in them there is no problem but I wouldn’t recommend any of those big corps spyware out of the shelf to anyone involved into politics or really concerned about their privacy at all.
The fuck is wrong with you? You type like a child with carbon monoxide poisoning
Well, we know they’re not, but the people that eat up all the ads Apple makes about their shallow privacy features you have to manually turn on don’t.
A good step, but seems like spilled milk after the previous news.
How do people read giz? I block the ads, but still there’s a sticky video overlay, and “related” links everywhere… unreadable
I’m using pihole for DNS and ublock for Firefox on android and I get no adverts.
Saaaame and the stupid video still follows me.
Lotta white space.
I can see why these web sites are dying.
Gawker media was sued into the ground by a billionaire quite a few years back for posting an article about him being gay and now it just exists to make as much money from adverts as possible until it dies.
It used to be quite a good group of sites for tech news and such.
Gawker was godawful and deserved to be killed. They had a service called (not kidding) gawker stalker which gave live updates on celebrities locations, an actual stalkers wet dream
Would it be possible for Apple to just encrypt this data or, not keep this data? Then there would be nothing to give law enforcement or government. (Forgive my ignorance, I have no idea how all this works.)
The developer of the app sends the push notification through Apple’s service. Developers have always been able to encrypt it, at which point it can be decrypted only by their app, but not all developers do this. There’s also still limited metadata about the fact that a notification was sent, even if the contents are encrypted.
Would it not make more sense to remove metadata and not even collect it? Maybe have an encrypted protocol for push notifications all developers use regardless of the app?
Your phone has to be informed somehow, from the internet, that it has data to present as a notification. The fact that you got a notification at 3:32 and then again at 3:35 is trackable data, pretty much no matter what anyone does with it, encrypted or not. Doubly so if someone has MITM attacked your data stream. They may not know what the notification contains or even what app it was sent to, but the act of transmitting and then receiving this data packet over cell network or internet is a trackable event. And I don’t really know what Apple could even do about that beyond attempting to build Internet 2 solely for the purposes of keeping the cops out of it, which is unlikely at best.
Honestly I think developers should just use push notifications to tell the app to directly fetch the notification contents from their server, rather than sending the contents of the notification using push, where it is stored by Apple/Google.
Or do what Element and Syncthing do, which is bypass that entire Google push infrastructure (FCM, formerly GCM?) and connect directly to their own ones instead - at the expense of some additional battery consumption, particularly when there’s poor cell service. Due to iOS restrictions on background apps, this probably isn’t possible on that platform?
Edit: add clarification
deleted
Because protecting user privacy is not a priority.
Why not chuck the data when it’s no longer being used, though?
They do. Apple is sending literally trillions of push notifications per year and certainly doesn’t want to save them longer than necessary (a useless expense), but the government can also ask that information for a targeted user be retained, going forward from the request, even though it would normally be purged.
Your move googs
Read the article. Google already requires a warrant before handing out this data.
Google only requires a subpoena.
That’s the problem, I don’t want Google to have my messages. It should in fact be in my phone.
So don’t use cloud backups. Same with iOS. If you want it local, keep it local. No one is forcing you to host your data in someone’s cloud.
This is the best summary I could come up with:
Senator Ron Wyden wrote a letter to the Department of Justice last week accusing foreign governments of spying on Americans through push notification data.
Senator Wyden says Apple was “doing the right thing by matching Google and requiring a court order to hand over push notification-related data,” in a statement to Reuters Tuesday.
This metadata flows through Google and Apple’s servers and could be used by law enforcement to expose the true identities of anonymous online users.
If a government wants information to associate an APN token with your Apple ID, those “records may be obtained with an order under 18 USC 3703(d) or a search warrant.” Both of these provisions require a judge’s consent to hand over this data but call into question how easy it was for law enforcement to access it in the past.
As Wyden calls out in his statement today, Apple’s update matches Google’s language in its Privacy and Terms, which also requires a subpoena or court order to hand over metadata about users.
Google was the first to publish a transparency report detailing how many government requests the company receives for disclosing user information.
The original article contains 345 words, the summary contains 189 words. Saved 45%. I’m a bot and I’m open source!
I have zero Google services on my phone only microG. Does police still have access to my push notifications if they ask for it?
It’s not the services, it’s the push notification itself. It’s like a book, where the push notification is the cover, and the app is the pages. The government can’t open the book, but they are able to look at the cover all they want.
This is apples move towards putting a cover on top of the books cover… kinda. The metaphor breaks down when you get into what Apple is doing here to be honest.
gmsCore (microG) is an open source way of using Google Services.
You re-implemented Google Services (albeit open source instead of proprietary), from what I understand you’re exactly as vulnerable as everyone else - But you have a giant “I’m trying to hide!” sign painted on your account.
deleted
Because Apple doesn’t like competitors
