17 Comments

And the hits just keep on coming. Thank-you, Kit.

Expand full comment
author

I can but try, dear Clare! Thank you for your enduring interest, and support!

Expand full comment

Not from you, darling! You do get that. 😊 Honest reporting is not the hit it once was except to those open to it. ☮️🌱❤️

Expand full comment
Dec 10, 2023Liked by Kit Klarenberg

Excellent article

Expand full comment

I have long assumed that NOTHING done on or with any internet connected device is private, given sufficient interest by our rulers, records are available and encryption would be broken if not already "back doored".

(Anything even done in the same room with our mobile devices may well be compromised too, given sufficient interest, our "must have" devices all come with microphones and/or cameras).

All over "The West™", governments are taking a hard turn towards authoritarianism as the neoliberal world order takes overt command- Privacy is not going to be a privilege allowed to non billionaires.

I expect that "difficult" people such as myself will be of special interest to those who rule and get to be beta testers for the next phase, likely including digital "un personing" and some flavor of internment.

Welcome to the new normal. We all live in the goldfish bowl, nothing we've ever said, written or done since the internet went mainstream is not discoverable-Deal with it.

Expand full comment

All publicly available encryption is broken. All of it without exception. "Military grade" encryption means the military can get in. Slightly stronger versions are made available to banks. Anything stronger than that is called "weapon" grade encryption.

All the wires and spectrum are controlled and completely monitored, unless you own your own private fiber optic line from point A to point B.

If you want a private conversation, go out in the woods away from electronics.

Expand full comment
Dec 10, 2023Liked by Kit Klarenberg

This is not a bad take.

I especially agree that US-based companies simply can't be trusted due to their laws around gag-orders.

I'm just not so sure though that push notifications contain the *contents* of Signal messages, which is what seems to be claimed in a confused paragraph somewhere in the middle. Even if the message itself were transmitted via the push-notification (which I understand in the case of Signal it's not) it would be gibberish as it's end-to-end encrypted. If end-to-end encryption is broken that would be huge news.

Having said that, I still don't want my (US-allied) government to be collecting info on who I've been messaging and when, and who's been messaging me. This kind of data is much more revealing than what I say, especially in bulk.

Also, by the sounds of it, potential targets should be telling whoever they give their phone number not to save it in their contact list which inevitably is shared with WhatsApp

Expand full comment

I'm looking at the notifications coming up from Signal on my Mac. They go through the Mac using Apple notifications, so they go through Apple and I'm betting that none of them are encrypted....plain text.

Go through all that trouble to leave the side door wide open.

Expand full comment
Dec 10, 2023Liked by Kit Klarenberg

Thanks for keeping your newsletters free!!

Expand full comment

Long-term IT professional here and I did NOT know this.

I was always very choosy about what gets to send notifications, but the implications of this are profound.

Thank you very much Kit.

Expand full comment
author

My pleasure Philip! It's extraordinary, isn't it?

Expand full comment

A wonderful addition to the security and privacy knowledgebase!

Expand full comment

I have a question.

There are some "push" notifications that apparently CAN NOT be turned off on my phone? Such as the recently tested FEMA "Wireless Emergency Alerts", a slew of public safety related ones such as "Amber alerts", "an alzheimer sufferer wandered away" type alerts, notices to look for vehicles suspected to hold abducted children, tornado/severe weather warnings, probably others?

Are all of THESE (no opt out available) pushes capable of the same misuses as the (still device user refuseable) push notices mentioned in this article?

Expand full comment

Interesting. Thank you for sharing. I was not aware that push notifications were such a potential privacy / security risk. Another good reason, besides protecting your peace of mind, to turn off notifications on your phone.

Expand full comment

We're dusting off post-9/11 Patriot Act propaganda...

as a new flare-up of Gov's overreach / obsession with surveillance is starring into our face.

In places unsuspected citizens don't expect it (or are unaware that it's even technically possible).

Current discourse on FISA Section 702 (expiring end of 2023) confirms: N o b o d y is safe.

https://twitter.com/Snowden/status/1734305434721210564

"Hotels, libraries, coffee shops, and other places that offer WIFI to their customers could be f o r c e d to serve as surrogate s p i e s . They could be required to configure their systems to ensure that they can provide the g o v e r n m e n t access to entire streams of communications."

"..deny that [it] is intended to sweep so broadly.

What *is* the provision intended to do, and how is the government planning to u s e it?

==> Sorry, that’s c l a s s i f i e d ." (lol)

Adding to the concern around Section 702: NDAA [National Defense Authorization Act] -

they made the deal behind c l o s e d doors"

https://twitter.com/RepMTG/status/1732923207886217484 8 Dec, 2023

(check out bottom of the table: back-room decision overturns Congress votes...)

...bills always advance tyranny.

"The More Corrupt the State, the More Numerous the Laws" ~TACITUS

💥 If people would lie, steal + cheat like the Gov does 🤥🤥🤥, our world would be in chaos.

Kit & Klarenberg audience:

Keep the discussion around Gov's SPYING business at the forefront of public attention!

Taxpayers' funding deserves better than that.

Expand full comment

"These notifications aren’t dispatched directly from an app to users. Instead, a device’s operating system serves as an intermediary, receiving the information then passing it on through its internal processing system. Along the way, the data contained within is harvested by the processor."

To clarify, by "processor", does this refer to the CPU itself (the way the term is often used in technical contexts) meaning this is being done on a hardware level and Intel/AMD are implicated? Or is this just the OS processing and passing on the data on a software level?

Very important distinction, but I'm a little unclear on it! I'm quite shocked if the former, since though I know modern CPUs supposedly have spooky backdoors built-in on a hardware level, I've largely only heard rumours about what they're used for.

Thanks for your excellent reporting, as always, Kit.

Expand full comment

I think what he's saying, Emma, is that the notifications go from app to Apple, then back to your computer. When it sends the notification, it's in plain text, not encrypted. Apple won't have a copy of your private key needed to decrypt the original encrypted message, the app will decrypt it, then send to Apple and then sent back to your computer. Rendering the security worthless.

Expand full comment