On December 6th, US Senator Ron Wyden dispatched a strongly-worded letter to the Department of Justice (DOJ). He urged officials to “permit Apple and Google to inform their customers and the general public” about demands for “push” notification data, from “government agencies in foreign countries.”
I have long assumed that NOTHING done on or with any internet connected device is private, given sufficient interest by our rulers, records are available and encryption would be broken if not already "back doored".
(Anything even done in the same room with our mobile devices may well be compromised too, given sufficient interest, our "must have" devices all come with microphones and/or cameras).
All over "The West™", governments are taking a hard turn towards authoritarianism as the neoliberal world order takes overt command- Privacy is not going to be a privilege allowed to non billionaires.
I expect that "difficult" people such as myself will be of special interest to those who rule and get to be beta testers for the next phase, likely including digital "un personing" and some flavor of internment.
Welcome to the new normal. We all live in the goldfish bowl, nothing we've ever said, written or done since the internet went mainstream is not discoverable-Deal with it.
I especially agree that US-based companies simply can't be trusted due to their laws around gag-orders.
I'm just not so sure though that push notifications contain the *contents* of Signal messages, which is what seems to be claimed in a confused paragraph somewhere in the middle. Even if the message itself were transmitted via the push-notification (which I understand in the case of Signal it's not) it would be gibberish as it's end-to-end encrypted. If end-to-end encryption is broken that would be huge news.
Having said that, I still don't want my (US-allied) government to be collecting info on who I've been messaging and when, and who's been messaging me. This kind of data is much more revealing than what I say, especially in bulk.
Also, by the sounds of it, potential targets should be telling whoever they give their phone number not to save it in their contact list which inevitably is shared with WhatsApp
There are some "push" notifications that apparently CAN NOT be turned off on my phone? Such as the recently tested FEMA "Wireless Emergency Alerts", a slew of public safety related ones such as "Amber alerts", "an alzheimer sufferer wandered away" type alerts, notices to look for vehicles suspected to hold abducted children, tornado/severe weather warnings, probably others?
Are all of THESE (no opt out available) pushes capable of the same misuses as the (still device user refuseable) push notices mentioned in this article?
Interesting. Thank you for sharing. I was not aware that push notifications were such a potential privacy / security risk. Another good reason, besides protecting your peace of mind, to turn off notifications on your phone.
"Hotels, libraries, coffee shops, and other places that offer WIFI to their customers could be f o r c e d to serve as surrogate s p i e s . They could be required to configure their systems to ensure that they can provide the g o v e r n m e n t access to entire streams of communications."
"..deny that [it] is intended to sweep so broadly.
What *is* the provision intended to do, and how is the government planning to u s e it?
==> Sorry, that’s c l a s s i f i e d ." (lol)
Adding to the concern around Section 702: NDAA [National Defense Authorization Act] -
"These notifications aren’t dispatched directly from an app to users. Instead, a device’s operating system serves as an intermediary, receiving the information then passing it on through its internal processing system. Along the way, the data contained within is harvested by the processor."
To clarify, by "processor", does this refer to the CPU itself (the way the term is often used in technical contexts) meaning this is being done on a hardware level and Intel/AMD are implicated? Or is this just the OS processing and passing on the data on a software level?
Very important distinction, but I'm a little unclear on it! I'm quite shocked if the former, since though I know modern CPUs supposedly have spooky backdoors built-in on a hardware level, I've largely only heard rumours about what they're used for.
Thanks for your excellent reporting, as always, Kit.
And the hits just keep on coming. Thank-you, Kit.
Excellent article
I have long assumed that NOTHING done on or with any internet connected device is private, given sufficient interest by our rulers, records are available and encryption would be broken if not already "back doored".
(Anything even done in the same room with our mobile devices may well be compromised too, given sufficient interest, our "must have" devices all come with microphones and/or cameras).
All over "The West™", governments are taking a hard turn towards authoritarianism as the neoliberal world order takes overt command- Privacy is not going to be a privilege allowed to non billionaires.
I expect that "difficult" people such as myself will be of special interest to those who rule and get to be beta testers for the next phase, likely including digital "un personing" and some flavor of internment.
Welcome to the new normal. We all live in the goldfish bowl, nothing we've ever said, written or done since the internet went mainstream is not discoverable-Deal with it.
This is not a bad take.
I especially agree that US-based companies simply can't be trusted due to their laws around gag-orders.
I'm just not so sure though that push notifications contain the *contents* of Signal messages, which is what seems to be claimed in a confused paragraph somewhere in the middle. Even if the message itself were transmitted via the push-notification (which I understand in the case of Signal it's not) it would be gibberish as it's end-to-end encrypted. If end-to-end encryption is broken that would be huge news.
Having said that, I still don't want my (US-allied) government to be collecting info on who I've been messaging and when, and who's been messaging me. This kind of data is much more revealing than what I say, especially in bulk.
Also, by the sounds of it, potential targets should be telling whoever they give their phone number not to save it in their contact list which inevitably is shared with WhatsApp
Thanks for keeping your newsletters free!!
Long-term IT professional here and I did NOT know this.
I was always very choosy about what gets to send notifications, but the implications of this are profound.
Thank you very much Kit.
I have a question.
There are some "push" notifications that apparently CAN NOT be turned off on my phone? Such as the recently tested FEMA "Wireless Emergency Alerts", a slew of public safety related ones such as "Amber alerts", "an alzheimer sufferer wandered away" type alerts, notices to look for vehicles suspected to hold abducted children, tornado/severe weather warnings, probably others?
Are all of THESE (no opt out available) pushes capable of the same misuses as the (still device user refuseable) push notices mentioned in this article?
Interesting. Thank you for sharing. I was not aware that push notifications were such a potential privacy / security risk. Another good reason, besides protecting your peace of mind, to turn off notifications on your phone.
We're dusting off post-9/11 Patriot Act propaganda...
as a new flare-up of Gov's overreach / obsession with surveillance is starring into our face.
In places unsuspected citizens don't expect it (or are unaware that it's even technically possible).
Current discourse on FISA Section 702 (expiring end of 2023) confirms: N o b o d y is safe.
https://twitter.com/Snowden/status/1734305434721210564
"Hotels, libraries, coffee shops, and other places that offer WIFI to their customers could be f o r c e d to serve as surrogate s p i e s . They could be required to configure their systems to ensure that they can provide the g o v e r n m e n t access to entire streams of communications."
"..deny that [it] is intended to sweep so broadly.
What *is* the provision intended to do, and how is the government planning to u s e it?
==> Sorry, that’s c l a s s i f i e d ." (lol)
Adding to the concern around Section 702: NDAA [National Defense Authorization Act] -
they made the deal behind c l o s e d doors"
https://twitter.com/RepMTG/status/1732923207886217484 8 Dec, 2023
(check out bottom of the table: back-room decision overturns Congress votes...)
...bills always advance tyranny.
"The More Corrupt the State, the More Numerous the Laws" ~TACITUS
💥 If people would lie, steal + cheat like the Gov does 🤥🤥🤥, our world would be in chaos.
Kit & Klarenberg audience:
Keep the discussion around Gov's SPYING business at the forefront of public attention!
Taxpayers' funding deserves better than that.
"These notifications aren’t dispatched directly from an app to users. Instead, a device’s operating system serves as an intermediary, receiving the information then passing it on through its internal processing system. Along the way, the data contained within is harvested by the processor."
To clarify, by "processor", does this refer to the CPU itself (the way the term is often used in technical contexts) meaning this is being done on a hardware level and Intel/AMD are implicated? Or is this just the OS processing and passing on the data on a software level?
Very important distinction, but I'm a little unclear on it! I'm quite shocked if the former, since though I know modern CPUs supposedly have spooky backdoors built-in on a hardware level, I've largely only heard rumours about what they're used for.
Thanks for your excellent reporting, as always, Kit.