- cross-posted to:
- pulse_of_truth
- cross-posted to:
- pulse_of_truth
“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”
You must log in or register to comment.
Many services and companies argue that metadata is not personal data, but even if that were true by definition of the word, the means to correlate metadata to a real person have existed for how long now?
Just knowing that I receive messages, at certain times, in a certain app, might not be a lot on its own, but as soon as you cross-reference that with other users, it becomes a surveillance goldmine.
And that’s what many people seem to miss, I think.
Individually, there might not actually be much, depending on how you use your device. But the word individually gets thrown out the window in our world where everything is interconnected 24/7.I was talking to a friend recently about how the mechanisms of surveillance capitalism reminds me of a dark and a hollow version of how communities work. Earlier in the conversation, she used the phrase “communities are when 1+1 = 3”, i.e. when the collective output and capacity is greater than the sum of its parts. Data works a lot like that — you’re completely right that overemphasis on the value of individuals’ data misses the point
And of course nobody is going to fix these vulnerabilities because the governments want to be able to view that data
The fix would be very easy. Just don’t store that data. But Google and Apple obviously want that data for themselves as well, for advertising.
Tbh I absolutely do not understand why they decided to collect any data for push notifications in the first place. But yea now nobody will fix it. Though I’m wondering if it’s only the proprietary part (Firebase or whatever the name is) or the system itself that collects data. I mean if I use a degoogled phone that doesn’t even have that proprietary part (means notifications from IMSes don’t work either), am I safe from this or not? And does the collected data go to Google or to the app’s developers?
I already explained how the whole push notification thing works in this comment. If you’re using a degoogled phone, you’ll be fine. MicroG has the option to use Firebase but you need to be logged in with a Google account, enable device registration and enable cloud messaging for it to use it. Google has the data about when you got a push notification from what app since it goes through their server and the app developer can obviously log the notification data from their app.
BRUH push notifications with Firebase require everything going through a Google server? What in the deleted is that design?
I don’t like Google either but this design makes perfect sense. There’s a reason UnifiedPush works the same way. It sucks that you can’t choose a different server but that’s just how Google does things.
In my opinion there’s absolutely no point in sending notifications through Google. It can be done differently and in a much less overengineered way. Unification doesn’t make sense here. The additional features don’t work in half of the apps now anyways
If you have a better way to do this, I’d really like to hear it. Also, what additional features are you talking about?
Another quote from the article: “The data that is required to ‘turn on any push notification service’ is quite invasive and can unexpectedly reveal/track your location/store your movement with a third-party marketing company or one of the app stores, which is merely a court order or subpoena away from potentially exposing those personal details.”
I use UnifiedPush so at least Apple and Google don’t have that data either.
deleted by creator
I’ve swapped to using it since I switched to GrapheneOS. Only apps I’ve got using it so far are Tusky (Mastodon), Molly (Signal fork with UnifiedPush), and some of my self hosted stuff which allows for web hooks.
I really hope it catches on in more apps. Especially as their library has automatic fallback to Google’s service.
