GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 06-Dec-2023 21:53:30 JST Kevin Beaumont Kevin Beaumont

    Massive story coming from this one later - thank you for Senator Wyden for blowing this up. Apple, follow through with public disclosure so this doesn't get lost.

    Part of the US government spy worldwide using push notifications. That popup telling super secure encrypted messaging app? Yeahhhhh.

    https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/

    In conversation Wednesday, 06-Dec-2023 21:53:30 JST from cyberplace.social permalink
    • Dash 🇸🇬 and Aral Balkan repeated this.
    • Embed this notice
      Dash 🇸🇬 (dashrandom@kopiti.am)'s status on Wednesday, 06-Dec-2023 22:00:09 JST Dash 🇸🇬 Dash 🇸🇬
      in reply to

      @GossiTheDog Wow, this is pretty huge... More reason to not use Firebase or have your own notifications infrastructure as an app developer.

      In conversation Wednesday, 06-Dec-2023 22:00:09 JST permalink
    • Embed this notice
      Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Wednesday, 06-Dec-2023 23:25:49 JST Marcus Hutchins :verified: Marcus Hutchins :verified:
      in reply to

      @GossiTheDog I'm not familiar with Apple, but I think on Android encrypted messengers use the notification service only to wake the device, but the actual message text (assuming that's enabled) is sent locally

      In conversation Wednesday, 06-Dec-2023 23:25:49 JST permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 06-Dec-2023 23:25:50 JST Kevin Beaumont Kevin Beaumont
      in reply to
      • Marcus Hutchins :verified:

      @malwaretech any device. So basically every app with push notifications (on Apple at least).

      In conversation Wednesday, 06-Dec-2023 23:25:50 JST permalink
    • Embed this notice
      Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Wednesday, 06-Dec-2023 23:25:52 JST Marcus Hutchins :verified: Marcus Hutchins :verified:
      in reply to

      @GossiTheDog I assume this is only if you have linked devices where the notification gets pushed to all devices?

      In conversation Wednesday, 06-Dec-2023 23:25:52 JST permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 07-Dec-2023 13:21:56 JST Kevin Beaumont Kevin Beaumont
      in reply to

      More details emerging on the push notification spying by US.

      Apple guidelines now say that US law enforcement can obtain the Apple ID associated with a push notification token via a subpoena. You can use this to build a picture of who is talking to who with which devices and apps. https://www.washingtonpost.com/technology/2023/12/06/push-notifications-surveillance-apple-google/

      In conversation Thursday, 07-Dec-2023 13:21:56 JST permalink

      Attachments


    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 05-Jun-2025 02:27:25 JST Kevin Beaumont Kevin Beaumont
      in reply to

      An update - numbers! https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/

      In conversation about 5 days ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: www.404media.co
        Apple Gave Governments Data on Thousands of Push Notifications
        from @josephfcox
        Push notification data can sometimes include the unencrypted content of notifications. Requests include from the U.S., U.K., Germany, and Israel.
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 05-Jun-2025 02:29:56 JST Kevin Beaumont Kevin Beaumont
      in reply to

      The long story short with that one is that multiple governments are using Apple push notifications for investigations. If you’re working on something really sensitive (ie comms), I’d turn off push notifications both sides.

      In conversation about 5 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.