Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 06-Dec-2023 21:53:30 JST Kevin Beaumont

Massive story coming from this one later - thank you for Senator Wyden for blowing this up. Apple, follow through with public disclosure so this doesn't get lost.
Part of the US government spy worldwide using push notifications. That popup telling super secure encrypted messaging app? Yeahhhhh.
https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/

In conversation about a year ago from cyberplace.social permalink
- Dash 🇸🇬 and Aral Balkan repeated this.
- Embed this notice
  Dash 🇸🇬 (dashrandom@kopiti.am)'s status on Wednesday, 06-Dec-2023 22:00:09 JST Dash 🇸🇬
  in reply to
  
  @GossiTheDog Wow, this is pretty huge... More reason to not use Firebase or have your own notifications infrastructure as an app developer.
  
  In conversation about a year ago permalink
- Embed this notice
  Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Wednesday, 06-Dec-2023 23:25:49 JST Marcus Hutchins :verified:
  in reply to
  
  @GossiTheDog I'm not familiar with Apple, but I think on Android encrypted messengers use the notification service only to wake the device, but the actual message text (assuming that's enabled) is sent locally
  
  In conversation about a year ago permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 06-Dec-2023 23:25:50 JST Kevin Beaumont
  in reply to
  - Marcus Hutchins :verified:
  @malwaretech any device. So basically every app with push notifications (on Apple at least).
  
  In conversation about a year ago permalink
- Embed this notice
  Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Wednesday, 06-Dec-2023 23:25:52 JST Marcus Hutchins :verified:
  in reply to
  
  @GossiTheDog I assume this is only if you have linked devices where the notification gets pushed to all devices?
  
  In conversation about a year ago permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 07-Dec-2023 13:21:56 JST Kevin Beaumont
  in reply to
  
  More details emerging on the push notification spying by US.
  Apple guidelines now say that US law enforcement can obtain the Apple ID associated with a push notification token via a subpoena. You can use this to build a picture of who is talking to who with which devices and apps. https://www.washingtonpost.com/technology/2023/12/06/push-notifications-surveillance-apple-google/
  In conversation about a year ago permalink
  Attachments
  1. Untitled attachment

Feeds