Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 06-Dec-2023 21:53:30 JST Kevin Beaumont

Massive story coming from this one later - thank you for Senator Wyden for blowing this up. Apple, follow through with public disclosure so this doesn't get lost.
Part of the US government spy worldwide using push notifications. That popup telling super secure encrypted messaging app? Yeahhhhh.
https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/

In conversation Wednesday, 06-Dec-2023 21:53:30 JST from cyberplace.social permalink
- Dash 🇸🇬 and Aral Balkan repeated this.
- Embed this notice
  Dash 🇸🇬 (dashrandom@kopiti.am)'s status on Wednesday, 06-Dec-2023 22:00:09 JST Dash 🇸🇬
  in reply to
  
  @GossiTheDog Wow, this is pretty huge... More reason to not use Firebase or have your own notifications infrastructure as an app developer.
  
  In conversation Wednesday, 06-Dec-2023 22:00:09 JST permalink
- Embed this notice
  Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Wednesday, 06-Dec-2023 23:25:49 JST Marcus Hutchins :verified:
  in reply to
  
  @GossiTheDog I'm not familiar with Apple, but I think on Android encrypted messengers use the notification service only to wake the device, but the actual message text (assuming that's enabled) is sent locally
  
  In conversation Wednesday, 06-Dec-2023 23:25:49 JST permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 06-Dec-2023 23:25:50 JST Kevin Beaumont
  in reply to
  - Marcus Hutchins :verified:
  @malwaretech any device. So basically every app with push notifications (on Apple at least).
  
  In conversation Wednesday, 06-Dec-2023 23:25:50 JST permalink
- Embed this notice
  Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Wednesday, 06-Dec-2023 23:25:52 JST Marcus Hutchins :verified:
  in reply to
  
  @GossiTheDog I assume this is only if you have linked devices where the notification gets pushed to all devices?
  
  In conversation Wednesday, 06-Dec-2023 23:25:52 JST permalink
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 07-Dec-2023 13:21:56 JST Kevin Beaumont
  in reply to
  
  More details emerging on the push notification spying by US.
  Apple guidelines now say that US law enforcement can obtain the Apple ID associated with a push notification token via a subpoena. You can use this to build a picture of who is talking to who with which devices and apps. https://www.washingtonpost.com/technology/2023/12/06/push-notifications-surveillance-apple-google/
  In conversation Thursday, 07-Dec-2023 13:21:56 JST permalink
  Attachments
  1. Untitled attachment
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 05-Jun-2025 02:27:25 JST Kevin Beaumont
  in reply to
  
  An update - numbers! https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/
  In conversation about 5 days ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: www.404media.co
    
    Apple Gave Governments Data on Thousands of Push Notifications
    
    from @josephfcox
    
    Push notification data can sometimes include the unencrypted content of notifications. Requests include from the U.S., U.K., Germany, and Israel.
- Embed this notice
  Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 05-Jun-2025 02:29:56 JST Kevin Beaumont
  in reply to
  
  The long story short with that one is that multiple governments are using Apple push notifications for investigations. If you’re working on something really sensitive (ie comms), I’d turn off push notifications both sides.
  
  In conversation about 5 days ago permalink

Public

Conversation

Notices

Feeds