[HN Gopher] A warrant showing the U.S. government is monitoring ...
___________________________________________________________________
A warrant showing the U.S. government is monitoring push
notifications
Author : PaulHoule
Score : 189 points
Date : 2023-12-10 15:40 UTC (7 hours ago)
(HTM) web link (www.404media.co)
(TXT) w3m dump (www.404media.co)
| macintux wrote:
| Extensive discussion (>600 comments) last week:
| https://news.ycombinator.com/item?id=38543155
| losteric wrote:
| This has news. Last week just reported on Senator Ron Wyden's
| letter, this article has concrete data from court orders and
| warrants.
| macintux wrote:
| I didn't flag it as a dupe, just helpful to have links
| between discussion threads (and try to avoid beating dead
| horses, although that's always a lost cause).
| jeffbee wrote:
| I renew my question of why this is surprising or objectionable.
| "Pen register" surveillance has been a thing that applies to
| actual mail, email, telephone networks, IP networks, and any
| other thing with a real or metaphorical envelope.
| rightbyte wrote:
| Automatization has made it possible to do all these stuff at
| such a scale that Google can spy on everyone all the time.
|
| Stasi was limited by that the whole of DDR can't work at Stasi.
|
| Instead of the government joining in on the fun, maybe it would
| be good to e.g. close down Google (split up the spy and search
| parts, which essentially is closing down Google since they have
| relatively nothing without the spying).
| jeffbee wrote:
| You obviously do not have a realistic appreciation for the
| scale or centralization of the post office or AT&T, nor any
| understanding of American 4th Amendment jurisprudence. If the
| only thing you bring to the discussion is an equivalation of
| Google and Apple with the Stasi, that's nothing more than
| fulfilling a variant of Godwin's Law.
| feedforward wrote:
| He said Stasi was limited so it is not equivalation. The US
| government and its infrastructure oligopolies monitor
| citizens far more than the Stasi ever did. We are pleading
| to a reduction down to a Stasi-like intelligence service.
|
| Tangentially, J. Edgar Hoover was politically opposed to
| feminism, and COINTELPRO had a massive secret police action
| against feminists and feminist groups in the 1970s. Some of
| us want these issues hashed out at the ballot box, not by
| some giant secret political police force.
| jeffbee wrote:
| In what way is COINTELPRO related to a court-ordered pen
| register?
| dirtyhippiefree wrote:
| ...in the way governments want the data to extend
| control...
|
| SMH
| feedforward wrote:
| The answer can be found in the first word of the
| statement.
| staplers wrote:
| Benevolent surveillance is a waiting period before malevolent
| manipulation.
|
| Study history.
| jtbayly wrote:
| Really?!
|
| The US Gov kept a record of all the metadata of every letter
| sent through the USPS?
| jeffbee wrote:
| No, and they don't keep a record of all APNS traffic, either.
| They get a court to order the push operator to log the
| envelope metadata of messages to and from enumerated parties
| who are the subject of the warrant.
| paulmd wrote:
| https://en.m.wikipedia.org/wiki/Mail_cover
|
| > Since 2001, the Postal Service has been effectively
| conducting mail covers on all American postal mail as part of
| the Mail Isolation Control and Tracking program.[1]
|
| https://en.m.wikipedia.org/wiki/Mail_Isolation_Control_and_T.
| ..
| karaterobot wrote:
| > I renew my question of why this is surprising or
| objectionable.
|
| It's surprising because the government doesn't exactly talk
| about it a lot. Thus, most people who don't follow security
| issues don't hear about it very often. It's not like the
| government advertises these activities with billboards and TV
| spots. The reason they don't is because this broad
| interpretation of their responsibilities makes them look pretty
| bad without having a long discussion with a lot of context. As
| it is, people might just ask them to stop reading their emails.
| So, if the people doing it don't talk about it, why would you
| be surprised that other people don't know it's happening? It
| sounds like you're saying "I'm surprised that not everybody
| pays careful attention to the specific domains I pay attention
| to", but remember that it takes all kinds of people to make the
| world go round.
| jeffbee wrote:
| This isn't the police reading your emails. It is envelope
| metadata (to/from). This type of surveillance is not even a
| search under the 4th Amendment (Smith v. Maryland). Having a
| warrant makes the activities described in the article
| completely legitimate. It is _the definition_ of "due
| process".
| nulbyte wrote:
| It may not be a search under that case, but plenty of folks
| disagree with that assessment. It's not like the telcos
| publish metadata for anyone to read. It is private data,
| and the fact that government officers think they have carte
| blanche to get it, and worse, can find judges that agree
| with them, is disagreeable to a significant portion of the
| population.
|
| Is it warranted (figuratively, not literally) in this
| instance? Perhaps. But nonetheless, it re-opens the
| conversation about the wider implications about warrantless
| searches.
| jeffbee wrote:
| That isn't the discussion that HN seems to be having
| though. The idea that a court cannot order a search is an
| extreme, fringe position.
| karaterobot wrote:
| > It is envelope metadata (to/from).
|
| Right, but!
|
| That's what the conversation would be about, without a long
| discussion and a lot of context. That's why we don't have
| the conversation: it's too hard, and people would just say
| "stop listening to my phone calls, you government
| perverts". And because we don't have that conversation,
| it's a surprise when things like this come up.
| tastyfreeze wrote:
| It shouldn't be surprising to anybody that has been paying
| even a small amount of attention to the results of Snowden
| releases.
|
| They might not talk about it but one agency or another has
| been consuming all digital traffic since at least the late
| 90s.
|
| https://en.wikipedia.org/wiki/Carnivore_%28software%29?wprov.
| ..
| tiahura wrote:
| Maybe I'm confused but the warrant seems to suggest they're not
| monitoring them. It's asking for the notifications. If they were
| monitoring them, they wouldn't need to subpoena them.
| NegativeLatency wrote:
| Parallel construction?
| jjtheblunt wrote:
| What does that mean?
| wharvle wrote:
| Learn something from illegal/inadmissible/secret source,
| use that info to find other evidence you can actually
| present in a public court, that you otherwise might not
| have found.
| cyberpunk wrote:
| If they request a warrant also, then they can actually use
| the results in a court process?
| tharkun__ wrote:
| They already know through either inadmissible means or
| outright illegal ones or they don't want you to know their
| capabilities.
|
| So now they go the official way. They already know exactly
| where to look and what to look for and what to ask for.
| temp0826 wrote:
| https://en.wikipedia.org/wiki/Fruit_of_the_poisonous_tree
|
| Illegally obtained evidence can't be used, so they must
| build the story using only legal means, which can be
| difficult and take longer or not possible at all sometimes.
| nullc wrote:
| haha
|
| That rule been so undermined in so many respects that is
| has little effect.
|
| When the government illegally spies on the public it goes
| in knowing that it has to cover for its actions.
|
| The evidence rules tend to only catch genuine errors
| where they failed to do the required parallel
| construction or set things up for the inevitable
| discovery doctrine because the unlawful search was
| inadvertent rather than intentional.
| tofof wrote:
| https://en.wikipedia.org/wiki/Parallel_construction
|
| _In the US, a particular form is evidence laundering,
| where one police officer obtains evidence via means that
| are in violation of the Fourth Amendment 's protection
| against unreasonable searches and seizures, and then passes
| it on to another officer, who builds on it and gets it
| accepted by the court under the good-faith exception as
| applied to the second officer. This practice gained support
| after the Supreme Court's 2009 Herring v. United States
| decision._
|
| See also the sibling about Fruit of the Poisonous Tree, the
| principle of law that Parallel Construction has rendered
| moot.
| jjtheblunt wrote:
| Math nerd observation:
|
| reminds me of algebra equation solving encountering
| square root of -1, then naming it an introduced variable
| "i", rather than being stuck, and moving on, in hopes "i"
| vanishes later in the set of equations being solved or
| simplified.
| jacobsenscott wrote:
| Standard tinfoil hatter stuff - it is impossible to prove
| the government is not monitoring everything. From there you
| can build any theory - one being the government finds out
| you are doing something illegal, and then they go back and
| find legal ways to prove it.
|
| Has this happened - probably. Does it happen a lot -
| probably not. But none of that matters - the uncertainty is
| enough to build a whole online community that believes
| hard.
| llamaInSouth wrote:
| it means that they are trying to hide being criminals...
| (the government)... look it up on wikipedia
|
| https://en.wikipedia.org/wiki/Parallel_construction
|
| AGAB
|
| All Governements Are Bastards
| bastard_op wrote:
| Show me any large US ISP, and I'll find you a locked room few
| know about with government network sniffers that sit at the head
| of all regional traffic to get a copy of everything going in and
| out there. Everyone does it, but like fight club, no one talks
| about it. If they're not in yours, it's because they've already
| gotten upstream of traffic to see it all anyways.
|
| The problem comes with sifting through the data, but now that you
| have tireless AI doing that work for tired humans, who's to say
| what they actually _don 't_ see.
| jasonwatkinspdx wrote:
| Doesn't even have to be big.
|
| Years back I was touring a local datacenter that was more than
| a bit quirky, but their offer was basically that they had fiber
| loops into the main carrier hotel a few blocks away. This was
| useful because the guy than ran the carrier hotel wouldn't even
| return your email unless you were from BigCo.
|
| But anyhow, walking around he pointed out one cage and said
| something like "And that's the NSA's cage, we don't ask what
| they do haw haw." At the time I mostly thought he was just
| exaggerating or joking around. But later after revelations of
| the scale of bulk collection I had to wonder if it really was
| true and simply banally that much in the open.
| bastard_op wrote:
| Hah, I only say large as anything smaller they're already
| getting you somewhere at your provider's provider.
| fragmede wrote:
| Room 641A was known to the security community _long_ before
| the Snowden leaks.
| formerly_proven wrote:
| In fact it even had a Wikipedia article a number of years
| before them: https://en.wikipedia.org/w/index.php?title=Roo
| m_641A&oldid=6...
| OfSanguineFire wrote:
| So much was revealed in the European Parliament's ECHELON
| report back in 2000 that I found it hard to understand why
| Snowden made the big splash that he did. It all seemed
| pretty old hat to me.
| 0xDEF wrote:
| The chattering classes love counter-cultural packaging.
| That is why they embraced Greta Thunberg much more than
| they embraced Al Gore despite the messaging being the
| same.
|
| The ECHELON report revelations were packaged into a
| formal (boring) European Parliament report. Meanwhile
| Edward Snowden had the counter-cultural packaging of a
| cool dissident hacker.
| wayfinder wrote:
| In 2006, Mark Klein working for AT&T leaked it. It was in
| the news.
|
| Snowden did his leak way later in 2013.
| gscott wrote:
| And the Utah data center that stores days worth of the
| entire Internet and then they just keep the most
| interesting parts and the parts they can't hack into for
| later analysis.
|
| https://en.wikipedia.org/wiki/Utah_Data_Center
| dirtyhippiefree wrote:
| The government spooks aren't at the ISP level...remember the
| AT&T whistleblower...
|
| https://www.wired.com/2006/05/att-whistle-blowers-evidence/
| mdgrech23 wrote:
| could see these "statistics" being used to gauge to public
| response to political decisions. That's pretty dystopian.
| "President Biden, the 'data' shows your response to Palestine
| was not very popular".
| bathtub365 wrote:
| This world where the people running the government care what
| the populace thinks about their decisions reads like a
| utopian fantasy.
| _heimdall wrote:
| At least as of a few years ago, AT&T still owned most of the
| core network in the US and leased it out to other ISPs. The
| government has a direct pipe into AT&T which allowed (still
| does?) them to sniff everything regardless of ISP since AT&T
| almost certainly owned the underlying pipe.
| seydor wrote:
| Nobody should be surprised. I think most people are familiar with
| Murphy's law
| seeknotfind wrote:
| How to protect yourself? Is disabling notifications locally a
| good countermeasure?
| _heimdall wrote:
| Depends on how deeply you want to protect yourself.
|
| Disabling push notifications would help, especially if you
| disable notifications through individually app settings first.
| That should make sure an app doesn't continue trying to send
| notifications entirely, if you just disable notifications
| globally Apple or Google may still see notifications that they
| just don't route to your device.
|
| If you really want better protection, use GrapheneOS or a
| similar de-Googled android device and don't install any Google
| services. That's the best way to still have a modern smartphone
| with limited risk that Apple or Google is somehow tracking most
| use.
| TheCraiggers wrote:
| Depends. Since Apple/Google are monitoring it on their end, and
| I believe (at least on Android) turning off notifications at
| the OS level just blocks it from showing on your phone, these
| would still be sniffable.
|
| If the application in question has the ability to disable
| notifications _inside the application itself_ , that should
| work.
| Syonyk wrote:
| You stop using your cell phone for anything important, or
| anything that can't be gotten through other means trivially.
|
| Practically, this means you use your cell phone for phone calls
| (the metadata is public, and I assume anyone who wants to
| listen in can already do so), and for SMS/MMS messages (see
| above, except I don't think the contents are quite as protected
| as voice).
|
| You disable location services, you don't install anything of
| any interest on your "daily carry" phone, and you regularly
| shut it down for periods of time to build the expectation that
| your device is regularly offline. Let it run out of battery.
| Cultivate the "senile old senior" approach to using your phone.
| Leave it behind.
|
| And then carry a small laptop, preferably running Qubes, for
| "everything else," and either use Tor or your own VPN
| infrastructure (ideally shared with friends) for access.
|
| ... and start cultivating ways of life that are offline first,
| that don't rely on consumer electronics (or the upstream
| companies) to behave as anything other than the data-grubbing,
| data-selling sorts they've reliably proven to be.
|
| Yeah. It sucks. The past 20 years of consumer electronics turn
| out to have been rotten on the vine, actively working against
| your own interests, comically insecure (so even if they're not
| just streaming your data off to whoever pays/demands, it's not
| hard to extract), etc.
|
| I don't have any better answers. I've been trying for about the
| last 5 years to figure out a solution, and I just can't come up
| with anything reasonable that still involves using consumer
| electronics for much more than toy uses. Apple looked better
| for a while, but then lost their head with the on-device CSAM
| scanning stuff and, while I like it, Lockdown is a simple
| admission that they cannot build secure software against
| nation-state level adversaries. Plus, most of their updates are
| "Oh, yeah, so, update this now, we have reason to believe
| [solid proof and won't say it, usually...] that this fixes
| things under active exploit." But, hey, we've got MeMojis and
| such now!
|
| We have built too much complexity into our systems (see all the
| uarch vulns that are fundamentally a result of chasing
| performance over everything) to understand, to reason about,
| and we can't fix the problems of complexity with yet more
| complexity (as the last 5 years of papers demonstrate, often to
| comedic effect, about how the uarch vuln mitigations open up
| this other channel). And the software isn't any better.
|
| I don't see the path forward other than simply opting out, and
| building systems that no longer rely on vulnerable pocket
| computers that leak literally everything you're doing to
| whoever might care.
| badrabbit wrote:
| Where are the popular personalities telling people to not use
| VPNs? I swear sometimes I theorize about gov agencies using
| people to spread insecurities like that.
|
| VPN providers that are run by reputable people/orgs and make
| security promises are liable to lawsuits and criminal prosecution
| if they sniff your traffic or sell info about you, unlike ISPs
| complying with gov requests/partnerships and who want another
| revenue stream by selling your info to the highest bidder with no
| specific privacy guarantees.
| jonplackett wrote:
| Are push notifications sent in plain text?
| yellow_lead wrote:
| For most applications, yes. They are only encrypted in transit
| via HTTPS, but they are readable to Google/Apple.
|
| It's possible to E2EE push notifications, but you need custom
| application logic.
| jonplackett wrote:
| Wouldn't it be pretty simple to do that though if you wanted
| to?
|
| Send the push without content, or with just an identifier,
| and then have the app go get that message from the database
| and show it.
| toast0 wrote:
| On iOS historically, you needed a special dispensation for
| your app to run when a push is received. So your choice was
| to let Apple see the content, or to have a push like
| 'you've got a new message'. I don't know the current
| status, but this used to be called a voip push or silent
| push; and Apple kept track to make sure you were at least
| posting notifications, otherwise future notifications would
| be dropped/delayed.
|
| A lot of apps clearly do notifications separately from
| content though: you'll get a notification, but when you tap
| on it, the content has to load.
| aaomidi wrote:
| Apple and Google have been recommending that actual data not be
| sent through these push notifications and only a "ping" for the
| app to go check the source of truth.
|
| Maybe it's time to actually enforce this and remove the ability
| for arbitrary content to be sent?
| wkat4242 wrote:
| Ah I wonder if that's why notifications don't work when I force
| stopped an app
| anonymouse008 wrote:
| In effect, yes. The notification delegates in Swift only call
| the notification callbacks if you tap the specific
| notification (if you just go to the App the notification
| callbacks are not fired)
| gsuuon wrote:
| You'd need some amount of arbitrary data (the copy) so the user
| knows what kind of content they can expect.
| aaomidi wrote:
| Nope, these notifications don't always turn into a user-
| visible notification.
| TheCraiggers wrote:
| Looks like it's time to finally dive into setting up ntfy and
| UnifiedPush for my stuff.
| wkat4242 wrote:
| Yes but good apps do encrypt it already
| jmnicolas wrote:
| I don't know UnifiedPush so I can't compare, but ntfy is an
| absolute gem.
|
| I have it on my personal server, configuration is easy and the
| app is available on degoogled phones and works perfectly.
|
| Just look at the doc on Github, most professional software
| don't have such a well done doc.
| traceroute66 wrote:
| Good to see Threema are ahead of the game, they anticipated the
| scenario and have been using encrypted notifications for some
| time now[1].
|
| [1]https://threema.ch/en/faq/privacy_push
| afroboy wrote:
| Signal doesn't even send the message via push notifications.
| codethief wrote:
| This is the third time in a week that I read about this and, to
| me, the most important question has remained unanswered: If a
| push notification's payload is E2E-encrypted (consider, e.g.,
| push notifications for Signal running on GrapheneOS with
| sandboxed Google Play Services), is there still a data leak?
| Like, what metadata are people referring to? The fact that I use
| Signal at all?
|
| Of course, depending on the app, it coupd be possible to
| correlate even E2E-encryped push notifications with other data on
| that app's backend server etc. But beyond specific apps is there
| a _generic_ vulnerability here?
___________________________________________________________________
(page generated 2023-12-10 23:01 UTC)