• bartolomeo@suppo.fi
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    11 months ago

    If you follow a link on that page that says “coverage from yesterday” it reveals why anyone would want your push notification info:

    But push data can still reveal a lot about you. Even push notifications from apps as innocuous as food delivery services might reveal where a delivery is coming from, and therefore your approximate location. An Uber notification might contain a message from a driver telling you where to meet. And so on.

    Patterns of data could also reveal a lot. For example, if a foreign government was obtaining your iMessage push data – and that of one of your contacts – then even without the actual message content, they could see the two of you were exchanging lot of messages on a particular day. That could be tied to known events to draw conclusions about the likely content of those messages.

    For example, imagine a US journalist exchanging messages with a Chinese whistleblower about human rights abuses. A report on the abuses appears today, and the push data shows that the source and journalist exchanged many back-and-forth messages yesterday. That could easily be enough to confirm the source of the leak.

    I think there are more elegant ways to glean much more useful information about a target but in an attack I guess all data is valuable. The article doesn’t specify how long this has been going on or exactly which governments have been requesting data about who, which would be interesting to know.