“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”
“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”
I think the whole thing is that it’s a class of data that has very few privacy protections on it and is therefore more easily accessible by assholes
If we’re talking about these agencies subpoenaing in order to get the data, that kinda sounds like privacy protections are in place for it. I think whats really happening here is that push data is now one of a hundred or so other things (like emails, google/app maps data, web search history), that’s now being included when agencies make requests for a users data… they arent specifically going after push notifications any more then they’re going after how many steps your fitbit is counting, they just want all the information they can get, and by voluntarily giving it to these companies we put ourselves at risk, its a very distopian trade off.