• kpw@kbin.social
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    How do those governments have access to this data? Is it not TLS encrypted?

    • prettybunnys@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      2
      ·
      1 year ago

      The article states that Apple recommends not putting any sensitive data in the payloads as well as encrypting the payloads

      This sounds a lot like a scenario where Apple informs that a mechanism used for standard mobile communication is being survived by governments not necessarily a scenario where something Apple or google are doing is inherently surveillance.

      Here it seems like the surveillance is occurring at the 3rd parties who send the push notifications.

    • GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Apple would be able (and perhaps required?) to provide the decrypted data. TLS is not end-to-end encryption; it’s just server-to-client. It’s useful to prevent MITM wiretapping but it is NOT useful to prevent server-side spying.

      The article quotes Apple as saying they can update their transparency report now that this is public. Doesn’t look like they have data for 2023 yet at https://www.apple.com/legal/transparency/

      I’d think Apple could make push notification content end-to-end encrypted if they so desired, but I don’t know how they could avoid having access to the vendor and user at minimum for the sake of validation and delivery.

    • ImTryingLemmy@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      To turn that question around, what incentive do the corporations have to encrypt that data? Whole bunch easier to just not care.