• kpw
    link
    fedilink
    21 year ago

    How do those governments have access to this data? Is it not TLS encrypted?

    • @prettybunnys@sh.itjust.works
      link
      fedilink
      English
      21 year ago

      The article states that Apple recommends not putting any sensitive data in the payloads as well as encrypting the payloads

      This sounds a lot like a scenario where Apple informs that a mechanism used for standard mobile communication is being survived by governments not necessarily a scenario where something Apple or google are doing is inherently surveillance.

      Here it seems like the surveillance is occurring at the 3rd parties who send the push notifications.

    • @GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      1
      edit-2
      1 year ago

      Apple would be able (and perhaps required?) to provide the decrypted data. TLS is not end-to-end encryption; it’s just server-to-client. It’s useful to prevent MITM wiretapping but it is NOT useful to prevent server-side spying.

      The article quotes Apple as saying they can update their transparency report now that this is public. Doesn’t look like they have data for 2023 yet at https://www.apple.com/legal/transparency/

      I’d think Apple could make push notification content end-to-end encrypted if they so desired, but I don’t know how they could avoid having access to the vendor and user at minimum for the sake of validation and delivery.