Not necessarily. I’m not some sort of tech genius but she’s using some choice language here:
push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages
metadata is not “contained” in the notification.
When pushed on this she basically changed the subject to “there’s no alternative”:
Another Twitter user pointed out that rather than the exposure of the text, the bigger issue is that “the push gets sent at all, not what’s in it. It lets an attacker identify somebody by when they get messages, messages the attacker may even have sent.”
To this, Whittaker replied, “So this is an issue worth clarifying. It’s not possible [right now] to build a mass [communications] app [without] push notifications, [especially with] calling. This is a problem, we agree.”
I could be misinterpreting these statements but that’s how it reads to me. Seems like encrypting metadata would require Google’s involvement and I’m sure that’s the opposite of what they want.
You are trying to read what isn’t there. Push notifications just don’t contain any messages, at all, in any form, whether you want to call it data or metadata. They are just telling the Signal app to wake up, and then it securely checks with the server what’s up.
The only think authorities are getting then, is the fact your Signal app was told to wake up at time X. Not whether you actually received a message, let alone any information about any messages.
It is confusing the system is called “push notifications”, because it has nothing to do with the actual notifications you are seeing on your phone. It’s just a mechanism to wake up sleeping apps so that they can check up with their server.
Not necessarily. I’m not some sort of tech genius but she’s using some choice language here:
metadata is not “contained” in the notification.
When pushed on this she basically changed the subject to “there’s no alternative”:
https://www.medianama.com/2023/12/223-signal-push-notifications-content-meredith-whittaker/
I could be misinterpreting these statements but that’s how it reads to me. Seems like encrypting metadata would require Google’s involvement and I’m sure that’s the opposite of what they want.
You are trying to read what isn’t there. Push notifications just don’t contain any messages, at all, in any form, whether you want to call it data or metadata. They are just telling the Signal app to wake up, and then it securely checks with the server what’s up.
The only think authorities are getting then, is the fact your Signal app was told to wake up at time X. Not whether you actually received a message, let alone any information about any messages.
It is confusing the system is called “push notifications”, because it has nothing to do with the actual notifications you are seeing on your phone. It’s just a mechanism to wake up sleeping apps so that they can check up with their server.
That’s called metadata.
So why do the authorities want it?
Yes it’s called metadata. I don’t know why they want it.
It’s because it’s used in tandem with other data they collect to profile you. To profile all of us.
Yes, I assume so.