651 comments

[ 0.28 ms ] story [ 399 ms ] thread
[flagged]
I see that there is a lot of signal coming over my push notifications ... how would using this signal make spies incompetent?
> I see that there is a lot of signal

What signals are you talking about? Someone tends to respond to Tinder's notifications at 6 PM on weekends, and such useless data?

It would indicate that they're lonely and looking for a partner. If you were looking to turn them into an intelligence asset, you could have an officer approach and seduce them.

If it's Grindr instead of Tinder, or if they're married, you have a blackmailing angle. In a lot of countries it would be very effective.

There's no need for notification snooping when these apps are spamming requests to unique subdomains on analytics services and their own APIs. DNS snooping is a much easier method of getting that metadata.

Although I suppose one advantage of push notifications compared to DNS is that they're delivered even when the app isn't open, and more generally they can also serve as a liveness check (successful delivery means your device is online).

Push notifications would be most valuable for p2p metadata (e.g. iMessage key exchange handshake between two users) and, to the degree they can snoop on the message content, obviously that would be valuable.

Just because some apps use insecure but highly identifiable DNS lookups doesn’t mean everyone does, or that DNS-over-HTTPS will never be deployed (iOS shipped support in 2020 and Android was only a couple of years later). There’s a 0% chance that anyone smart would say they should rely on that alone and not develop other sources for that information, and intelligence agencies have hired many smart technical people.
In general, I agree DNS-over-HTTPS is a step in the right direction, in terms of eliminating the low-hanging fruit of snooping over the wire. But it's still the same major companies providing the resolvers. And if you're sending them an NSL for push notifications, you may as well send one for DNS too.
That’s usually untrue - for example, if I’m on Comcast but I use Firefox, my DoH requests go instead to Cloudflare who don’t log IPs – but also the larger point is that DNS isn’t complete enough: sometimes it’s unique companies but a lot of the time it’s just a shared endpoint. Push notifications don’t have that problem and happen every time, not just when a cache expires.
Cloudflare is one of the "major companies" I was alluding to. It's still an issue of centralized authorities that are accountable to governments. But I do trust Cloudflare more than my ISP or Apple, and in fact I route much of my traffic through them so I hope I'm right in giving them my trust.
It’s also a question of what information is available. In the United States, for example, it’s generally seemed to be the case that they can compel release of existing data but not changing systems to record new data or remove encryption. That’s not the case in every country, of course.
Suppose you use an anonymous app for messaging. The government sees the conversation ("good day to you") but doesn't know who is on one side (perhaps both).

So they ask Apple "who exactly sent or received on their phone a push notification for 'good day to you'?" Or perhaps "who sent or received push notifications from secure messaging app around 8:24:39.124 pm, 8:26:12.322, etc.?"

Apple tells them, and now they know the identity of the "anonymous" recipient. Replace "good day to you" with any text disliked by any format or current or future government.

The content of almost every messaging app push notification is already encrypted. So I think it's mainly for knowing when someone receives a notification.
In what way would ignoring a viable SIGINT source be incompetent?

Just thinking about only my push notifications yesterday and they revealed that I am clearly a developer or technologist (push notifications from Git/AWS/etc), who got a haircut (time and location were revealed in the message, but I'm sure government-level agencies could have tracked which SportClips location the appointment belonged to), that I am interested in generative AI, and working out.

Another day might have yielded far more interesting facts, but those bits added to a record of my interests and habits can become quite powerful over time.

> Just thinking about only my push notifications yesterday

See, the gist in the letter is this sentence:

"As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information."

Do you really think that a foreign government is interested in push notifications when issuing a demand to disclose data from a phone?

Push notifications can leak information from secure or encrypted apps. Its easier to get around E2E encryption than breaking the encryption itself
It seems silly to imagine they'd ask for anything less than everything they could get.

More information means more ways to hone in on whatever allegation you're trying to prove. If it's investigative, then it gives more of a picture of what's happening.

I used to imagine EZPass data as innocuous, but now it's used routinely in criminal trials to show that a defendant was at a given place at a given time. Divorce attorneys also request it, as it can be used to illustrate patterns.

Both Apple and Google have root access in the devices. They do not necessarily need to do this.
From the companies not needing this, it does not follow that various governments don't need this.

My first thought is that this is looking like an especially fun (for the rest of us) popcorn session where someone in one government is shocked to discover that other governments pull the same stunts that they think should be reserved for "our people"… but then I looked up Senator Ron Wyden's Wikipedia page and he seems to be genuinely opposed to such shenanigans from everyone including the US.

So, good for him.

Push notifications allow more people to spy on you.

At the core most technologies have been deeply rooted by intelligence agencies.

Do push notifications still get sent and just ignored if they are disabled on the device?
I’m no expert but in my experience developing mobile applications & push notifications, I’ve only registered a device for notifications (and subsequently sent notifications) if the user opted in. Based on my own experience, I would say if you didn’t enable notifications for a particular service or app, they don’t get sent.
The app developer will still send them to Apple / Google though so the data will still be available to snoop on.
Dunno how it is now but it used to be that Apple would tell you which push tokens (recipients) were rejected (app uninstalled, push disabled for your app, or you stored a bad token to begin with) and you were supposed to stop sending to them, with the implication that Apple would get upset with you if you kept sending to rejecting tokens for too long.
This depends on how the app implements notifications, and which mechanism is used to disable them. I know FCM/Android, not APNS/iOS, so here's a breakdown:

1. The app registers a push token with their backend. This can happen without granting notification permissions, and without notifying the user. So the backend is free to start sending push messages immediately after registration, which is typically done on the first app launch.

2. The controls available in Android's per-app notification settings have nothing to do with push messaging. These allow the user to limit or change how the app displays notifications, regardless of the reason the app is displaying them. Some apps have additional options to disable push messages, but that preference must be communicated to the app's backend to prevent the backend from sending pushes in the first place. Some apps may consider Android's notification settings to determine this preference, but it's extra work to do so.

The concepts of "push messaging" and "notifications" are often used interchangeably, but at least on Android these are separate systems that are tied together with client code. The push messages may also contain notification data, and the official FCM client will display these automatically, so this confusion is understandable.

Some issues could be prevented if push messages added end-to-end encryption by default, something that shouldn’t be particularly hard to use if it was built into the dev tooling. Instead, developer recommendations like this one [0] suggest that you should put content into your push messages and optionally use a separate library to encrypt them. Clearly developers aren’t doing this, hence the opportunity for surveillance.

[0] https://android-developers.googleblog.com/2018/09/notifying-...

If it’s metadata they’re after (according to the article) would it really matter if the push notifications themselves were encrypted? As long as you’re using Apple/Google’s servers to manage push notifications it seems like there would be some metadata that could be useful for surveillance purposes, encrypted or not.
Getting rid of all metadata is fundamentally hard, unless providers are willing to deploy PIR or anonymity networks. But I think it's a mistake to assume metadata means "just the timing of a message": these push messages may include a lot of detailed content that is being described in this article as metadata, and all of that stuff can and should be encrypted.

Additionally, with a little bit of work (well, really quite a lot) the push messages can be made to hide the source. This would make it harder to distinguish a Gmail or DoorDash notification from a WhatsApp notification.

Encryption wouldn’t help as the whole point would be to look for coincident timings. I.e. after activity from one user to a known service you see a push occur going to another user. If this pattern repeats you can build confidence they are in contact.
It would very much help if you wanted to stop the government hoovering up the content of chat messages sent as push notifications
Encrypted messengers aren’t sending unencrypted push payloads, at least not deliberately.

A lot of apps don’t even put much in the push messages themselves at all, they are mainly an indicator to phone home for more information.

Consequently no gov has been getting meaningful info from the content of this stuff for many years - it will all be what you can infer from observed patterns, which is a lot.

I'm not sure I'd trust dating apps and weaker chat apps not to just be sending the contents of messages to a TLS push notification endpoint that Apple/Google could do whatever with before forwarding on to devices.
Differential privacy, meet notifications: just add random notifications as noise to everyone. If payload decrypts to junk, then drop/ignore as a faux-notification; else, trigger notification.

Eh, what’s a few orders of magnitude increase in notification infrastructure overhead anyway? /s

The timing would still give you away - with a privileged network position you can tell that a user sent a message to an messaging service, and that some set of users got notifications from that messaging service moments later. Observe that enough times and you'll have good confidence in the members of a group.

If you're trying to hide from that type of attack you need to send a fixed rate stream of messages (most of which are dummy messages, except the occasional message containing genuine content -- like number stations). Furthermore, every point in the chain also needs to avoid revealing which messages are genuine (by fetching the encrypted message from the server when it receives a genuine notification, you're giving data away).

The operator of the app could send messages at fixed intervals to make it more difficult to correlate the messages (more samples required to have confidence in the recipient). If they send dummy notifications they'd probably fall foul of Apple/Google's constraints around invisible-to-the-user notifications (I know Apple prohibits them, I assume Google does as well)

I can't see that frustrating this type of attack would be interesting to Apple/Google: it would push up power & radio bandwidth requirements for everybody pretty significantly.

If notification is malformed or erroneous it should be invisible, shouldn't it?
I think (reading between the lines on their docs) that you'll get throttled/dropped if you abuse the system by sending a regular push notification but do not notify the user. Apple doesn't like app developers using invisible notifications because it risks wasting device battery without the users being aware that their device is constantly being awakened by your app.

However, I was actually wrong more generally because Apple does have push notification type for this, Background Updates[1] are permitted to run invisibly. They say not to try sending more than 2-3 per hour, and that "the system may throttle the delivery of background notifications if the total number becomes excessive" - which sounds like you're permitted some unspecified small number between app launches.

These notifications seem to only be able to send a single boolean flag, so it doesn't seem like an awfully viable way of implementing a fixed rate message system (especially because you'd also want to be sending messages out on that same fixed rate to frustrate analysis)

1: https://developer.apple.com/documentation/usernotifications/...

Technically you can make malformed messages visible: store them in spambox and display their metadata or maybe even as a source of randomness, like random.org
In fact, at least on Android, the contents of most push notifications are not the actual messages to be displayed to the user, but just empty notifications letting the app know it must poll for something on the server or some other activity which may result in a notification.

It's all about the timing (and meta-data like which app), not about the contents.

What you're talking about is achieving perfect privacy/security.

Even just E2EE on the notifications themselves would be an improvement over the current situation. It would make certain categories of data unavailable to eavesdroppers. The fact that it would not protect against 100% of all types of data/metadata exfiltration is not sufficient reason to oppose implementing it.

Isn’t this somewhat defeated if the service is large enough?

E.g: if I get a signal notification and the notification has no data except “event happened, call server for updates” - and then you fetch updates as a batch - doesn’t the sheer number of people making that same generic batch update call somewhat mask it?

I’m curious where Apple prohibits dummy notifications, by the way - I used them for a financial app I worked on a few years back and never got dinged for it.

Some apps actually do that. I know at least Rocket.Chat has an option to handle push that way. I'd like to believe other similar chat apps used by groups and communities have it too.

But as others have pointed out, just having the timestamp and target of the notifications already tells a lot.

I don't see why. The system operator knows to whom the message is being sent. They get a court order, ordering them to track messages sent to enumerated entities and they have to comply.
> In a statement, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.

> "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."

If Apple knew about this why wouldn't they limit their exposure to this user data?

> …a source familiar with the matter confirmed that both foreign and U.S. government agencies have been asking Apple and Google for metadata related to push notifications to, for example, help tie anonymous users of messaging apps to specific Apple or Google accounts.
Hey other states, can you elect a few more Ron Wydens? He's been doing a ton of the heavy lifting lately. Every time we hear about the intelligence community egregiously violating civil liberties, it's always Wyden.
Yeah he's awesome. /s

In May 2017, Wyden co-sponsored the Israel Anti-Boycott Act, Senate Bill 720, which made it a federal crime, punishable by a maximum sentence of 20 years imprisonment,[88] for Americans to encourage or participate in boycotts against Israel and Israeli settlements in the occupied Palestinian territories if protesting actions by the Israeli government. The bill would make it legal for U.S. states to refuse to do business with contractors that engage in boycotts against Israel.[89] https://en.wikipedia.org/wiki/Ron_Wyden#Israel

I can’t tell if you’re being sarcastic. How is that acceptable and democratic?
I am being sarcastic ;) the guy is supposed to be a freedom fighter for privacy/security but is trying to ban boycotts, the most basic form of protest, and integral to US democracy.
Well, apparently, that's how a good politician works. Just like a good software engineer would have not one, but two backups, at different locations.

It's similar to what economists say about not pulling all your eggs in the same basket.

close enough

I must add that "good politics" are all about compromise.

In my somewhat grim perspective the best outcome of good politics means none of the constitutents are happy and none are desperately angry.

politics are all about the completely bland and boring averaging

but I come from a land of historically terrible, awful politicians and leaders

He's only banning the 'bad' boycotts. Right? /s
Your previous comment came off very genuine. If clarity of statement is important, it might be worth ensuring your actual intent is made unambiguously clear somewhere in message, if that message is otherwise ironic or sarcastic.
It already in exists in the form of Anti-BDS laws. 35 states already have them
>Anti-BDS laws

These would seem to contravene the First Amendment.

And? The US doesn’t work the way you think it does. It operates illegally and protects its powers over people. As a factual observation. What then
If you require all your allies to be perfect people...

... you won't be left with many allies.

I mean wanting to put people in jail for using their first amendment rights is kind of big deal.
and yet a leading candidate for the highest office is promoting exactly this, and has a large percentage of the population in full support.
As long as you are putting “them” in jail, it doesn’t matter
You can literally use this to excuse any behavior
True, but you can also refuse to excuse any behavior, nor give even an inch, and then look around after a while and realize you've won the wrong contest. You won the never giving an inch and remaining morally unblemished contest, and lost the making allies and getting anything done contest.
True, which is why it must be balanced with realistic judgements about the people you support and knowing what issues are truly important compared to what the current buzz is telling us is important.
That sounds like an attempt to ban political expression that is certainly protected by the First Amendment.
Well established ban, since you cannot discriminate anymore or voluntarily associate anymore as a business
It’s already pretty much the law. You can submit your complaints to the Office of Anti-Boycott Compliance [1].

Foreign governments can’t force government contractors to comply with boycotts. This bill AFAIK simply closes the loophole of Palestine not technically being a foreign government.

[1]: https://www.bis.doc.gov/index.php/enforcement/oac

That's not the same thing. This isn't about foreign government demands, it's about US states being legally able to discriminate against contractors who participate in BDS. (Edit: in fact it's about contractors who refuse to sign a pledge that they won't ever participate in BDS)
Wyden knows such a bill wouldn't pass specifically because of its unconstitutionality. This was about picking up media coverage by throwing red meat at voters.

Congress has been in a state of deadlock for too long to pass any actual laws, so this type of performative theater ahead of midterm elections is what passes for statesmanship.

That's awfully generous. He co-sponsored a bad law that he didn't actually want to see passed?
He may definitely want to see it passed. But elected officials should not be engaging in pushing bills that won't pass their first legal challenge.
Similar bills have already passed legal challenges https://www.lawfaremedia.org/article/eighth-circuit-upholds-...

I think it's a bad law and he's making a big mistake. I'm still a fan though.

Thanks for the link. Scary to see that the state is re-drafting these laws specifically to find loopholes in the constitutional definitions of freedom of speech. Check out this other loophole:

> The act does not apply to contracts worth less than $1,000, or to companies that offer to provide the goods or services for at least 20 percent less than the lowest price quoted by a business that has complied with the certification requirement.

So, a contractor if free to boycott as long as they cost the taxpayer a little bit less.

Well it's pretty unlikely such a law would stand up in any court even small claim's court
Uh it's already the law in dozens of states. The Arkansas law was challenged, but upheld by the appeals court and SCOTUS refused to hear the case.
I'd rather not test this theory, just like I'd rather not test the constitutionality of a law that makes accessing TikTok a felony.

... Also, as sibling commenters pointed out, anti-BDS gag laws are everywhere in this country, and have yet to be struck down.

I'm an Oregonian and my biggest complaint about Ron Wyden is that he's usually ahead of me on technical issues. There are worse problems to have...
I believe he sits on intelligence committees and has a security clearance so he gets briefed on all kinds of outrageous things he can’t publicly talk about. But he does his best with what he can.
(comment deleted)
Unifiedpush to save the day! And an XMPP server with Conversations can be the basis for it: Https://unifiedpush.org/users/distributors/conversations/
AIU deanonymization happens due to pseudonymity. There are 3 pseudonyms: chat id, push id, phone number. Since all three are constant and linked, they can deanonymize the user. You need some sort of anonymous or confidential protocol to work around it.
Stop promoting and trusting Conversations. Is it bad software which never did OTR verification properly before yanking it unexpectedly and without explanation. To my knowledge it has never been independently audited let alone taken seriously enough by any infosec professionals to warrant such study.
(comment deleted)
You do _not_ need push notifications in the first place. Most definitely not for messaging programs anyway. The "saves battery" arguments are always very fluffy and devices/clients who don't do push notifications (or at least don't force you to) sometimes even have better battery life than devices/clients which do.
Yet another reason to be a happy GAPPSless LineageOS user
What's GAPless? I've been thinking about trying out LineageOS on a refurbished phone, so I'd love to know what I can do to make it even better.
I think it means without "Google Apps" installed (gmail, play, maps, etc, etc).
You're kidding yourself if you think three letter agencies don't have LOS users on a list and have capabilities to spy on them on demand with tailored access.
Maybe, but for sure avoiding stock Android and Google apps increases privacy a lot.
Depends on your definition of privacy. Maybe privacy from Google, at the cost of additional scrutiny from domestic intelligence services.
(comment deleted)
There are few cases where that would be worse than using a normal all-monitoring android
It's a huge problem for both privacy and the open source ecosystem that Apple and Google mandate use of their own notification system for apps to be included in their stores.
And now we understand why they do that.
It is driven entirely by battery life. Android used to allow 3rd party apps to receive push notifications, and it caused battery life to be terrible compared to Apple. Forcing a single path was done for that reason.

Btw, here's the telegram team complaining about the change: https://github.com/Telegram-FOSS-Team/Telegram-FOSS/blob/mas...

Facebook abused this a bunch. https://www.theguardian.com/technology/2016/feb/01/uninstall...

Allowing other notification systems would hardly have an impact (especially when someone could replace GCM entirely with them)

And you can simply offer more battery controls, rather than general not overridable rules

This complain is nonsense. Android _still_ allows background applications, the only limitation they added in that release is that such background applications have to show a notification that they are running (actually a feature if you ask me). You are still allowed to listen on a gazillion sockets perfectly fine.

It's more problematic that some Android "skins" tend to kill background applications at random https://dontkillmyapp.com/, but at least, one cannot squarely blame Google for that one...

The "battery life" argument that that they constantly use is also a very poor excuse. Even when Conversations (the Jabber client) didn't use push notifications at all and would just listen on noisy XMPP sockets, it still had about the lowesst power consumption of all Android messaging programs, lower than Google's own push notifications client app (play services).

Certainly I might imagine that if all 1,000 adware apps your average Android user installs all needed to be wired and listening to a socket in order to receive the latest offers (all in the legitimate interest of the user, of course) you might literally run out of memory. But even then there are many solutions (such as inetd like services) that do not require centralizing everything into Google.

> Android _still_ allows background applications, the only limitation they added in that release is that such background applications have to show a notification that they are running (actually a feature if you ask me). You are still allowed to listen on a gazillion sockets perfectly fine.

...I'm not even clear on what they're complaining about (the page github links to seems to have been changed, it describes the current state rather than what happened in 8), because this was actually a thing as far back as Android 2: you had to have one of those notifications up to prevent Android from killing your service.

Android's behavior WRT to background services over the years changed from "MAY kill" to "WILL kill", so for people who never honored the official docs (unfortunately most of them), this was a problem.

Additionally, Alarms and Broadcast Listeners were seriously crippled which made common workarounds much harder.

I suspect it wasn't initially designed to help enable government surveillance, but that data must have a significant dollar value to those companies.
There were huge downsides for battery life before, and privacy is somewhat orthogonal since you’d be at risk from more companies and they’d all be subject to the same legal demands, so I think the answer has to be regulatory. In the EU, that seems possible but I’m not sure the U.S. government is currently functional enough to do anything about this.
Allowing third-party notification systems (such as UnifiedPush) would have practically no negative effect on battery life

Not to mention that people might prefer to use some more battery in exchange for more privacy

It certainly had an impact when Apple and Google shipped platform notifications because each of those systems kept the radio active.

It’s possible that a better interface could be developed but it wouldn’t help privacy unless the implementers were in different legal jurisdictions: the same government which can subpoena or NSL Apple or Google could’ve asked e.g. Urban Airship for the same details. There’s also a challenge in that each implementation is a chance to make mistakes or fail to deliver promised privacy protections, and someone in a country which isn’t the United States might have stronger privacy laws but is also a legitimate NSA target. This kind of problem just doesn’t have simple solutions.

It's a much bigger nuisance and risk to have several smaller parties to handle court orders; some of which could indeed be in other jurisdictions by the way.

Before the platform notifications every single app kept their own connections open; allowing (completely) third part notification platforms would have a small or non-existent impact

> It's a much bigger nuisance and risk to have several smaller parties to handle court orders; some of which could indeed be in other jurisdictions by the way.

I’m not sure this is true: a small company is less likely to have the legal resources or confidence to stand up for their customers’ rights. I’m sure you could find examples going either way at either size.

Being in a different country helps but only if the company has sufficient security to even notice if the NSA decides to take advantage of them being outside of the US. I would bet Apple and Google have that level of expertise but not everyone else.

"The source declined to identify the foreign governments involved in making the requests but described them as democracies allied to the United States"

- why not identify them?

Because the requests likely contain legal cladding to forbid disclosing the request, as is the case in Australia. A lot of people would be vindicated if it turned out one of the “democracies” making these requests was Australia.
Australia was my first guess when I read that sentence. But I expect it's not the only one.
It’s likely the five eyes allied nations.
Yep. Most likely to try and catch Chinese spies or other countries like India, Iran, Russia, and others as they continue to go after dissidents abroad.
Or to track US activists and resell the information to the US government, in exchange for data on other five-eyes citizens or access to other surveillance systems (US ones are obviously the best, from a military standpoint).
Or (insert country you have a political agenda against) to (do thing you disagree with) for the purposes of (pushing your own political agenda).
More like "or (insert country that shouldn't be doing something according to its own laws) to (do something against its own laws) for the purposes of (someone's profit)".
Sure and that applies (at least) to the EU (and friends), US, UK, China, Russia, Japan, South Korea, Singapore, Australia, New Zealand, Saudi Arabia, Israel, Turkey, India, etc.
Yeah but a lot of those are not democracies, nor do much business at intel level with the US.
Why would it matter if they are democracies or not?

Why would it matter if they "do intel business" with the US, EU, UK, etc. ?

Because that's what the source said they are.
Pakistan?
Let me think - could it be the one country with a complicated situation where most of the security-services apparatus is nominally allied but actually supporting forces opposed to the US (talibans etc), with a sclerotic political system defaulting to military dictatorship every other decade; or the long-standing allied democracies (plural) with a well-documented history of structural cooperation in matters of espionage and surveillance, particularly at the IT level...? Which of the two would the US government rather let run surveillance on US citizens? Mmmh, I wonder!

/s

They let Israel do it to Palestinian Americans.
We already know, it's the Five Eyes
Most likely group, since they info share and this is the standard end-around on laws prohibiting "domestic" surveillance; government has some other country run the surveillance on their nationals.
Are the contents of push notifications not encrypted? Or are we talking about payloads rather than transport?
They mention metadata in the article. Imagine sending a message to a Signal account at time X, then asking Apple a list of all users that received a Signal notification at that specific time.
This ^. approach and modified forms of it can bu used to track lots of things, and have be done so for decades by some goverment agencies. You can use a method like this even if people are using encryption and lot of anonymous tunnels. You simply shape the traffic and watch where the shape of that traffic stops. Can track people realtime across almost any link, including things like Tor, etc.
I had to anonymize some data while still keeping some details. You could imagine individual trees that needed to be put into groups of similar trees so individual details were lost.

Anyway, these "trees" were effectively user behavior across all our products. I was shocked that simply knowing *when* (to within a second or two) a person did two or more things, you could narrow it down to *one single person* out of hundreds of millions.

That doesn't make sense. I would expect Signal notifications to happen completely out-of-band with "normal" push notifications (e.g. NYT news alert). Otherwise that completely defeats the purpose of the service. Basically you're saying Apple/Google are MITM'ing Signal.
I'm not so familiar with Signal, but could you explain why you would expect Signal notifications to happen out-of-band with normal push notifications?

Assuming Signal sends push notifications of some sort, as most messaging services do, that would make them vulnerable to the metadata-level attacks described in this thread.

What kind of "out-of-band" are you thinking of that would mitigate this issue?

Not using APN I assume, but then you are not allowed(or rather won't pass the review) to publish the app in the App Store.
Why: because otherwise the service, which is supposed to be private, is no longer private.

I dunno how it would work, maybe something like a third-party push? Why does everything have to be channeled through central service? A service like Signal could operate its own push channel.

Apple doesn't support any third-party push platforms, and they are restricted on Android to preserve battery life.
no, that's not basically it. MITM to me means being able to read the data by placing yourself in the encrypted chain. that's not how push notifications work. they don't need to know the contents of the message
The notification is separate from the message. It absolutely is MITM, just for the notifications, which are messages themselves with real content (you have received a message from so-and-so).
I don't know what you think you are proving here. They did not view the contents of the message. An MITM "attack" would allow them decrypt the content of the message. This is just metadata being used. It's no different than all of the other metadata uses that the TLAs have been using. We've known for a long time (for me since Snowden was the first time I ever even considered it) that metadata can tell us a whole hell of lot about people that is just as much evidence that the actual contents of the message are irrelevant. With metadata alone, you can build up an entire network of people to investigate. You can do that investigation without ever decrypting anything. It's no different from the police following a suspect to see who they meet, and then following that person, and continuing until they find the bigBoss. They can then roll up the entire network in one fail swoop if they so choose.
This is just how push notifications work on iOS and Android. The app requests a push token from the operating system, sends that to its backend and stores it against the user's identity. To send a push a message is sent from the backend to a push service maintained by Apple or Google, who then deliver the push to the phone in question. In the case of Signal, their backend cannot access the message content, so the notification does not contain this, i.e. it's not MITM.

On iOS in particular background modes are finicky and you cannot generally have an continuously poll notifications in the background. Further, if every app did this battery drain would be significant.

Unless I’m mistaken - and I might be or it may have changed - Signal notifications on iOS just tell the app “hey, something happened, call the service and check for updates”.

I.e, the push notification itself contains little to nothing in terms of data/metadata.

You can also of course decrypt a notification by shipping an extension to do so, and maybe Signal does - it’s been awhile since I poked around it. I’d just be surprised if the Signal team didn’t analyze the issue to death and find the gaps.

What you've said is correct, but it doesn't stop the attack vector described.

If the question to Apple or Google is "who received a notification from Signal at 17:15 UTC?" then even if the notification is “hey, something happened, call the service and check for updates”, you've got your answer.

To defeat it, one would have to regularly send cover traffic (i.e. push messages saying "nothing happened"), and accept that notification of messages may be delayed until that regular period.

i.e. the app sends its push token to its back end, together with a "use by" date. The server sends a push by that time, even if there is nothing to send. In the case of receiving such a "nothing happened" push, the app gets a new token, and informs the back end server.

The constraint there is how frequently Apple / Google will allow pushes, and how well the respective central server can scale to sending all of those dummy notifications.

The cost for the mobile being extra data use, and extra battery from the forced wake ups. So it may have to be a configurable option in the app.

So do Apple / Google allow at least one notification per hour?

I would have to imagine that a high enough level of traffic/users would obscure this sufficiently.

e.g: If the question to Apple or Google is "who received a notification from Signal at 17:15 UTC?", then that could very well be a million people.

Others have mentioned the timing attacks but also payloads are not encrypted unless the app developers remember to build that. This linked essay discusses both threats:

https://blog.davidlibeau.fr/push-notifications-are-a-privacy...

Thank you I was wondering about that. A couple of days ago I heard somebody mention that push notifications go through the backend and that it was a huge privacy issue, and I just couldn't believe that messaging apps that are "encrypted" would go through all that work just to then send the unencrypted message to Google's servers
I noted that Apple says the governments in question are allies of the United States. I wonder if this is a case of American intelligence outsourcing the surveillance of American citizens to foreign intelligence. If that is indeed the case, I’d expect a quid pro quo.
Yep sounds like five eyes.
> I wonder if this is a case of American intelligence outsourcing the surveillance of American citizens to foreign intelligence. If that is indeed the case, I’d expect a quid pro quo.

Yet it is the US government who revealed it: "In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet's (GOOGL.O) Google and Apple (AAPL.O). Although details were sparse, the letter lays out yet another path by which governments can track smartphones." - https://www.reuters.com/technology/cybersecurity/governments...

> Yet it is the US government who revealed it

Less "the government" and more "a member of government", the same member who has revealed and demanded accountability when discovering domestic government overreach.

We should choose our congress critters carefully.

Indeed. But government is also a process and in this case I think it is fair to say that the process is leading to good outcomes (transparency, accountability).
Congress has so little power its becoming a vestigial organ. Only there to placate the masses who believe their vote makes any impact.
This is some wacko BS. Congress has tons of power which can impact your daily lives. If you think it doesn't have that power, you're just not well read on the subject. If you think modern day politics of us vs them divisiveness gives the impression that they cannot do any thing is a dangerous interpretation. It's also a bit sophomoric of an interpretation as well.
Congress very much has too much power. If it was a fighting game character, it would be the overpowered character people would want banned.

Repeatedly Congress has shown that it's checks and balances have more power than others. If Congress picks the supreme court and there are multiple ways for a massed power to keep it's power then nobody else has any real power. The US system is actually rather poorly designed in that form.

>We should choose our congress critters carefully.

Agreed 100% and sadly, quite rare. I'm not going to start naming names, because that would devolve this into a political conversation about the parties. That isn't this. I suspect most people know who the criminals are. Now to see if they care.

It is a testament to our checks and balances, which, while far from perfect, are useful in preventing somewhat one branch from getting too much power.
I think people put way to much trust it political institutions, at least at the scale of national, which are, for the most part, only really used to protect a certain classes of people, the people who run it.

The problem with corruption is scale, when you have too large of an institution, it's easier to hide intent. I don't see how you can police that by voting when so much of what goes on is not easily seen.

For every persons that gets voted in to do the right thing, there are 4 others who are doing the wrong thing.

Wyden is far removed from the part of the government which engages in surveillance. He's the same person who was questioning James Clapper in Congress about mass surveillance before the Snowden leaks [1].

[1] youtube.com/watch?v=QwiUVUJmGjs

That's how they circumvent the ban on domestic spying. The US spies on Australians* and the Australians spy on US citizens, then they exchange the data. Easy.

*And/or other Five Eyes members.

(comment deleted)
What sort of metadata or information can be gathered from a push notification from an app like iMessage? I know a timestamp is there and most likely the sender's phone number.

But is there some sort of sensitive info that these governments are trying to glean? Or is it more so they can build info maps and communication maps on targets?

Chat message content?
I know iMessage is E2E encrypted, and I wonder if that extends to the content shown within a push notification. Maybe the push notification servers receive the content encrypted, pushes it to the device, and then decrypted on-device?
Why on earth would you _still_ believe that iMessage is E2E encrypted? Even if it was _today_, _nothing_ prevents Apple from silently pushing an update that simply does not encrypt _your_ messages. And even if you trusted Apple on their word, they could still be sent a security letter (like here) from _some_ government forcing them to do it, and forcing them to be silent about it.
Not to mention that all apps on iPhones are compulsorily encrypted, so there's no chance to know what any of them is really doing
Simply put, sunk cost fallacy. Apple marketing has completely inundated and exhausted consumers by front-running a BS privacy narrative, to an extent such that users of their products lack even the vocabulary to meaningfully reason about and discuss what privacy is and is not; instead opining an opaque, closed source platform could defend their individual interests from asymmetrically powerful forces at all.
(comment deleted)
If you were able to do this, and you also had control of the person's ISP/cell network (not unusual for the threat model here), then one thing you could do is interfere with their communications, "shadowbanning" them from their friends/contacts. Say you used a particular app, like LINE, to speak to one particular friend who your "benefactors" didn't want you speaking with, they could drop connections between your device and that app's servers whenever they intercept a push notification from Google or Apple targeted to that app on your device. Effectively preventing the two parties ever communicating.

Depending on specifics, it seems it would be possible to do this cleverly, so the app still thinks it's connected, but just never receives these messages.

I'm not an expert on this, it just seems a plausible possibility. Best effort response to your question! :)

This would only work if the protocol doesn’t have the concept of retries, which it does. They’d have to block all communications which would be highly noticeable - especially since you’d get a flurry of messages any time you opened the app or migrated onto a Wi-Fi network.
I suppose it depends on which protocol, and which app, we're talking about, but...Interesting. Good analysis!

It's conceivable that connectivity checks flow to other servers than delivery traffic, and these are passed-through. Although addressing your more general critique of the "flurry" (good word! :)), requires noting that accomplishing this capability would involve compromising the app's servers. Such backdoors are again not outside the realm of possibility in the given threat model.

Do you see any possibilities for interference in the push interception capability described?

Compromise a single phone in a target group, send a message to an anonymous chat, and you now know every other member of the group.

Apple needs to know your Apple ID to send you an APNS payload. Now your anonymous chat profile is tied to your real Apple ID. Busted.

This is not necessarily true. You’re assuming that all the info is in push notifications themselves.

E.g: if I get a push notification that is simply “you have a new event, poll the server”, and then I poll the server for (encrypted) batch updates, where exactly do you see the leak that ties an anonymous profile to an Apple ID? Given a large enough service, that same generic batch update endpoint would be getting hammered and I have to think it would effectively be camouflaged to a degree.

Granted, not every app is going to use this design - but if or when done properly I don’t see that much of an issue here.

(I am open to being wrong, mind you)

Very delayed reply here, but it's a timing attack, I think.

If the government has access to telco resources (I think it's safe to assume that they can and do), then they can line up the timing of a chat message with the push notifications it triggers.

If we are chatting and the government doesn't know who I am, it will only be a matter of time before the number and timing of the push notifications I receive line up in a unique way to the messages you sent me. That would work for every member of the group.

Apple could bundle up multiple push notifications to obfuscate it a bit, but it would hurt real-time communications and wouldn't be that strong of a mitigation anyway.

Metadata in this case apparently means Apple and Google are helping find “this real user connected to that real user at this time”. So governments may or may not be able to decrypt a push message payload, or data delivered because of that payload.
FCM messages are not encrypted end-to-end, that's up to the app backend/client to do themselves.
An interesting point in Glenn Greenwald’s book is that metadata is often more informative than the “real” data.

Consider:

1. A phone call in which Mrs. Smith talks to a receptionist to set an appointment with a doctor for 9:30 next Wednesday.

Vs.

2. Knowing that Mrs. Smith called an abortion clinic.

#2 seems like a bigger violation of privacy. Metadata is the real data.

Exactly. Metadata is how you go from pwning the phone of one dissenter to learning about their whole group.
how will actual data not be more informative? you can easily infer what the appointment was because the phone call will mention the name of the doctor or office and you can look that up plus all the details they discuss

you'd still have to look up who the doctor they called is from the metadata; it's still info but absolutely not more informative than the real data

so this line of thought makes no sense, and glenn greenwald should be looked at very skeptically in general, he sounds smart but when you look at his logic closer it breaks down

>you can easily infer what the appointment was because the phone call will mention the name of the doctor or office and you can look that up plus all the details they discuss

You're assuming these things are mentioned. "Hi, I'd like to book/confirm an appointment with Dr. Jones." doesn't leak information about "abortion".

Yes, these things obviously depend on what information is transmitted. The point, however, is that metadata more reliably transmits sensitive information than does "the data".

> You're assuming these things are mentioned. "Hi, I'd like to book/confirm an appointment with Dr. Jones." doesn't leak information about "abortion".

yes it does.. just look up who dr jones is; is the metadata going to say "this lady is getting an abortion" ?

I think you're nit-picking and failing to address the broader point.

1. The conversation may or may not contain information pertaining to an abortion.

2. The metadata (namely: "it's an abortion clinic") inherently contains such information.

The point is that metadata is usually the more interesting data.

> inherently contains such information.

no it doesn't, it'll contain a phone number to a clinic, then you'll have to look up what kind of clinic it is

you're telling me the receptionist answering the phone at the clinic won't mention the name of the clinic when someone calls?

and stick to objective points and don't fault me by calling it nitpicking because your argument falls apart when basic critical thinking is applied to it

God forbid if you are just going on a date with someone who works at an abortion clinic.
Or applying for a job, or surveying local businesses for a story, or transposed the numbers, or…

It can simultaneously be true that metadata contains less information than real data and that metadata is still dangerous. But when one is known for breathless hyperbole, should we be surprised when that’s what we get?

Yeah, false positives are a doozy, and I don't see many guardrails in place to prevent the intelligence community from acting upon them :/
> doozy

They’re not just a “doozy” they’re downright fascist authoritarian. Even the positive positives are infringements.

This is tangential to a comment I read (probably on HN) perhaps a decade ago, when scandals were being reported that laptop webcams could (surprise!) be activated remotely and people/kids being spied on (I think the article was a school-issued laptop disciplining a child from evidence gathered by the webcam at the child's home).

Someone pointed out that, while being watched is creepy, the real damning information on people actually comes from being listened to.

Which is why my devices have hardware kill switches for microphone.
(comment deleted)
Pardon my ignorance but would block all push notifications stop this specific act of surveillance? I usually don't need any notifications' content on the screen apart from "you have a new message on <app>, go check it". Or is that what's being discussed here?
The article says that Google and Apple know about the push notifications being shown on the phone and governments can make these companies turn over customer data.

I'm not sure if it only covers (for example) the unified notification service on Android or whether Apple and Google know of notifications that don't make use of that API. It's not clear from the article.

I don't know about Apple but on Android it's almost a capital sin to strive to use other services, and they work a lot worse than GCM (because of all the artificial limitations that Google imposed over the years).
It does seem to be notifications on the phone, but (a) that's incredibly surprising and disturbing and (b) it's really unclear why or how that would work when a phone is disconnected from the network. In any event, Google inserting themselves into notifications would be tantamount to reading all my email, texts and everything else, so ... why wouldn't this be restricted to opt-in? Many questions.
A push notification is generally what creates the "you have a new message on <app>" red bubble.
Nine times out of ten, when there's a news piece about a senator advocating for privacy and constitutional rights with regards to tech, it's senator Wyden. He's on the senate intelligence committee and has a decent track record of getting shit done with bipartisan support, so he's not just virtue signaling for votes either (not to mention that he's basically unbeatable in state election with all the support he has in Oregon). He's 74 years old, I do hope someone will step up and carry the torch when he retires. It's a losing battle but it's still important that we have someone who is competent and well respected to fight it for us.
I know it's the Oregonian in me and getting to meet him as a kid where he spent a decent amount of time with my class, but he strikes me as a senator that Oregon can be proud of. I might not agree with him on everything, but in my personal opinion, he's advocating and pushing for change on what he personally believes in. Makes me wish my current senator was more like that.
> he's advocating and pushing for change on what he personally believes in

That's certainly a step above many of the grifters we have in government, but it's also not necessarily a good thing. People can truly believe in stuff that's harmful or flat out wrong.

He even inspired Snowden to expose the illegal mass surveillance programs. IIRC Snowden reached a breaking point when James Clapper, then director of national intelligence, lied under oath to Congress when pressed about domestic surveillance by senator Wyden.

It's sad we don't hear more about people like this in positions of power.

Good thing there is no penalties for lying under oath anymore. That pesky rule of law was so long in the tooth.
There are instead life destroying penalties being handed out to whistleblowers. What a world we live in.
The good thing is we live in a democracy - if we don't like it, we can fix it at the voting booth.
We can vote for a blue boot on our neck or a red boot on our neck
No you can't. You only get to vote for the candidates on the ballot. And they'll get corrupted within a term, usually.
GP is being ironic.

That said, I also think things happen way before the first term. It requires consent of the Party to get on the ballot and hundreds of millions of dollars, increasingly trending towards billions, to run a campaign with a chance of winning, because in a democracy it's quite self evident that the person who spends the most money, must be the better person. Results don't lie!

And on top of all of this, if you aren't shaping up to be who the Party wants, then the completely independent, free, and honest media will demonize you. And even if this doesn't destroy you in the eyes of your own supporters, it'll rile up your opponent's base enough as they race to vote (for somebody they also don't even particularly care for) because if they don't, then you might win! That cannot be allowed to happen as it would obviously be the literal end of the world.

This is why it's ever more important for social media to be controlled, lest somebody angle-shoot around the traditional path to success - the media. If somebody's gaining traction on social media, then he's saying things that disagree with the powers that be. Since he's disagreeing with the powers that be, he is spreading misinformation by definition, so he must be censored. For our safety.

Very much agree.

I would like to ask you a serious question: do you not think it is extremely weird that so many people will at least sometimes[1] agree that "democracy" is essentially fake, but then at other times take quite literally the opposite stance...praising it, defending it, singing its virtues, etc? Granted, it is theoretically possible that each individual is 100% consistent at all times, and I am simply observing people who are on different sides of the argument, but now and then I'll check into someone's post history and find evidence that pretty soundly rules that out (subjectivity noted).

A standard response to this is something along the lines of "Oh, that's people just being X (dumb, etc)", but I do not believe that is an even remotely accurate description of what is really going on. But for even more irony: on one hand, most people tend to think democracy, governance, and all the things downstream of it (ie: their literal experience here on Earth) is a very big deal (the passionate debate over what exactly the events of January 6 "were" is a prime example), yet it is almost impossible to get anyone to engage in a highly serious conversation about just what the fuck is going on here on Planet Earth, 2023. It is as if there is some sort of a yet to be discovered phenomenon in play.

Do you think I might be crazy? I very often genuinely feel like I am living in The Truman Show.

[1] I feel like this is a crucially important detail that is rarely investigated or even contemplated.

That's a very interesting observation that deserves much more thought that I can give in a quick reply.

But I think one major issue is that we're living through an obvious inflection point in history. When the US was competing against the USSR, we achieved numerous objectively incredible things. For but one example, we went from having never put a single man in orbit in 1962, to putting a man on the Moon, in 7 years! In modern times, with modern tech and knowledge, we struggle to replicate what was done 60 years ago.

And so I am exceptionally critical of our systems in modern times, but also look at them with glowing fondness at what they have achieved in the past. But socially we rarely distinguish between the two - Democracy is Democracy. And so this can appear to be cognitive dissonance when one loathes 'current democracy' yet holds dear 'classical democracy.' And I think many people also feel similarly, even if they may not actually even realize it.

But back to the inflection point, for the past ~80 years, and especially the past 30, the US has reigned relatively supreme owing to a large technological edge driving a large economic edge. But now China is equalizing technologically which is also driving their economy upward. It's already the largest in the world PPP adjusted, and will soon enough also be the largest in nominal terms as well. A country of 340 million simply will never be able to compete against a country of 1.4 billion. So they are set to become the world hegemon.

What will that mean? Well historically they've always been relatively insular, even when going through periods of great power, and I don't really expect that to change. In the early 15th century they were, by far, the greatest maritime power yet one does not find Chinese colonies in the Americas, India, Africa, or pretty much anywhere. But on the other hand, I think this change does scare many people, because what if China becomes the new US and just starts trying to put its tendrils into everything and turn everywhere into little clones of the Chinese political system?

And fear is a such a strong driver of irrationality, the same reason people continually vote for people they don't like. I think this fear tends to cause a sort of rally around the flag effect, where people can see that this flag is one they scarcely recognize, let alone truly love, yet it looks far less scary than the one they don't know at all. Drive that fear of the unknown into people, which our political types thrive at, and the people will come racing back, not entirely dissimilar to a woman in an abusive relationship.

I still feel this is not even scratching the surface, but it's at least a first effort! It's such an interesting question that one could easily write several books on the topic. And in the future, people looking back, probably will do exactly that!

This is all well and good, but I sincerely believe that it does not address the question: why are humans, including the genuinely much smarter than average folks here on HN, unable to have a very serious discussion about ~~whether~~ the degree to which "democracy" in the US (or Western countries in general), is fake?

I believe it is very fair to say that it is not a question of whether it is fake(!) at all (as a binary), but a question of how fake is it, and in what specific ways?

And yes, I can certainly appreciate why people would have an aversion to this, and the various other "just so" memes that are trotted out when the topic comes up, but the question remains: why is NO ONE capable of taking this topic very seriously?

Can you address that?

I'd expect in this exact case the answer might be easier. It's because fake has an ambiguous meaning. It includes everything from the gamut of completely absurd such as elections aren't even actually happening, to the improbable but possible such as elections being rigged, to the self evident such as the people being elected, and their subsequent actions taken, being completely unrepresentative of the people or their interests.

And while all these topics (and many more) can be encompassed by 'fake', they all are quite radically different.

Maybe.

Let's say an election actually was rigged - do you think that is more important than whether our "democracy" is legitimate, always?

Do you think 10% of the HN user base has the ability to discuss this question, at all, and without losing control?

The problem is that society has been exceptionally divided, again owing to fear politics. And so even if an election was rigged, the people that benefited from it would basically demand a level of evidence that would never exist, even in cases of rigging. And by contrast, those that suffered from it would take the slightest irregularity as undeniable evidence of their rightness. And so it's quite unlikely that either side could ever reach a burden of proof that the other side would be happy with.

I think an important point in general is that democracy is what people think it is. If people think elections are fair or a viable means to change their political fate, then they're going to act accordingly, and vice versa if they don't. So personally I think having as absurdly transparent and open a system is critical. Irregularities and oddities should be publicly emphasized across the aisle so (1) everybody can discuss things and be on the same page, and (2) they can be remedied and not repeated.

> I think an important point in general is that democracy is what people think it is.

I think you hit the nail on the head here - and, it doesn't apply only to democracy, it applies to everything. It's funny, because lots of people also know this, yet do nothing about it.

> If people think elections are fair or a viable means to change their political fate, then they're going to act accordingly, and vice versa if they don't.

Where "acting accordingly" is usually ~behaving on social media in the corresponding manner.

Gosh, I wonder why it seems like humanity has little control over its fate.

(comment deleted)
Well a republic or was an oligarchy now, yeah just words and semantics...
Gerrymandering, campaign finance, first past the post, and the electoral college have all ensured that my votes account for precisely fuck-all.
From a European perspective, I am most cautious in calling a two party system a proper democracy.

It’s easy to game the system when there are only two sides to pay…

Good, what if only have bad options?
Um try that in a normal court as a citizen and you get your ass handed to you. Only the powerful get exceptions.
Google tells me perjury is still very much a thing. Do you have a source?
Hard to tell sarcasm in the written word, but I think you were replying to some.
Penalties for whom? Clapper was bound by conflicting laws requiring both honesty and secrecy. This problem goes all the way to the root of government and legal system.
The corruption of government begins with its secrets. A truly free people keep no secrets.
There are ways to respond to a question without violating secrecy and being dishonest. It’s like pleading the fifth, there are situations where it is acceptable to not tell the whole truth because it is counter to a law or personal right. In those instances the person needs to explicitly proclaim the basis in which they are obscuring the answer. Giving untruthful, absolute answers about the non-existence of something is inconsistent with the above.
His position on it has been clear for a while:

2008: https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveilla...

The votes: https://www.govtrack.us/congress/votes/110-2008/s168

But this is a MUCH older issue: https://en.wikipedia.org/wiki/Room_641A

And if you don't know about Quest: https://en.wikipedia.org/wiki/Joseph_Nacchio

The entire time period of the Bush admin is a microcosm for unresolved issues of today: Voting machines, government over reach and spying, security, encryption, copyright, bad behavior by corporate entities (M$ has a cohort).

Gosh I am so happy to have like the best senator in the senate next to Bernie Sanders in Oregon.

Oregon is an extremely based state. Y'all crap on PDX but the reality is that we have more freedom and less tyranny here than in any other state in the nation, and possibly in the world. PDX is "bad" because it's one of the only places in the world that hated the cops enough to actually muzzle them - and not living in fear of the boot is worth needing to deal with homeless people.

Want to smoke weed? Check (lowest prices in the world). Want to do psychedelics? (functionally legalized) Check. Want to shoot guns? (relatively lax gun laws for a blue state) Check. Want to not be spied on? As check as Ron Wyden can make it!

> Want to smoke weed?

The tyranny of the masses is still a tyranny. I'd personally like to move to a state where all smoking, but at least weed smoking, is illegal. I really don't like second hand smoke, especially when it smells and hangs as much as weed smoke does.

It's already not legal to smoke in public for weed and in most places for cigarettes. Frankly I don't think outright prohibition addresses that any better than the existing system. Nor do I see how having bodily autonomy is necessarily a tyranny of the masses.

In all seriousness, Utah sounds like your ideal so long as you stay outside of Salt Lake City. I'm glad to no longer be a resident

> Utah sounds like your ideal

Not enough trees. Nor enough employment in my non-remoteable field.

Public smoking is a concern, but the smoke will leak even if smoked inside of a home. With edibles and inhalers I don't understand why people thought it was a good idea to legalize marijuana smoking.

> Nor do I see how having bodily autonomy is necessarily a tyranny of the masses.

Generalizing the principle of the swinging your fists near someone else's nose saying.

Your sense of smell is subjective, and not a good reason for legislation.

You do know that, right? I'm not detecting any humour markers...

> Your sense of smell is subjective, and not a good reason for legislation.

You do understand that many tort suits, and outright laws, are over subjective harms, right? (trash in neighbors yards, loud sounds late at night, smells from chemical industries, etcetera) That laws such as disability protection laws exist?

https://www.chemicalsensitivityfoundation.org/index.html

... None of your examples are like for like.

Lots of people love the smell of cannabis. No one loves "trash in neighbors yards, loud sounds late at night, smells from chemical industries".

Arguing in bad faith is lame dude.

> trash in neighbors yards

There are entire messy neighborhoods.

> loud sounds late at night

People sleep at different times of the day.

> smells from chemical industries

People who lack a sense of smell don't care.

Special pleading for marijuana smoking is also lame.

I don't agree with that. If blasting music can be a matter for legislation (nuisance laws and the like), then so can bothering people around you with the reek of smoking weed.
As mentioned, there are already laws around smoking in public.

OP is complaining that he might get a whiff coming from his neighbors house.

I recently visited Manhattan and walked many miles touring it. The smell was in many places, with people smoking out in public. It is offensive and rude.
> It is offensive and rude.

If you take one of the world's most popular pastimes that personally, and want it legislated against on that basis, I have no time for your arguments.

Like - Manhattan. Yeah, you're gonna smell cannabis in Manhattan. It doesn't matter the tiniest bit what the laws are; you're gonna smell it. It's not something to take as a personal insult, and it's wild you insist that it is.

Anyway, weren't we talking about a serious issue? Like, is this why Americans are ok with all the domestic spying - they're too worried about sniffing a reefer on the wind? Ugh.

> If you take one of the world's most popular pastimes that personally, and want it legislated against on that basis, I have no time for your arguments.

Many popular activities are expected to be done where they do not impact others. In my local park, a man was arrested for masturbating in public, certainly a popular activity.

> It doesn't matter the tiniest bit what the laws are; you're gonna smell it.

Over the course of the last few decades, I smell it more in Manhattan and in many other places where it has been legalized. Apparently laws do matter. Not that I want any laws against it. I would just prefer that people not be assholes about it.

I did not interpret such sociopathic behavior as a "personal insult".

As for the more serious issue, I did not take the thread here. I replied to your comment, "OP is complaining that he might get a whiff coming from his neighbors house." I pointed out that one does not need to enter someone's house in order to be forced to inhale their smoke.

> Your sense of smell is subjective, and not a good reason for legislation.

Wish it stopped at just the smell.

Second hand weed is harmful.

https://www.uclahealth.org/news/secondhand-marijuana-smoke-w...

Being able to smell from the outside that someone is smoking inside their home is not "second hand smoking". You'd need to be in the same room as them to get the necessary level of exposure.
When did the goalposts move from 'smelling cannabis in the air should be banned' to 'prolonged second hand smoke in the same room at cannabis dispensary levels has an effect on your blood vessels if you're a mouse'?
Compare that with your zero cited sources.

Cool do you have better studies? If so, please share!

I await with bated breath (due to the nasty smoke both physically and here on HN).

Whatever happened to "Trust the Science^TM" with marijuana?

(comment deleted)
> Nor do I see how having bodily autonomy is necessarily a tyranny of the masses.

When it intrudes upon the bodily autonomy of others (e.g. second hand smoke, which I am constantly facing and suffering from in the Bay Area).

This comment is rather obtuse.

You want to live in a state where all smoking is illegal?

Because you don’t like the smell of weed smoke?

How interesting.

> Because you don’t like the smell of weed smoke?

No, not because I "don't like" it, but because the smell of weed smoke causes quality of life and health issues.

> Want to smoke weed? Check (lowest prices in the world)

One of the biggest reasons I'm happy I moved away from my home in Oregon. The second-hand weed smoke is gross.

> Want to shoot guns? (relatively lax gun laws for a blue state)

Your DA is determined to destroy this right by spending tax dollars appealing 114 until they find a judge who agrees with them.

Yeah it sucks, but I care the least about it tbh.
It's been my experience that you'll probably start caring after it's too late.
It should only[0] be meta data, though. The push notification should signal the app that there is data to fetch, then the app goes and fetches it. The push notification itself should carry none of the data.

[0] still bad though and they should stop.

I so hate when people put words "only" and "metadata" in the same sentence...

     They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don't know what you talked about.

    They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.

    They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don't know what was in the email or what you talked about on the phone.

    They know you received an email from a digital rights activist group with the subject line “Let’s Tell Congress: Stop SESTA/FOSTA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.

    They know you called a gynecologist, spoke for a half hour, and then called the local abortion clinic’s number later that day.
Dude, did you read my point? I said it was still bad.
"Still bad" strongly underestimates the problem. Metadata often is more important than the data as demonstrated in the above examples.
But my intention was to point out that actual content wasn't being transmitted and that "only" meta data was gleaned since some people seem to think that chat messages are being scooped up. Other people have rightly pointed out that meta data is bad and why and I didn't feel the need to reiterate that.
It's not the intention that matters but the execution.
I disagree. Thieves can't steal my money from my bank with metadata.
They might, using social engineering and knowing a lot about your connections.
That's a stretch, you can use social engineering to do essentially anything then.
Not if you know nothing about your target.
(comment deleted)
I don’t agree with them plagiarizing the EFF’s blog post[0] but I think it is a mistake to use “only”. Both can be damaging and neither is clearly more or less bad since so much depends on the circumstances – like if the police have compromised one party in a conversation, they already have the payload so the real risk would be things like location data. We should probably treat both of those as equivalent risks until enough specific details about a situation are available to say which is riskier.

0. https://ssd.eff.org/module/communicating-others

But my intention was to point out that actual content wasn't being transmitted and that "only" meta data was gleaned since some people seem to think that chat messages are being scooped up. Other people have rightly pointed out that meta data is bad and why and I didn't feel the need to reiterate that.
Push notifications don't signal an active line of communication like that though nor do they connect who's talking, only the means. In all your examples the equivalent would be "They know someone called you."

"They know you got a push from McDonalds at 11am"

"They know you got a Slack message at 2pm"

All metadata is not created equal.

It's important but what do we do about it?

You're using the internet afterall which isn't your network- it's someone else's! When you send a packet there is a header w/ information required for routing. Some call this the "outside of the envelope" if using the mail analogy. We can pass the buck by using a VPN but this also adds a VPN org that we need to trust. On the other hand, it's not your network! Why do you think you have a right to absolute secrecy and anonymity on someone else's network?

So every person in the world should build his own "network"?
No, it's just a case of facing reality. The internet is built by other people and we have to trust (or not) that they are going to honor the responsibility that entails, from security to ethics. The internet is also funded by learning as much as possible about users in general so using the internet is accepting that you will be tracked. Increasing personal security is good, but no silver bullet.
If with that you mean that users should be aware of the risks ok, if that they should accept them as inevitable no.

What's funded by tracking as much as possible is the current perverse part of internet, it definitely wasn't always like that and doesn't need to be.

I hope that that perspective comes from someone that hasn't lived anything before Facebook.

I'm not saying things shouldn't change, just that the reality we live in right now is that using the internet means you are tracked. Of course we shouldn't just accept that and not push back, and of course we should build things like the internet we had before social media "became the internet".

Being aware of the tracking and risks means people can make efforts to reduce the tracking, but it's almost becoming impossible to use the internet if you don't AGREE to the tracking in many cases, such as websites that won't risk GDPR violations and chooses to deny access to people blocking cookies entirely.

People who remember the old internet want it back, people who grew up with social media don't know what they're missing, and there's not much we can do to convince people to care about changing the DNA of the internet so that it's no longer perversely gobbling up all data.

This requires legislation, and a court system that upholds the law.

In the US, the courts just decided there's no right to privacy (despite what the 4th amendment says) as part of rolling back Roe v. Wade.

So, the path forward is to vote in legislators that respect basic human rights, followed by court packing (or just impeaching the judges that have been publicly accepting bribes and failing to recuse themselves on cases where they have a clear conflict of interest).

Since the above is supported by way more than 50% of the US population, the main obstacles are gerrymandering and ending the currently common practice of appointing blatently corrupt judges to state supreme courts (and also restoring recently stripped powers to state governors, since they're elected via simple majority).

Exactly, and all of that is hard and slow. We live in the now, with the internet tracking our every move by current design. Pretending it isn't tracking us doesn't mean it actually isn't.

People are generally keeping themselves monitored as they use the internet. It's a panopticon with more steps. So it's no surprise governments are using the plaintext of anything they can find to track people.

And if people don't care about that because they are more focused on their pet political issue, it will never change, and silently get worse.

(comment deleted)
Is anyone surprised? Why would there be pen registers, and tap and trace for phone calls and email, but not for other traffic? The ability of governments to do secret surveillance of such metadata is well established in law and jurisprudence, variously in various countries.

It is a Weird Nerd Thing to believe that old laws can't apply to new computer thing.

(comment deleted)
This, to me, is the more disturbing part of the article:

> In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.

What is the point of transparency reports if they don't include major vectors of government surveillance?

IMO such gag orders shouldn't be legal when applied to dragnet surveillance. If you want to gag a company from notifying an individual they're being surveilled (with a warrant), then fine. But gagging a company from disclosing untargeted or semi-targeted surveillance, especially if it involves American citizens, seems like it should be unconstitutional on free speech grounds.

Seems like a pretty open and shut case of unconstitutional restriction of speech in the US. Especially when you consider the wording of the Apple communication saying that they can talk about it openly now that it's public knowledge.
> Seems like a pretty open and shut case of unconstitutional restriction of speech

I wish it didn't cost a lot of money and years of your life to beat these over-reaches.

Given the US has a 4th Amendment-free zone within 100 miles of all national borders in the name of national security, I expect the same justification and level of oversight here.

https://www.aclu.org/documents/constitution-100-mile-border-...

This is a common misconception. The 100 mile radius does not waive 4th Amendment protection. A reasonable suspicion of immigration law violation is still required to detain, search and ultimately arrest individuals. To wit: please name a single instance of someone having their rights abused by this so-called "zone".
This article [0] lists several cases of warrantless searches, one of which was in Florida. Apparently that 100 mile radius isn't just from the Canadian border or the Mexican border, it's also 100 miles from any coast, which means that 2/3 of the population lives within that radius.

As far as "reasonable suspicion" goes, I'm increasingly unwilling to support the right of law enforcement to independently, without oversight, determine what is "reasonable".

[0] https://www.nationalreview.com/2018/02/border-patrol-warrant...

Where is the "warrantless search"?

> [CBP officers] demanded proof of citizenship from the passengers

> CBP officers boarded a bus in Bangor, Maine

None of those are searches, they are temporary detentions with strong legal basis and case law going back to Terry. To wit:

> most people have no idea that they can refuse to be searched at a roadblock or bus boarding

Ignorance of the law != warrantless searches. Arm yourself with knowledge, just as the Founding Fathers intended.

> strong legal basis and case law going back to Terry

I frankly don't care what's legal or not at this point. The surveillance and police state has gotten out of control, and needs to be rolled back. If we constantly just accept past precedent as dictating our future, our rights will be chipped away one by one.

I don't want to live in a society where I can be stopped and asked for identification by law enforcement at any time. Most Americans don't, that's why we still don't have a proper national ID. I consider that to be a warrantless search regardless of what the law currently says.

> Arm yourself with knowledge, just as the Founding Fathers intended.

I find that most people who pretend to speak for "the Founding Fathers" are extremely ignorant of the actual motivations of these people who lived 200 years ago. I won't pretend to speak for them, but I will note that I strongly suspect that the smugglers and tax evaders who signed the Declaration of Independence would probably not be in favor of the ever-growing police state we have today.

Regardless, what they wanted is immaterial—they set up this country for us, and presumably expected us to lead it after their deaths.

> I frankly don't care what's legal or not at this point.

Oh, but you should - your freedom may depend on it.

> police state has gotten out of control, and needs to be rolled back

Maybe, but this is the world we presently find ourselves living in, and we can either choose to become empowered with knowledge about it, or throw a hyperbolic tantrum and wish for the moon.

> I don't want to live in a society where I can be stopped and asked for identification by law enforcement at any time.

You don't, at least not in the US. If you took more time to care about the laws you decry, you would know there is no such requirement, unless you have been suspected of a crime by a lawful sworn agent of the state. Which is a reasonable compromise in a society.

> smugglers and tax evaders who signed the Declaration of Independence ... would probably not be in favor of the ever-growing police state we have today

I agree. Those individuals knew well what an unchecked government can do, and took many reasonable precautions to safeguard against such infringements and tyranny. They were of course imperfect in their implementation, but the principals they set forth (freedom of speech, defense, religion, &c.) formed a radically different society to anywhere else on the planet today. Which is why I'm always puzzled when people disregard their hard work to take some agency's word and propaganda at face value, rather than consulting the original tenets which founded this great country.

> unless you have been suspected of a crime by a lawful sworn agent of the state.

They generally ask. If you refuse, you are now suspected of a crime. If you refuse again… well, I hope you like the back of a squad car.

Source: went for a walk in my own neighborhood at 3am.

> You don't, at least not in the US. If you took more time to care about the laws you decry, you would know there is no such requirement, unless you have been suspected of a crime by a lawful sworn agent of the state.

If you took the time to read the article I sent you, you would know that CBP asserts that it has the right to get onto any bus at any time and demand to see proof of citizenship for anyone on board.

You can wave the book at me all day long, but what actually matters is how the law is implemented in practice, and it's pretty clear that law enforcement does, in fact, claim the right to stop anyone at any time and ask for ID.

(comment deleted)
Not sure why down voted. Even the quoted article states:

> Border Patrol, nevertheless, cannot pull anyone over without “reasonable suspicion” of an immigration violation or crime (reasonable suspicion is more than just a “hunch”). Similarly, Border Patrol cannot search vehicles in the 100-mile zone without a warrant or “probable cause” (a reasonable belief, based on the circumstances, that an immigration violation or crime has likely occurred).

In practice, "reasonable suspicion" means "whenever they want."
The potential to abuse power is not a reason to disavow it.
If you're taking this view, any armed forces can do whatever they want and the constitution is just a piece of paper.

In practice, the evidence gathered by unlawful searches is going to be discarded in a court of law. Other wise said, there is no carving in penal law for "100 miles " from the border.

> If you're taking this view, any armed forces can do whatever they want and the constitution is just a piece of paper

I don't understand how you reach this conclusion.

> In practice, the evidence gathered by unlawful searches is going to be discarded in a court of law

Yes, of course. What I'm talking about is the threshold for when evidence is considered "unlawful".

The "reasonable suspicion" threshold is intentionally an extremely low bar. Low enough that it's barely a meaningful threshold. In practice, it's incredible easy for any officer to make up some articulable suspicion for pretty much anything.

> evidence gathered by unlawful searches is going to be discarded in a court of law

Maybe. Probably? But this isn't always the critical question.

Sometimes, "You May Beat the Rap, But You Can't Beat The Ride" is the problem.

(comment deleted)
https://radiolab.org/podcast/border-trilogy-part-1

Poor school kiddos. :( Anyway, if you prefer text, click the transcript. I recommend listening though, if you have time!

The format of this podcast is insufferable, like listening to two befuddled people in a retirement home exchange "witty" banter.

I looked it up though. This was 30 years ago. The court issued Border Patrol an injunction and protected students from discimination. A perfect example of the legal system acting justly and prudently, which only supports my argument that unbridled searches within 100 miles of the border is hyperbole only.

Not to get too far off on a tangent here, but I can't agree more. This style of podcast where a simple story is endlessly drawn out with unnecessary audio being inserted, useless details, and constant repetition without getting to the point makes getting any information at all feel like pulling teeth. I've seen it imitated in other podcasts too so the poison is spreading.
(comment deleted)
How exactly do you bring suit on this matter?

Hey we would like to bring suit because the government says we can't talk about them doing X. Oh no, that would be talking about doing X!!

Free speech: are you saying it is guaranteed for companies?
perhaps that democracy is not effective when the state organs are unelected bureacrats with guns
I'm not sure why you're being downvoted. That's been a common charge against our vast unelected bureaucracy, most of whom hold qualified immunity. We're trillions of dollars in debt, maybe it's time to peel some of it back a little.
Downvotes are possibly because the unelected bureaucrats with guns are overseen by the elected Executive and Legislature.
Are they though? How about the FDA getting most of its funding by the companies they are supposed to regulate? It's comforting to just trust that bureaucracies are doing what's good for the country, but also naive.

https://aspe.hhs.gov/sites/default/files/documents/e4a791060...

How about the NSA spying on congress?

https://www.theguardian.com/world/2014/jan/04/nsa-spying-ber...

How about the ATF making up laws?

https://nclalegal.org/2019/09/atf-admits-it-lacked-authority...

The only teeth congress has with these bureaucracies is the power of the purse.

> The only teeth congress has with these bureaucracies is the power of the purse.

Not true. Congress can make laws defining what those agencies are and are not allowed to do.

And if the agencies go outside the bounds of those laws like some currently do?
Then those who are victimized take it to court. If the agency committed an actual crime, then there's a path for that to be prosecuted as well.

It's certainly not a perfect system, but it's successfully done all the time.

>> The only teeth congress has with these bureaucracies is the power of the purse.

>Not true. Congress can make laws defining what those agencies are and are not allowed to do.

>And if the agencies go outside the bounds of those laws like some currently do?

>Then those who are victimized take it to court.

Right, the court isn't congress. My point was the only teeth congress has in regards to the bureaucracies is the power of the purse.

>successfully done all the time.

It depends on how you define successfully. I mean they employ people, is that good enough? Do you think they would be more or less effective with a 20% haircut? I don't really know, but members congress probably don't either. Plus, it's bad politics to cut jobs come election time, right? Seems like a perverse incentive for the people charged overseeing the bureaucracies.

Congress can impeach the appointed officers that allowed those violations to happen.

Congress can create new criminal/civil remedies and then create an office tasked just with enforcing them.

Congress created these agencies, they can write laws that fundamentally change how they work, what they do, and what they focus on. They can even just disband these agencies. Congress has all of the power it needs. If they don't use it, maybe what you think should happen doesn't align with the majority of Congress.
You're assuming that the shadow government can't or won't institute regime change when it's threatened. The US Government killed a president, why wouldn't it blackmail congress as well?
With this belief, does anything really matter?
you're right.... The CIA and, by extension, the US government as a whole (or any subgroup thereof) have never altered the outcome of elections anywhere for regime change, and have never instigated color revolutions for regime change.
If your belief is correct in that the Congress and President are coerced into doing what the shadow government wants, then they would have zero need for a revolution or regime change in the United States.
Would you prefer elected bureacrats with guns? That scares me more.

Perhaps we just go with rock solid transparency laws...

It's a sad day when HN is defending the Patriot Act.
It's more that your parent comment was disingenuous.
At least elected bureaucrats are theoretically accountable to the electorate. The gripe comes from things like the unelected bureaucrats at the US Department of Justice deciding that as part of implementing the Americans with Disabilities Act, there are only two limited and inadequate questions you can ask of someone with an apparently bogus service dog or else. That rule didn't come from the people who wrote the law.
Those unelected bureaucrats play by the rules set by elected bureaucrats, though.

> That rule didn't come from the people who wrote the law.

But lawmakers can write a law to address that.

In practice that shouldn’t matter, as the law states that any service animal can be turned away so long as the business provides accommodation to the human (which is the point of the limited questions).

The fact this rarely happens is more due to people not actually knowing the law and typically wanting to avoid potential conflict.

"people not knowing the law" can be a symptom of bureaucracy though. How many pages of law do you think exist to open a bagel shop or add a room to your house in SFO?
How is that relevant to the example of enabling disabled folks to interact with society & some bad actors abusing it?
It's a remark about the broader topic of bureaucracy and how you can't blame people for not knowing the nooks and crevasses of modern liberal legislature. You know, "We have to pass the bill so that you can find out what is in it.”
history has shown that clumsy bureaucrats with slow erosion of rights is still superior to belligerents with guns in a mob
Nine times out of ten, the person saying this will turn around and complain about all the "political hacks" running things, referring to political appointees with no experience or background in the area of government they are tasked to run.

The term "unelected bureaucrats" applies to people like...I dunno, the director of the NIH and field office managers. Heck, even a police captain is an "unelected bureaucrat". Sheesh.

The director of the NIH is a prime example of a position the people should have direct control over. As is the police captain. Are you claiming otherwise? Have we really forgotten about 2020 so soon?
People are already overwhelmed by having to vote for the superintendent of their sanitation district
That’s part of the ploy. Give people a million menial jobs to elect so they feel exhausted by the process instead of demanding to have control over the real power.

See also the California senators, which have at this point been unilaterally appointed by Gavin rather than elected by the people. If that wasn’t bad enough, he appointed this latest one based on a personal promise made to put a Black woman in the seat, in exchange for some union to aid in his personal election campaign.

If anyone cared about civics, separation of power, or indeed democracy itself, there’d be rioting in the streets.

You’re saying part of the problem is people overwhelmed by menial job elections yet say people should elect police captains. Should they then also elect deputy police chiefs, police chiefs? Also, anyone that knows their civics would know that what Newsome did is covered in the US Constitution.
I was imprecisely using "captain" in the "person in change" sense, Chief/Commissioner of police would be the more accurate term, and yes they should absolutely be elected.

As for your alleged lesson in civics, the actual matter is covered by the 17th amendment to the constitution, which states:

> When vacancies happen in the representation of any State in the Senate, the executive authority of such State shall issue writs of election to fill such vacancies: Provided, That the legislature of any State may empower the executive thereof to make temporary appointments until the people fill the vacancies by election as the legislature may direct.

- U.S. Cons. amend. XVII § 2, emphasis mine

So then the question is how has the CA legislature directed the executive thereof to make temporary appointments? The answer to that lies in the California Code:

> If a vacancy occurs in the representation of this state in the Senate of the United States, the Governor may appoint and commission an elector of this state who possesses the qualifications for the office to temporarily fill the vacancy until a person is elected at a statewide general election...

- Cal. Elec. Code § 10720, emphasis mine

So we're left with a very simple question: Was Laphonza Butler an elector of the state of CA at the time she was appointed to fill the vacancy by Gavin? If not, Gavin was operating outside his authority as granted by the CA Legislature, and accordingly in volition of the 17th amendment to the US Constitution.

And the answer to that is very simple, a resounding "No":

> Butler is a longtime California resident but now lives in Maryland. She owns a home in California also. The governor’s office said she would re-register to vote in California soon.

- https://www.sfchronicle.com/politics/article/laphonza-butler..., emphasis mine

>What is the point of transparency reports if they don't include major vectors of government surveillance?

The feels.

It's more than that, IMHO.

I think companies publishing whatever they can is a good thing. We would be worse off if they took the attitude of if we can't publish everything we might as well publish nothing.

Publishing whatever they can is a good thing.

But this is also a great reminder that there's a bunch of things they can't publish -- so "transparency reports" are of extremely limited value. Their greatest value is encouraging people to have a false sense of security.

I'm infinitely more cynical about corporations. For me, it's always about what they can do to mitigate any and all possible blame, regardless of circumstance, context, and the world itself. Always.
> What is the point of transparency reports if they don't include major vectors of government surveillance?

How many times did those of us who knew all of this to be a farce warned about this?

> But gagging a company from disclosing untargeted or semi-targeted surveillance, especially if it involves American citizens, seems like it should be unconstitutional on free speech grounds.

I see you have not read the Patriot Act, an Orwellian double-speak of a title if there ever was one.

(comment deleted)
Is it really that hard for the government to get a warrant for a suspected terrorist?

Is there any data on how often they're surveilling people without warrants vs with warrants?

This seems like important info to know.

You're missing the point, in this case they don't even need the warrant at all. And yes, it is because you would have to ask a judge for each and every person surveiled and then provide a reason. They wouldn't have any reason for the drag net and would be denied.
Having data on illegal searches would require an insider leaking that information. Nobody has any semblance of a clue how much illegal data sniffing is happening, and it’s even more questionable since the USA and five eyes continues to degrade basic privacy.

But won’t someone think of the children!?

The first "paper" I ever wrote was an anti-USA PATRIOT Act paper for a scholarship competition in 2003 when I was 17 where I was awarded $1,000. Literally the only thing I remember is what the acronym USA PATRIOT stands for.

Uniting and Strengthening American by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.

It really is one of the best double-speak bill titles ever.

If I’m not mistaken they’re called NSLs and the legality of them when challenged are reviewed by a secret court with secret laws that have secret interpretations of words. The whole thing as far as I can tell is an out of control nightmare and our corrupt congress doesn’t give a shit.
Actually quite a few members of congress do give a shit. Unfortunately they're the same members of congress maligned as MAGA extremists or whatever (in some cases that might be accurate, but it doesn't mean they're wrong about every political position they hold).

If you actually take a second to listen to Matt Gaetz, for example, you might be surprised to learn his (rather principled) positions are much closer to those of AOC than to President Orange, at least in some dimensions. He wants to require single-issue bills, and to completely eliminate FISA-702. Ironically, it seems like FISA will be reauthorized as part of an omnibus spending bill...

I meant Congress as a body doesn’t care, which IMHO is proven by the fact that decade after decade congress as a body does nothing to remedy these problems. Actually the 1984 nightmare just gets worse.

Support from members here and there is nice but in reality for the 20 years I’ve been paying attention has resulted in nothing.

(comment deleted)
This is why I never believe Apple's "We're super serious about your privacy!"

That is until a government asks them to do things behind the scenes.

This is why warrant canaries can be useful in privacy policies, at least for smaller/startup companies. The apple/google/microsoft/amazon/metas of the world would have had to remove the canary long ago, though.
No competent startup or small business would take on such a legal risk. And anyway, a sure conclusion can already be reached on the basis of reasoning about the complete and total lack of warrant canaries anywhere.
(comment deleted)