Thread

๐Ÿ›ก๏ธ
In December 2023, a U.S. Senate investigation revealed that governments worldwide have been demanding push notification records from Apple and Google to surveil smartphone users, including tying anonymous messaging accounts to real identities. For years, privacy engineers dismissed this attack vector as unsolvable, since mobile operating systems require routing through platform servers. MIP-05, a new specification for the Marmot Protocol, proves them wrong: by encrypting device tokens with probabilistic encryption and delivering notifications through gift-wrapped Nostr events, it makes push notifications functionally anonymous. If you care about private communication, this is the specification you need to understand. The specification is currently in draft and open for review:
GitHub
MIP-05 Notifications by erskingardner ยท Pull Request #18 ยท marmot-protocol/marmot
Summary by CodeRabbit Documentation Added privacy-preserving push notification specification with architecture details, token generation mechanis...
Max's avatar Max
The Last Leak: How MIP-05 Closes the Push Notification Surveillance Hole
Push notifications let governments track your messaging habits. MIP-05 encrypts device tokens with ephemeral keys, ensuring notification servers learn absolutely nothing.
Read article →

Replies (3)

Where is the link to the U.S. Senate investigation? Oh, https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/ and
Wyden letter to Department of Justice regarding smartphone push notification surveillance
This is a Dec. 6, 2023 letter from Oregon Senator Ron Wyden asking the Department of Justice to lift any existing restrictions around discussions o...
? I have often wondered about those calls from unknown numbers where even if I say "hello" it's a non-response. A call answered like that can give a lot more information than cell tower ping records, I guess.