Is it illegal for the government to purchase a company in order shutter it from offering services to the public? I know this is done for technologies, I suppose as a conceptual matter, and patents.
Similarly how far can USG go in putting the screws to a provider? If you don’t comply with our desire for visibility into your network, for whatever lawful purpose where that visibility facilitates it, we are going to use contract and regulatory decision making to damage your ability to compete. CALEA doesn’t go that far but if you’re following what I’m asking here this seems to be a boot strapping attempt.
Are push notifications end-to-end encrypted? I had been assuming for a long time that they probably were, but now I'm realising this might not be the case.
This exploit doesn’t rely on knowing the contents of the notifications necessarily.
Some notifications aren’t encrypted and they’re obviously more exploitable.
But in this case, just the use of the unencrypted metadata is enough to narrow down people of interest. So even if you don’t know what it contains, you can still get valuable information like general location and usage patterns by effectively just observing that the notification happened and how it was handled.
