Apps use push notifications to buzz users’ phones or tablets with updates on new messages or alerts. When a user enables push notifications, Apple and Google create a small bit of data, known as a token, that links their device to the account information they’ve given the companies, such as name and email address.

In his letter, Wyden said the federal government had started demanding records on those tokens from Apple and Google because those companies operate as a “digital post office” for relaying the notifications. The tokens could reveal details about who a person is communicating with over a messaging or gaming app, what times they talk and, in some cases, the text of any message displayed in the notification.

Depending on how users have set up their push notifications, the token data could also potentially expose limited information about anyone who had exchanged emails, texts or social media messages with someone that federal investigators have pursued.

Never use push notifications people.


What’s a push notification? Is it a notification? If so, it’s impossible to use a phone without them. How am I supposed to know that I’m getting a message, it’s my turn in a game, etc?


It’s any notification not generated locally. Your phone maintains a persistent, continuous connection to the notification service, which is provided by Google or Apple. When there’s a notification, they push it down the pipe to your device.

This is opposed to regular “pull”, where the device opens a new connection every so often to poll the server and ask “hey you got any new messages for me?”

There’s really no easy way to tell whether a notification is pushed or pulled. Even if you turn off notifications entirely, the connection is probably still present so that your app still receives data about new email, your turn to play, etc.

(And on the other hand, promotional notifications, like ones that remind you to play a game, or order something on Doordash, are probably on a recurring local timer, not pushed down ad-hoc each time.)


Thank you for that. Wapp spams tf out of you if you sign up for eligible free articles.


the token data could also potentially expose limited information about anyone who had exchanged emails

I assume if the gov can use the digital post office argument on push notifications they can also do that on your email directly? So it wouldn’t change anything if you have notifications for that right?


archive link:


And thank you too.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • ethstaker
  • DreamBathrooms
  • cubers
  • mdbf
  • everett
  • magazineikmin
  • Durango
  • Youngstown
  • rosin
  • slotface
  • modclub
  • kavyap
  • GTA5RPClips
  • ngwrru68w68
  • JUstTest
  • thenastyranch
  • cisconetworking
  • khanakhh
  • osvaldo12
  • InstantRegret
  • Leos
  • tester
  • tacticalgear
  • normalnudes
  • provamag3
  • anitta
  • megavids
  • lostlight
  • All magazines