Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Cellphones Crime Government United States

The FBI Is Using Push Notifications To Catch Sexual Predators (gizmodo.com) 34

According to the Washington Post (paywalled), the FBI is using mobile push notification data to unmask people suspected of serious crimes, such as pedophilia, terrorism, and murder. Gizmodo reports: The Post did a little digging into court records and found evidence of at least 130 search warrants filed by the feds for push notification data in cases spanning 14 states. In those cases, FBI officials asked tech companies like Google, Apple, and Facebook to fork over data related to a suspect's mobile notifications, then used the data to implicate the suspect in criminal behavior linked to a particular app, even though many of those apps were supposedly anonymous communication platforms, like Wickr.

How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a "push token," which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn't necessarily disable this feature, experts contend. [...]

If finding new ways to catch pedophiles and terrorists doesn't seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes -- like political activists or women seeking abortions in states where the procedure has been restricted.

This discussion has been archived. No new comments can be posted.

The FBI Is Using Push Notifications To Catch Sexual Predators

Comments Filter:
  • Entrapment is a very serious problem with any technique where law enforcement is pushing any sort of message to the user, not so much the users app to do some trival task. I know this is a tiny packet scream, unrelated to anything but a connection and an app, so there is two-way notifications of message sent and message reception, but it seems pushing the boundaries to force a suspects technology to do anything.
    • by rogoshen1 ( 2922505 ) on Thursday February 29, 2024 @08:06PM (#64280584)

      They're at least smart enough to ease society into tolerating an erosion of civil liberties and due process by targeting these types. Though at this point i'd wager the biggest CP peddler on the planet is in fact the FBI.

    • Entrapment is a very serious problem

      No it's not. Entrapment only occurs when you are convinced to do something you wouldn't otherwise have done. If you were already looking for kiddie porn [imgur.com] or trying to hook up with children [imgur.com], there is no entrapment.

      • by sg_oneill ( 159032 ) on Thursday February 29, 2024 @09:49PM (#64280778)

        Look nobody disagrees with going after pedos. Harm kids, go to jail, no complaints here.

        But the principle of Entrapment *is* a serious problem. Here in australia we had an awful case where federal police responded to the parent of a learning disabled and autistic 13yo who reached out to a police anti-radicalization thing wanting help with the kids growing fascination with ISIS. So what did the cops do? Befriend the kid on social media, fed them with ISIS material and encouraged the kid to go deeper into it until they had convinced the kid to try and meet up with a "recruiter" (an undercover cop) and then charged them with terrorism. I'm not sure how that case ended up but I believe the Judge was furious with the cops about it and I *think* the case was suspended (Its hard to get details about national security cases).

        An aquaintance (Yes I'm being slippery here, dont want them to get in trouble) who did video conferencing work for the police in the early 2000s told me of meeting of police chiefs where they discussed a serial killer suspect they had publically outed but had no evidence on them, and one of the police said "If we cant find evidence, we can make the evidence", to which the other police chiefs apparently agreed was an option. 10 years later they actually found the evidence. it was a different guy. The guy they had outed was completely innocent and had been living a hellish life ever since. The cops cant be trusted.

        Fortunately Australian judiciary tends to be fairly hostile to entrapment in general. But my understanding is the definition in the US is much higher, and there was a case of an unemployed taxi driver who was pretty much on the way to hang himself when two undercover cops posing as women tried to convince him that jihad was the only proper way to suicide. I believe the guy still declined on the grounds he doesnt believe in violence but *still* got 5 years prison for it.

        Entrapment is awful and its very common according to many lawyers.

        • Arizona is fairly hostile and police oriented as well. In order to make an entrapment case, you have to plead guilty to the crime which kind of defeats the purpose.
          • In any entrapment case, you are guilty of the crime.
            The question is, is the government guilty of pushing you to commit a crime you otherwise wouldn't have, which is an affirmative defense.

            This is like killing someone in defense.
            You are undeniably guilty of manslaughter, but common law (and state laws on top of them) provide for self defense as an affirmative defense to the charge.

            But as for actually submitting a guilty plea? That is not true.
            But you can't claim entrapment, and also claim that you did
            • I wonder how that works for a "No Contest" plea. A no contest plea is basically "Look, I cant figure out how to prove I'm innocent, this charge is bullshit. You win but I dont plead guilty". Its an effective guilty plea BUT I believe you still leave open the possibility of appeal on grounds of factual innocence.

              Any good lawyer will tell you never plead guilty if you think you might one day be able to prove your innocense, and if he's skilled can negotiate a plea bargain down from "plead guilty" to "plead n

              • Ya, I don't know what you do in defenses like self-defense or entrapment- in terms of whether you plead Not Guilty, or No Contest.
                I know you don't plead Guilty though, and I know AZ doesn't require you to as stated above.
                The statute merely says you can't claim that you were entrapped, and didn't do the act at the same time.
                You have to pick one.

                Agreed 100% on plea bargains. They're a complete corruption of the justice system. They let people who did bad things get off easy, and they put otherwise innoce
    • Anyone dumb enough to use their "smartphone" to commit a crime, especially as one as egregious as sexual offenses towards children, deserves whatever they get.
    • Isn't this story basically the FBI asking the telephone company for the bad guy's phone number? Something like "Which phone are you sending this push notification to?"

  • ... laced with a quiet identifier ...

    The article suggests this was used "... way back in 2019. "

    This is a vague description. It sounds like the FBI is fishing for time-stamps: eg. "Give us all phone numbers for push messages sent on yy-mm-dd hh:mm:ss." Then, the service-provider follows the token to the device to the phone number.

    Android users have a choice: "... Threema Push, which is immune to any such inference."

  • This issue with push notifications have been known for a while. The justification for it is forwarding notifications to your other devices. Why this has to be done at with a remote server, and why they exist invisibly when disabled is not really specified.

    • Why this has to be done at with a remote server

      Because letting the developers of every app have access to send push notifications to your phone is a giant security hole that can't be closed.

      By having the notifications come from a trusted source, that server bears the brunt of DDoS attacks, instead of the end user.

      and why they exist invisibly when disabled is not really specified.

      First of all, on that part the article links to an advertisement by a competing push service provider, a page which is misleading in a lot of ways.

      As for the claim, the system works like this: When you install the app, a user push token is crea

      • I understand as an app developer your life is pretty bad, not understanding how anything works, having to dig though obfuscated and undocumented apis, but that doesn't give you the right to accuse people of pedophilia.

        Maybe this convoluted setup to avoid "security holes" and "ddos" isn't so great when my iPhone regularly misses them. But at least I won't get ddosed by apps running on my phone?

  • Critics fear ... (Score:4, Insightful)

    by Thoth Ptolemy ( 110353 ) on Thursday February 29, 2024 @09:56PM (#64280788)
    Critics fear the technique will be used for some nefarious purpose, as if that is not already inevitable. Gotta ignore that last bit to protect the pedos, though.
    People need to wise the hell up and quit confusing rights with their pissant entitlement complex 'rights'.
    • Apps are already using them to track users across platforms and send data back to them, that can track users across applications

      Source - https://www.macrumors.com/2024... [macrumors.com]

      The type of data being sent includes unique device signals that can be used for fingerprinting and tracking users across different apps. Fingerprinting is a method of collecting specific information about a device, such as its hardware and software configurations, to create a unique identifier for the user. This identifier can then be
  • " Those tokens can later be used to identify the person using the app," No, it DOES NOT identify the user, it identifies the phone or the app. There needs to be further evidences to prove the person was using that particular phone or app.
  • The link the story supplies as "expert" opinion leads to a website for a messaging app that claims to be resistant to this type of traffic analysis.

Keep up the good work! But please don't ask me to help.

Working...