smol notepush PR: https://github.com/damus-io/notepush/pull/27
In December 2023, a U.S. Senate investigation revealed that governments worldwide have been demanding push notification records from Apple and Google to surveil smartphone users, including tying anonymous messaging accounts to real identities. For years, privacy engineers dismissed this attack vector as unsolvable, since mobile operating systems require routing through platform servers.
MIP-05, a new specification for the Marmot Protocol, proves them wrong: by encrypting device tokens with probabilistic encryption and delivering notifications through gift-wrapped Nostr events, it makes push notifications functionally anonymous. If you care about private communication, this is the specification you need to understand.
The specification is currently in draft and open for review: https://github.com/marmot-protocol/marmot/pull/18 nostr:naddr1qqgx2dpjv9nr2dpjvejryvpcv3nxzq3qklkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qxpqqqp65w2exg09
Discussion
Nice!
But why don't you just send an empty payload and clients do processing locally?
Your approach still seems to tie the receiver pubkey to the apple ID against apple servers.
Waking up in iOS is not feasible to my limited understanding.
Tradeoff is apple knows you use the app, and cant read your stuff sent via push, which is an improvement over unencrypted push notifications sent via apns.
Apple knows you use an app with or without push notifications.