Push notifications go through Apple servers.

HTTP GET request comes from the device loading the image; AFAIK though wouldn’t be a big deal if Apple’s servers loaded and cached it.

So Meta can watch for the GET requests and determine:

• time of delivery to device
• approximate location of the device
• device’s IP, used to correlate other activity done on that device gathered elsewhere by the IG/FB tracking network

And derive:

• what kind of connection you are using
• from where
• when
• what time of day and location do you most often read IG
• optimal time to try and distract you
• who your preferred service carriers are and if/when you change them
• how often you deviate from this pattern
• through correlation, determine what deviation might be significant based on other data collected from your device or nearby devices at the same time
• oh wow so and so didn’t look at IG much because they searched for baby clothes are they pregnant? Is a friend? Can we show more ads based on that angle to get sales?
• and other, much more devious, much grosser intrusions
• they get more sales from oblivious users
• they grow their panopticon

I think the point is they get to know the exact time you first see the notification. It’s a massive flaw in the OS, and I believe I have read about this years ago already, so that “privacy OS” is not intending to fix this leak

Or Instagram belonging to Facebook? They already know.