this post was submitted on 04 Mar 2024
149 points (96.3% liked)

Privacy

31993 readers
514 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

"App developers can encrypt these messages when they're stored (in transit they're protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted."

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago (1 children)

Tbh I absolutely do not understand why they decided to collect any data for push notifications in the first place. But yea now nobody will fix it. Though I'm wondering if it's only the proprietary part (Firebase or whatever the name is) or the system itself that collects data. I mean if I use a degoogled phone that doesn't even have that proprietary part (means notifications from IMSes don't work either), am I safe from this or not? And does the collected data go to Google or to the app's developers?

[–] [email protected] 1 points 8 months ago (1 children)

I already explained how the whole push notification thing works in this comment. If you're using a degoogled phone, you'll be fine. MicroG has the option to use Firebase but you need to be logged in with a Google account, enable device registration and enable cloud messaging for it to use it. Google has the data about when you got a push notification from what app since it goes through their server and the app developer can obviously log the notification data from their app.

[–] [email protected] 0 points 8 months ago (1 children)

BRUH push notifications with Firebase require everything going through a Google server? What in the deleted is that design?

[–] [email protected] 1 points 8 months ago (1 children)

I don't like Google either but this design makes perfect sense. There's a reason UnifiedPush works the same way. It sucks that you can't choose a different server but that's just how Google does things.

[–] [email protected] 0 points 8 months ago (1 children)

In my opinion there's absolutely no point in sending notifications through Google. It can be done differently and in a much less overengineered way. Unification doesn't make sense here. The additional features don't work in half of the apps now anyways

[–] [email protected] 1 points 8 months ago (1 children)

If you have a better way to do this, I'd really like to hear it. Also, what additional features are you talking about?

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)
  1. I'm not a very advanced Android programmer but I know it's possible to make something like universal instructions and dependency lists (if you want unification which I personally don't support). Linux has push notifications for years and on Android they work too if the app is running in the background. In my opinion the app should control the contact with its servers. Just make a daemon or something like that so the whole app doesn't have to stay in memory. Yes it's messy and battery life will be worse but monopolizing is always bad. Federating Firebase is a good idea too but I personally prefer the other method because it gives more flexibility
  2. Video/music progress bar on Firefox for example
[–] [email protected] 2 points 8 months ago (1 children)

Apps running in the background was how it was done before but it drained a lot of battery, which is why it's done this way now. Even KDE is implementing UnifiedPush. Things like the Firefox progress bar notification also don't use this system at all.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

Well here it's a matter of personal preference. For me privacy is more important than battery life and I consider Firebase extremely immoral. It can be different for other people. And thank you for telling about Firefox

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago) (1 children)

But that's why UnifiedPush exists, an open standard where you can choose what server to use or selfhost it

[–] [email protected] 1 points 8 months ago (1 children)

As I said earlier, this idea is good too. Open push standards are generally the best for efficiency but they can become proprietary or die (usually after getting bought by a big tech company) and even if a fork emerges it may be difficult to switch to it since it's an important component and 100% compatibility with the previous standard is not always possible. That's the main problem with unification and monopolization. The open standards can run into severe issues and then everything may collapse. When apps control the notifications, such risk is almost completely mitigated. Even though the described scenario is generally unlike to happen, push notifications have always been very "interesting" for big tech which rises the concerns about the stability of open push standards. Fortunately it's possible to make an app that can work in both push and standalone modes (e.g. Telegram) which is good I guess

[–] [email protected] 1 points 8 months ago

The UnifiedPush standard is actually so simple, I don't think a company could even make that proprietary if they wanted to. You need to keep in mind that it's not sending the notification contents but just that there is a notification for a specific app.

I definitely agree that it's best when apps support all methods, so UnifiedPush, running in the background and Firebase (that one just for the Google Play build). That way you can use whatever is best for you.