this post was submitted on 04 Nov 2024
39 points (100.0% liked)

Privacy

31939 readers
961 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

By "push server" I mean something like Ntfy.sh.


Cross-posts

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 1 week ago (1 children)

Yes, they can read the data. But apps like Molly (Signal Fork) send encrypted notifications. So, the time and some other metadata may be read by the server, but the content and contact won't be visible in plain text.

[–] [email protected] 5 points 1 week ago* (last edited 1 week ago) (1 children)

For Signal/Molly, it's less that the notification is encrypted as I understand it. It's more the notification content is just "Hey! Stuff happened" for Signal. The app then reaches out directly to the Signal servers to see what's new. So the message content is never sent via the push notification service (UnifiedPush or Google's service).

[–] [email protected] 1 points 1 week ago (1 children)

Oh yes. Like, I selfhost both, ntfy and MollySocket. I am sure MollySocket does encrypt the data.

[–] [email protected] 2 points 1 week ago (1 children)

I'm self hosting both too. MollySocket's docs are pretty clear that it never gets an encryption key for your account, so it can't read your messages. It only gets/forwards alerts that something happened on your account AFAIK. So I'm not sure what data it has that's worth encrypting.

[–] [email protected] 1 points 1 week ago (1 children)

Then why do have to use both, a unified push server and a mollysocket, if both are doing the exact same thing?

[–] [email protected] 1 points 1 week ago

The UnifiedPush server is intended to be a single source your phone can keep a persistent connection open to, rather than needing a connection per service/app (this is how Google's Firebase notifications work too).

As Signal doesn't support UnifiedPush, MollySocket keeps a permanent connection open to Signal's servers to listen for new activity and forward them to your UnifiedPush server. This saves your phone keeping a permanent connection open to Signal's servers and draining your mobile battery more.