this post was submitted on 24 Feb 2024
731 points (98.4% liked)

Technology

59285 readers
4747 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -4 points 8 months ago* (last edited 8 months ago) (3 children)

With Signal's default settings, Google reads your Signal messages when they come in through push notifications.

Correct me if I'm wrong.

Edit: For those in doubt, last year, I started seeing content-aware auto-reply options in my Signal message notifications; that is not a function of Signal, but a function of Google's Android. One could escape it by using a de-Googled Android like Lineage or Graphene, or by hiding the message content (which is not the Signal default) and would surely hurt Signal's adoption, when you have to unlock the app to read each message.

https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/

[–] [email protected] 14 points 8 months ago (2 children)

You are wrong ;-) The push stuff is just used to signal the receiver that there is a new message. No meaningful data is sent that way. Not even an encrypted message.

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago) (1 children)

Call me paranoid, but Google owns Android. They can easily read the content of a notification as it's displayed. They even have a Notification History app where you can see all applications from all apps.

[–] [email protected] 3 points 8 months ago (1 children)

You’re missing the point, there’s no message content sent in the notification, there’s nothing to read.

[–] [email protected] 1 points 8 months ago

I'm not talking about the FCM message, I'm talking about Android running on your phone, where the message content is displayed to you.

[–] [email protected] 1 points 8 months ago

At some point, Android is reading the message to generate the quick replies that were showing in the notification. They're content-aware and this is not a function of Signal; if someone sent me a question, there were "yes" and "no" quick replies. If someone sent that they were going to be late, there were quick replies like "That's OK", etc.

[–] [email protected] 6 points 8 months ago* (last edited 8 months ago)

that's not how push works. usually, google would only know you received a notification, but not it's contents. that "dummy" notification wakes the app up, which decrypts and shows the real notification.
content aware stuff runs entirely locally on your phone, so no data is sent to google (unless you have telemetry enabled, in which case the reply or action you used will be sent to google together with the next telemetry data upload)

yes, some apps actually push the content directly through the push system, but that's not how this is handled in most apps that handle private data in notifications.

[–] [email protected] 4 points 8 months ago (1 children)

Or... And hear me out, Molly FOSS with Unified Push notifications. Problem solved!

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

I'm looking in to this, thank you!

Edit: Molly (UnifiedPush) isn't something I can reasonably expect friends and family to set up.

Please note that to receive notifications, you will need to set up a server to run MollySocket, available on https://github.com/mollyim/mollysocket.

You need the right flavor of Molly to use UnifiedPush: https://github.com/mollyim/mollyim-android-unifiedpush. You can install MollySocket via: Docker/Podman: docker pull ghcr.io/mollyim/mollysocket:latest Crates.io: cargo install mollysocket (see INSTALL.md for the setup) Direct download: https://github.com/mollyim/mollysocket/releases (see INSTALL.md for the setup) A distributor app (easiest is ntfy) You can optionally install your own push server like ntfy or NextPush. For beginners, you can use a free service like ntfy.sh (do consider donating if you have the means).