this post was submitted on 24 Feb 2024
672 points (98.3% liked)

Technology

76332 readers
2715 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] f4f4f4f4f4f4f4f4@lemmy.world -3 points 2 years ago* (last edited 2 years ago) (3 children)

With Signal's default settings, Google reads your Signal messages when they come in through push notifications.

Correct me if I'm wrong.

Edit: For those in doubt, last year, I started seeing content-aware auto-reply options in my Signal message notifications; that is not a function of Signal, but a function of Google's Android. One could escape it by using a de-Googled Android like Lineage or Graphene, or by hiding the message content (which is not the Signal default) and would surely hurt Signal's adoption, when you have to unlock the app to read each message.

https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/

[–] nsfw936421@lemmynsfw.com 13 points 2 years ago (2 children)

You are wrong ;-) The push stuff is just used to signal the receiver that there is a new message. No meaningful data is sent that way. Not even an encrypted message.

[–] essteeyou@lemmy.world 2 points 2 years ago* (last edited 2 years ago) (1 children)

Call me paranoid, but Google owns Android. They can easily read the content of a notification as it's displayed. They even have a Notification History app where you can see all applications from all apps.

[–] EncryptKeeper@lemmy.world 3 points 2 years ago (1 children)

You’re missing the point, there’s no message content sent in the notification, there’s nothing to read.

[–] essteeyou@lemmy.world 1 points 2 years ago

I'm not talking about the FCM message, I'm talking about Android running on your phone, where the message content is displayed to you.

[–] f4f4f4f4f4f4f4f4@lemmy.world 1 points 2 years ago

At some point, Android is reading the message to generate the quick replies that were showing in the notification. They're content-aware and this is not a function of Signal; if someone sent me a question, there were "yes" and "no" quick replies. If someone sent that they were going to be late, there were quick replies like "That's OK", etc.

[–] vox@sopuli.xyz 6 points 2 years ago* (last edited 2 years ago)

that's not how push works. usually, google would only know you received a notification, but not it's contents. that "dummy" notification wakes the app up, which decrypts and shows the real notification.
content aware stuff runs entirely locally on your phone, so no data is sent to google (unless you have telemetry enabled, in which case the reply or action you used will be sent to google together with the next telemetry data upload)

yes, some apps actually push the content directly through the push system, but that's not how this is handled in most apps that handle private data in notifications.

[–] hornedfiend@sopuli.xyz 3 points 2 years ago (1 children)

Or... And hear me out, Molly FOSS with Unified Push notifications. Problem solved!

[–] f4f4f4f4f4f4f4f4@lemmy.world 3 points 2 years ago* (last edited 2 years ago)

I'm looking in to this, thank you!

Edit: Molly (UnifiedPush) isn't something I can reasonably expect friends and family to set up.

Please note that to receive notifications, you will need to set up a server to run MollySocket, available on https://github.com/mollyim/mollysocket.

You need the right flavor of Molly to use UnifiedPush: https://github.com/mollyim/mollyim-android-unifiedpush. You can install MollySocket via: Docker/Podman: docker pull ghcr.io/mollyim/mollysocket:latest Crates.io: cargo install mollysocket (see INSTALL.md for the setup) Direct download: https://github.com/mollyim/mollysocket/releases (see INSTALL.md for the setup) A distributor app (easiest is ntfy) You can optionally install your own push server like ntfy or NextPush. For beginners, you can use a free service like ntfy.sh (do consider donating if you have the means).