a.x61.sh

Why Signal Calls Google (media.ccc.de)
from 45o3b@lemmy.ml to degoogle@lemmy.ml on 07 Jun 18:24
https://lemmy.ml/post/48427945

I just started my de-googling journey recently, and so the mechanics of notifications were still unclear to me, and I found this video super helpful.

It explains how most mobile messaging apps (including privacy-focused ones like Signal) rely on Google and Apple’s centralized servers to deliver push notifications, which exposes vast amounts of user metadata.

Here’s the YT link, for people who prefer it: youtu.be/c3ennD3wKn0

#degoogle

threaded - newest

csolisr@hub.azkware.net on 07 Jun 18:39 next collapse

This is the reason why I went out of my way to use Molly (a fork of Signal), since it supports delivering the push notifications through a self-hosted server instead. Unfortunately the process is complex: it requires both a method to deliver the notifications to your phone via UnifiedPush (an alternative to Google's push system that generally suffices on its own) and a compatibility service called MollySocket (that bridges Signal's notifications with the UnifiedPush provider). Both typically need a self-hosted server and specific configuration to talk to each other though. And I don't even have any contacts that use Signal anymore, so, well...!

Redjard@reddthat.com on 07 Jun 19:29 collapse

You can use push providers if you trust them. For example mozilla hosts one.

The MollySocket service also does not need and does not have decryption keys, only keys to request encrypted messages from signal servers. Still not something I would want to run on someone elses server without serious privacy considerations.

csolisr@hub.azkware.net on 07 Jun 19:32 collapse

Yup, that's why I use my own server to host both MollySocket and UnifiedPush (via NTFY).

non_burglar@lemmy.world on 07 Jun 19:11 collapse

That is correct.

However, this is a quasi-monopoly by google having quietly overwhelmed the space. Same thing for RCS messaging.

Neither push notifications nor RCS are proprietary, so there is a possibility to tear oneself from google here.

For instance, there are several free and paid push notifications services. Pushbullet is a popular paid one, not too expensive. I personally use ntfy.sh, which can be self-hosted.

RCS is different because trusting the encryption keys makes RCS work, so there would have to be a critical mass of buy-in to use an alternative to google’s RCS implementation.

voxel@feddit.uk on 07 Jun 20:52 collapse

RCS is off-topic.

Regarding Push, there is UnifiedPush which has already seen a wide adoption, e.g. Matrix. That’s also the one used by Nfty. It’s free and opensource and can be used by anyone.