- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
“App developers can encrypt these messages when they’re stored (in transit they’re protected by TLS) but the associated metadata – the app receiving the notification, the time stamp, and network details – is not encrypted.”
BRUH push notifications with Firebase require everything going through a Google server? What in the deleted is that design?
I don’t like Google either but this design makes perfect sense. There’s a reason UnifiedPush works the same way. It sucks that you can’t choose a different server but that’s just how Google does things.
In my opinion there’s absolutely no point in sending notifications through Google. It can be done differently and in a much less overengineered way. Unification doesn’t make sense here. The additional features don’t work in half of the apps now anyways
If you have a better way to do this, I’d really like to hear it. Also, what additional features are you talking about?
Apps running in the background was how it was done before but it drained a lot of battery, which is why it’s done this way now. Even KDE is implementing UnifiedPush. Things like the Firefox progress bar notification also don’t use this system at all.
Well here it’s a matter of personal preference. For me privacy is more important than battery life and I consider Firebase extremely immoral. It can be different for other people
But that’s why UnifiedPush exists, an open standard where you can choose what server to use or self host it
As I said earlier, this idea is good too. Open push standards are generally the best for efficiency but they can become proprietary or die (usually after getting bought by a big tech company) and even if a fork emerges it may be difficult to switch to it since it’s an important component and 100% compatibility with the previous standard is not always possible. That’s the main problem with unification and monopolization. The open standards can run into severe issues and then everything may collapse. When apps control the notifications, such risk is almost completely mitigated. Even though the described scenario is generally unlike to happen, push notifications have always been very “interesting” for big tech which rises the concerns about the stability of open push standards. Fortunately it’s possible to make an app that can work in both push and standalone modes (e.g. Telegram) which is good I guess