💾 Archived View for bbs.geminispace.org › u › wasolili › 22103 captured on 2024-12-17 at 15:50:23. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Re: "How to survive the broligarchy: 20 lessons for the post-..."
@HanzBrix I think you're conflating push notifications (which are sent via fcm) with the notifications shown on your phone, which do not need gms and are triggered locally. Signal uses fcm to send your device a "you may have messages" message, your device fetches the encrypted messages via signal's servers, decrypts them, and then (optionally) sends a local notification (which doesn't rely on gms).
That's not say there aren't privacy concerns about local notifications (android allows other apps to read all notifications if they have the permissions for it, notifications may be logged locally, etc), but "sending messages directly to google" is not one of them.
@stack yes signal's messages are e2ee (and, unlike several alternatives, has been audited by cryptographers). the only metadata Google gets is "at x time, signal's servers wanted to let the device know there may be message updates."
Nov 23 · 3 weeks ago
I wish there were more reminders to go into 'special permissions' and get rid of apps snooping on notifications. I didn't know about that until this month...
🐦 wasolili [...] · Nov 23 at 19:41:
Signal is most definitely not e2ee, as the desktop client can operate independently of the app now (didn't used to be that way), signifying a one to many relationship.
@HanzBrix this doesn't make signal not e2ee. to simplify it, when you use multiple devices, each device has its own double ratchet session and the sender of a message encrypts it for each device.
How to survive the broligarchy: 20 lessons for the post-truth world | Carole Cadwalladr