this post was submitted on 06 Dec 2023
558 points (98.8% liked)

Technology

59414 readers
3080 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] RaoulDook@lemmy.world 3 points 11 months ago* (last edited 11 months ago)

Thanks for bringing that info here. I was already using Signal but I was concerned about their approach to notification security when I read this news this week.

Here's some info I found on the reddit Signal sub, not verified but just comments:

*All that goes through the Google or Apple push notification systems is “you’ve got a push notification.”

It’s up to your Signal app to then wake up, contact Signal’s servers, and see what the notification was. Message content and sender identity never pass through Google/Apple push infrastructure.

*Signal does not use google notification system is my understanding.

For apps that do, google only gets metadata, that is not content of the message.

2nd comment is not quite right, it does use the google notification system if you install it from the Play store. You can avoid that by installing the APK downloaded from the Signal site.

Metadata that is unencrypted could include things that identify who the message is to or from, and the timestamps of the messages. Seems like we can only be sure the content of messages is secure, but not the metadata. >