this post was submitted on 24 Feb 2024
733 points (98.7% liked)
Technology
58303 readers
15 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
With Signal's default settings, Google reads your Signal messages when they come in through push notifications.
Correct me if I'm wrong.
Edit: For those in doubt, last year, I started seeing content-aware auto-reply options in my Signal message notifications; that is not a function of Signal, but a function of Google's Android. One could escape it by using a de-Googled Android like Lineage or Graphene, or by hiding the message content (which is not the Signal default) and would surely hurt Signal's adoption, when you have to unlock the app to read each message.
https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/
You are wrong ;-) The push stuff is just used to signal the receiver that there is a new message. No meaningful data is sent that way. Not even an encrypted message.
Call me paranoid, but Google owns Android. They can easily read the content of a notification as it's displayed. They even have a Notification History app where you can see all applications from all apps.
You’re missing the point, there’s no message content sent in the notification, there’s nothing to read.
I'm not talking about the FCM message, I'm talking about Android running on your phone, where the message content is displayed to you.
At some point, Android is reading the message to generate the quick replies that were showing in the notification. They're content-aware and this is not a function of Signal; if someone sent me a question, there were "yes" and "no" quick replies. If someone sent that they were going to be late, there were quick replies like "That's OK", etc.
that's not how push works. usually, google would only know you received a notification, but not it's contents. that "dummy" notification wakes the app up, which decrypts and shows the real notification.
content aware stuff runs entirely locally on your phone, so no data is sent to google (unless you have telemetry enabled, in which case the reply or action you used will be sent to google together with the next telemetry data upload)
yes, some apps actually push the content directly through the push system, but that's not how this is handled in most apps that handle private data in notifications.
Or... And hear me out, Molly FOSS with Unified Push notifications. Problem solved!
I'm looking in to this, thank you!
Edit: Molly (UnifiedPush) isn't something I can reasonably expect friends and family to set up.