Zum Inhalt der Seite gehen

mastodon - Link zum Originalbeitrag
PSA: We've received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you're talking to. 1/
Als Antwort auf Meredith Whittaker

Meredith Whittaker
mastodon - Link zum Originalbeitrag
Meredith Whittaker
In Signal, push notifications simply act as a ping that tells the app to wake up. They don't reveal who sent the message or who is calling (not to Apple, Google, or anyone). Notifications are processed entirely on your device. This is different from many other apps. 2/
Als Antwort auf Meredith Whittaker

Daniel Gultsch
mastodon - Link zum Originalbeitrag
Daniel Gultsch
IIRC the criticism was mostly about being able to map Signal ID (the phone number) to a Google account. This is independent to whether or not you put the message content into the notification.
FWIW only sending wake up signals instead of content seems pretty standard for personal communication apps these days. Signal isn't unique in that regard.
Als Antwort auf Meredith Whittaker

Meredith Whittaker
mastodon - Link zum Originalbeitrag
Meredith Whittaker
What's the background here? Currently, in order to enable push notifications on the dominant mobile operating systems (iOS and Android) those building and maintaining apps like Signal need to use services offered by Apple and Google. 3/
Als Antwort auf Meredith Whittaker

Meredith Whittaker
mastodon - Link zum Originalbeitrag
Meredith Whittaker
Apple simply doesn’t let you do it another way. And Google, well you could (and we've tried), but the cost to battery life is devastating for performance, rendering this a false option if you want to build a usable, practical, dependable app for people all over the world.* 4/
Als Antwort auf Meredith Whittaker

Meredith Whittaker
mastodon - Link zum Originalbeitrag
Meredith Whittaker
So, while we do not love Big Tech choke points and the control that a handful of companies wield over the tech ecosystem, we do everything we can to ensure that in spite of this dynamic, if you use Signal your privacy is preserved. 5/
Als Antwort auf Meredith Whittaker

Meredith Whittaker
mastodon - Link zum Originalbeitrag
Meredith Whittaker
*(Note, if you are among the small number of people that run alt Android-based operating systems that don't include Google libraries, we implement the battery-destroying push option, and hope you have ways to navigate.) 6/
Als Antwort auf Meredith Whittaker

Daniel Gultsch
mastodon - Link zum Originalbeitrag
Daniel Gultsch
if your persistent TCP connection drains the phone's battery I think you might have implemented it wrong. How do you think Google Push works under the hood?
Unbekannter Ursprungsbeitrag

daisE 🌈
mastodon - Link zum Originalbeitrag
daisE 🌈
@kuketzblog
Could you please explain the relevance of your question? AfaIk, the Signal server does not log from where or when a message has arrived. It also does not log when the ping was pushed or the message was picked up. State queries to Google (and Signal) can therefore (worst case) only find out when and to which account a ping from the Signal server was pushed. So imho, when and by whom something was sent remains unknown. Or what other information could be obtained and how?
@Kuketz-Blog 🛡
Unbekannter Ursprungsbeitrag

Meredith Whittaker
mastodon - Link zum Originalbeitrag
Meredith Whittaker
@kuketzblog These are the law enforcement requests we've been forced to reply to, including our responses. signal.org/bigbrother/
@Kuketz-Blog 🛡
Unbekannter Ursprungsbeitrag

daisE 🌈
mastodon - Link zum Originalbeitrag
daisE 🌈
@kuketzblog it still would be nice to get an answer as to how this * could be relevant for what...
* knowing the signal account which got a simple ping by push.
@Kuketz-Blog 🛡
Unbekannter Ursprungsbeitrag

eduX
mastodon - Link zum Originalbeitrag
eduX

@kuketzblog

@Mer__edith

@Kuketz-Blog 🛡 @Meredith Whittaker
Als Antwort auf Meredith Whittaker

Kuketz-Blog 🛡
mastodon - Link zum Originalbeitrag
Kuketz-Blog 🛡

The main problem is summarised again here - in German: kuketz-blog.de/signal-threema-…

You can use DeepL or another translator to translate it into English.


Signal/Threema: Klare Kommunikation zur Push-Problematik wünschenswert

Das Thema »Behörden fragen Apple und Google nach Nutzern von Messenger-Apps« hat mich nicht losgelassen.
Kuketz IT-Security Blog