The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.
If you turn off notification history on Android, should be enough to avoid such “attacks”. Hiding sensitive content inside notifications only hides it in the lock screen. If your OS keeps a clear log of them, it’s useless.
Edit: didn’t know Signal actually has settings to hide their own notifications. I was thinking about Android’s “hide sensitive content” setting.
Local, on-device apps don’t need to go through FCM or any other servers to show notifications, apps generate notifications offline.
Same goes for Signal, it doesn’t ask FCM to deliver a notification, it asks to deliver a wakeup ping, and then the Signal app gets the message and generates a notification locally.
Signal only sends a “new message, retrieve the rest from Signal” ping to your phone through Firebase. It doesn’t contain message details, just that you have a new message.
If you don’t use Google Play Services, you don’t get push notifications, so yes. Libre reimplementations of Google Play Services such as Gapps etc. or alternative push notification providers do not circumvent this issue, except possibly self-hosted push notification providers. This approach is really rare though and limited generally to very few apps.
This is about a history of notifications locally on the phone.
This is implemented outside of gms at least on my rom, and in the past I have also installed a separate app to do the same.
If you log your notifications … that log can leak your notifications.
Yes, I know! Sorry for the confusion, I just wanted to take the opportunity to raise awareness about a privacy issue that lots of people aren’t aware of
If I turn off notifications on my end, does the other person still generate a push notification when they send me a message, even if I never receive it?
Edit: Sorry, I think I misunderstood your question. If you don’t have Google Play Services enabled but your friend does and messages you, no, a push notification won’t be sent, but if you message them, one will be sent to them.
I thought you were asking if you just disabled notifications on your phone if that would prevent push notifications from being sent. I’ll leave my original answer in case someone else has that question.
It depends on what exactly you mean, but usually not. If you mean in your phone’s notifications management settings, that does not affect the push notifications being sent to Google/Apple servers, that’s just a local setting to decide how your phone handles it.
Some apps, though rarely, allow you to disable push notifications from being sent. If it exists, this is inside a settings screen in the app itself or on the app provider’s website somewhere. Generally, only privacy-conscious apps provide such settings.
To send you a push notification, an app requires a special token specific to that app and your device, kinda like an API key, which can only be generated for a device using Google Play Services. Without that token, a push notification cannot be sent. These tokens expire, so if you used Google Play Services and just turned it off, push notifications will still get sent into the ether - but never delivered - until the token expires, at which point notifications can’t be sent anymore. Badly developed apps might still try to send push notifications with expired tokens, I have no idea what Google servers would do with that, but I’d guess they would just discard it immediately.
You might be getting pull notifications, that’s generally the workaround for push notifications being disabled - it generally increases battery usage because it forces the app to stay open in the background.
Notification logging is usually done by some other part of android as far as I know. GMS is the typical way to deliver notifications and is a far more serious privacy concern, since it also directly passes googles servers and is not encrypted. However as others mentioned, signal does not send contents there, message notifications with the message contents stay on device.
If you turn off notification history on Android, should be enough to avoid such “attacks”. Hiding sensitive content inside notifications only hides it in the lock screen. If your OS keeps a clear log of them, it’s useless.
Edit: didn’t know Signal actually has settings to hide their own notifications. I was thinking about Android’s “hide sensitive content” setting.
Notifications go through FireBase Cloud Messaging (FCM) on Android. They bounce off a Google server. Even from local, on-device apps.
Same with iOS.
They can read and store every one of them, and you don’t control the encryption keys.
Local, on-device apps don’t need to go through FCM or any other servers to show notifications, apps generate notifications offline.
Same goes for Signal, it doesn’t ask FCM to deliver a notification, it asks to deliver a wakeup ping, and then the Signal app gets the message and generates a notification locally.
Signal only sends a “new message, retrieve the rest from Signal” ping to your phone through Firebase. It doesn’t contain message details, just that you have a new message.
But they only instruct Signal to wake up and download whatever is waiting. They don’t contain the message contents.
By not having Google Play Services, isn’t this prevented?
If you don’t use Google Play Services, you don’t get push notifications, so yes. Libre reimplementations of Google Play Services such as Gapps etc. or alternative push notification providers do not circumvent this issue, except possibly self-hosted push notification providers. This approach is really rare though and limited generally to very few apps.
This is about a history of notifications locally on the phone.
This is implemented outside of gms at least on my rom, and in the past I have also installed a separate app to do the same.
If you log your notifications … that log can leak your notifications.
Yes, I know! Sorry for the confusion, I just wanted to take the opportunity to raise awareness about a privacy issue that lots of people aren’t aware of
If I turn off notifications on my end, does the other person still generate a push notification when they send me a message, even if I never receive it?
Edit: Sorry, I think I misunderstood your question. If you don’t have Google Play Services enabled but your friend does and messages you, no, a push notification won’t be sent, but if you message them, one will be sent to them.
I thought you were asking if you just disabled notifications on your phone if that would prevent push notifications from being sent. I’ll leave my original answer in case someone else has that question.
It depends on what exactly you mean, but usually not. If you mean in your phone’s notifications management settings, that does not affect the push notifications being sent to Google/Apple servers, that’s just a local setting to decide how your phone handles it.
Some apps, though rarely, allow you to disable push notifications from being sent. If it exists, this is inside a settings screen in the app itself or on the app provider’s website somewhere. Generally, only privacy-conscious apps provide such settings.
So how does it decide to generate a push notification or not?
To send you a push notification, an app requires a special token specific to that app and your device, kinda like an API key, which can only be generated for a device using Google Play Services. Without that token, a push notification cannot be sent. These tokens expire, so if you used Google Play Services and just turned it off, push notifications will still get sent into the ether - but never delivered - until the token expires, at which point notifications can’t be sent anymore. Badly developed apps might still try to send push notifications with expired tokens, I have no idea what Google servers would do with that, but I’d guess they would just discard it immediately.
I don’t use Play Services and still get push notifications from Signal, so they’re clearly using an alternative implementation.
You might be getting pull notifications, that’s generally the workaround for push notifications being disabled - it generally increases battery usage because it forces the app to stay open in the background.
Molly supports unified push
That would make sense.
Is this true if you don’t have Google Play Services but the person you’re messaging does? Is one person cutting GPS out enough?
The message you send them would probably go through as a push notification to them, but the message they send you wouldn’t.
Notification logging is usually done by some other part of android as far as I know. GMS is the typical way to deliver notifications and is a far more serious privacy concern, since it also directly passes googles servers and is not encrypted. However as others mentioned, signal does not send contents there, message notifications with the message contents stay on device.
@4am @MrSoup wtf
I’m actually talking about sensitive data on Google/Apple hosted servers, as well as on the phone itself!