it never occurred to me that they have taken fingerprints when crossing borders to exit the EU

does not by default. you still have to disable showing notification details, if you don’t want to turn off history

I understood it as they need a database to hold the notifications you should be shown

that part can just happen in volatile memory

I don’t know about others, but Mattermost sends everything by default. first to mattermost’s server, then from there to firebase/apple. there’s a setting to not send message body, but it’s not set by default

websocket based push notifications is still called push notifications in signal. this is the first time I hear the term “pull notifications”, I don’t think it’s widely used.

this is not about push notifications. signal is smart enough to not send your texts to firebase

but wait a minute! I just remembered something.

isnt it that they couldn’t even send you the plain text message itself through push, because only your device can decrypt it?

good question, and I was wrong.

as of this latest commit, push notifications are represented by PushNotification types. the notification message is the 4th parameter in the constructor.

this kind of object is created in PushNotificationManager and PushNotificationScheduler.
out of 6 functions that send a notification, 1 actually sends notifications of messages, and it omits putting in the message part: https://github.com/signalapp/Signal-Server/blob/75948dc6174ed091180aa20c018fa0f353130ee0/service/src/main/java/org/whispersystems/textsecuregcm/push/PushNotificationManager.java#L49

so the signal server does not send {"urgent": true} to firebase, it sends no message, just kind of a ping in my understanding.

you are missing the point.

It’s fine that a border guard checks my passport and lets me to go my way. who cares. It’s reasonable, and I believe that it’s for our safety. but automated checks do more: they log the exact times you crossed the border, store it for decades. all the unnecessary data will most likely leak or be used for nefarious purposes at some point.

its like forced digital passes on public transport. when the driver checks your passes, no private info about my traveling/commuting habits is collected. but when passes need to be scanned, it is: gov id, time, location, stop number, line number. the public transport company really has no business in knowing when do I go to work, when do I head home, or when do I start using a different stop regularly, as it reveals so many other things about you, like whether you do anything in the city after work and how frequent is that.

I travel over the border much less, but my point stands.

What are you actually preserving by avoiding having your face scanned?

in addition to the above, by having fewer face scans uploaded to the system, I expect the surveillance cameras on the streets to do a worse job on facial recognition even when I’m just going about my day in my home country.

Tintás Tunyacsáp in Hungarian, but mostly just Tunyacsáp. It translates back to Inked Lame Tentacle

I just want a browser, no crypto wallets, no ai assistants, no built-in mail client, no biometric scanning.

3 out of those 4 are not even a thing in firefox

Also a bit ironic they use gmail lol

and zoom

This mismanagement, among other issues, potentially cost Microsoft a trillion dollars in market capitalization

so far

no idea how are they getting out of this trouble

I don’t know if they actually started injecting it into the video, but even before they did that, they were serving the ads from the same domain.

my reply on another thread: https://sh.itjust.works/comment/24730726

that is the documentation of firebase, not signal. firebase just shows a common example there that is easy to implement for beginners and lazy devs. but developers can send whatever they want through firebase. I wouldn’t be surprised if that’s what facebook messenger is doing, but if a developer cares about their users privacy, they can just send a simple message through firebase, and make the app so that when receiving that, it checks for new messages by itself.

this is what the molly fork does with unifiedpush. the UP server, commonly ntfy.sh, only sees that the mollysocket server sent this to your molly client:

{"urgent": true}

Notification history is purely local to the device. It is not sent to any servers.

I did not claim so. but when your phone is confiscated, it’s possible to read that out

exactly, it does not need to be automated, and then less info is required.

Automation in these areas often increases the amount of collected information by a lot.

It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

It’s because the system saves the notifications apps posted to the notification menu.

It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

It’s because the system saves the notifications apps posted to the notification menu.

It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

It’s because the system saves the notifications apps posted to the notification menu.

but yes. don’t use firebase push notifications if you can avoid it. use a unifiedpush based system. base signal app does not support it, only molly. there are some difficulties though with that that are unique to signal.

I fully expect my government to keep a record of all its citizens.

they don’t reasonably need biometric data to keep a record. they do need it, that’s not what I dispute, but not reasonably.