Post AciMzD74Z0HsB2APbs by Winterstar@fosstodon.org
(DIR) More posts by Winterstar@fosstodon.org
(DIR) Post #AciFWtDMFlfSfuegqW by Mer__edith@mastodon.world
2023-12-11T21:18:09Z
1 likes, 3 repeats
PSA: We've received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you're talking to. 1/
(DIR) Post #AciFWvCir6LcqWND8K by Mer__edith@mastodon.world
2023-12-11T21:18:20Z
0 likes, 1 repeats
In Signal, push notifications simply act as a ping that tells the app to wake up. They don't reveal who sent the message or who is calling (not to Apple, Google, or anyone). Notifications are processed entirely on your device. This is different from many other apps. 2/
(DIR) Post #AciFWxD9OTsX4Qaa4u by Mer__edith@mastodon.world
2023-12-11T21:18:31Z
0 likes, 0 repeats
What's the background here? Currently, in order to enable push notifications on the dominant mobile operating systems (iOS and Android) those building and maintaining apps like Signal need to use services offered by Apple and Google. 3/
(DIR) Post #AciFWzBS3lhxBjoFhw by Mer__edith@mastodon.world
2023-12-11T21:18:41Z
0 likes, 0 repeats
Apple simply doesn’t let you do it another way. And Google, well you could (and we've tried), but the cost to battery life is devastating for performance, rendering this a false option if you want to build a usable, practical, dependable app for people all over the world.* 4/
(DIR) Post #AciFX19kj3XNJ31vKy by Mer__edith@mastodon.world
2023-12-11T21:18:50Z
0 likes, 0 repeats
So, while we do not love Big Tech choke points and the control that a handful of companies wield over the tech ecosystem, we do everything we can to ensure that in spite of this dynamic, if you use Signal your privacy is preserved. 5/
(DIR) Post #AciFX31JnNyl5T6DT6 by Mer__edith@mastodon.world
2023-12-11T21:19:00Z
0 likes, 0 repeats
*(Note, if you are among the small number of people that run alt Android-based operating systems that don't include Google libraries, we implement the battery-destroying push option, and hope you have ways to navigate.) 6/
(DIR) Post #AciMzD74Z0HsB2APbs by Winterstar@fosstodon.org
2023-12-11T22:26:17Z
0 likes, 0 repeats
@Mer__edith if Signal would implement #unifiedpush I'd be so happy!
(DIR) Post #AciMzEBiZDb5VjLdUO by madcap@ciberlandia.pt
2023-12-11T23:07:26Z
0 likes, 0 repeats
@Winterstar @Mer__edith exactly, implement Unified Push and let us (the users) choose which push server we want to use.
(DIR) Post #AciwlVOrNCoNBkFcq8 by daniel@gultsch.social
2023-12-12T05:48:22Z
1 likes, 1 repeats
@Mer__edith if your persistent TCP connection drains the phone's battery I think you might have implemented it wrong. How do you think Google Push works under the hood?
(DIR) Post #Acixe6X3X5fvzP7T4S by daniel@gultsch.social
2023-12-12T05:58:14Z
0 likes, 1 repeats
@Mer__edith IIRC the criticism was mostly about being able to map Signal ID (the phone number) to a Google account. This is independent to whether or not you put the message content into the notification.FWIW only sending wake up signals instead of content seems pretty standard for personal communication apps these days. Signal isn't unique in that regard.
(DIR) Post #AcjC0t5L5qbsIpug4m by eighthave@social.librem.one
2023-12-12T08:24:01Z
0 likes, 1 repeats
@Mer__edith I respect the work that Signal has done, and Signal has been a great leader in pushing e2ee over the past 15 years. Signal can also do better on push. It is not a binary choice, other options provide much improved privacy with smaller hit on battery usage. @unifiedpush does that and falls back to Google push for devices that don't have #UnifiedPush built-in. @fdroidorg is also helping to get it integrated into #CalyxOS #LineageOS etc https://f-droid.org/2022/12/18/unifiedpush.html1/
(DIR) Post #AcjC0uR04nWyUJ3UTg by eighthave@social.librem.one
2023-12-12T08:29:17Z
0 likes, 1 repeats
@Mer__edith @unifiedpush @fdroidorg and since you mentioned the world, there are 1.4 billion mobile phone users in China without Apple or Google push. There are half a billion #Huawei users around the world who do not have access to Apple or Google push. #AppGallery devices are sold around the world, including here in Austria. Signal's stance on push really only works in North America. 2/2
(DIR) Post #AcjC2Qtcs0HXSJAg9A by eighthave@social.librem.one
2023-12-12T08:36:53Z
0 likes, 1 repeats
@Mer__edith Here is one thing Signal could be doing that it is not: the Signal fork @mollyim has already implemented #UnifiedPush support, Signal can help there, or even integrate that work https://github.com/mollyim/mollysocket
(DIR) Post #Ackufa5nCd4cPcIdkG by m4u5@mastodon.au
2023-12-13T04:34:14Z
0 likes, 0 repeats
@daniel @Mer__edith Both Signal and Conversations seem to be fine on non-Google Lineage-OS.Centralised push doesn't seem necessary.
(DIR) Post #AcliSzgVjfGTjEfL60 by dalias@hachyderm.io
2023-12-11T23:26:35Z
0 likes, 0 repeats
@Mer__edith How does it end up being battery-destroying? Shouldn't it just be waiting on a socket that has no data until there's a notification to be processed, with the TCP keepalive set on the socket options so kernel rather than userspace deals with stupid NATs that would otherwise drop it?
(DIR) Post #AcliT0hxvk1Su2M10C by nus@mstdn.social
2023-12-13T00:18:09Z
0 likes, 0 repeats
@dalias The connection has to remain open, and the app has to remain open to keep the connection open too. Both of those things contribute to battery drain at the same time.If you can figure out the solution to this, you would be providing a great service to the Android community that nobody before you has been able to figure out.
(DIR) Post #AcliT1mbvxKgEjXEsi by dalias@hachyderm.io
2023-12-13T00:45:16Z
1 likes, 0 repeats
@nus No, they do not contribute to battery drain. There is no difference in power consumption between a process that exists but is never scheduled and one that does not exist. One that does not exist to start with, but which gets started from scratch on a triggering event from GCM, is A LOT more expensive.The kernelspace TCP keepalive has a tiny but nonzero energy cost. It's much smaller than whatever constant network noise Play Services/GCM are keeping up, doing userspace keepalives in Java.
(DIR) Post #AcliT4cRODyp23newi by dalias@hachyderm.io
2023-12-13T00:46:57Z
0 likes, 0 repeats
@nus The problem is just that the entire Android system and app developer scene has minimal understanding of POSIX, basic networking principles, etc. and only knows their Java APIs, which do everything in the worst possible ways. I'm not saying anything profound here, but they won't listen regardless...
(DIR) Post #Aclku2bhB6vqWFREHI by futureisfoss@fosstodon.org
2023-12-13T14:19:34Z
0 likes, 0 repeats
@madcap @Winterstar @Mer__edithYes I'd love to have Unified Push as an option!
(DIR) Post #AcmIrcJNN0QWpMsw3E by matmaul@framapiaf.org
2023-12-11T21:50:10Z
1 likes, 0 repeats
@Mer__edith it's not completely true I believe. I am using @unifiedpush with the ntfy connector and the battery impact is quite minimal, I've used it for quite some time now with Element and Megalodon clients and it seems really reliable. Any chance Signal implements UnifiedPush support please please please 🥺😇?
(DIR) Post #AcnqJcXlal0LIjXMBs by _dm@infosec.exchange
2023-12-14T14:29:38Z
0 likes, 0 repeats
@daniel Sure, but isn't that battery cost amortized across all the apps that use FCM? In comparison, if your app brings its own independent push notification connection, that's one more connection and one more background process--with the associated CPU and radio wake-ups, etc. Right?Put differently: if users already have FCM messaging enabled, they will notice ~zero marginal battery impact from adding one more FCM client, but they will notice a significant marginal impact from adding a new, non-FCM service. What am I missing here?
(DIR) Post #Acnqxnh7YJazT64V6m by daniel@gultsch.social
2023-12-14T14:36:55Z
0 likes, 0 repeats
@_dm You are 100% correct.In practice the impact of a well implemented, persistent TCP connection is insignificant compared to other things that drain your battery like screen time etc. At least insignificant enough that I consider talking about "destroying your battery" as framing.I also believe that not every app developer should have to go through the process of "implementing it well" - so push definitively has it's place. But it is also not without alternatives.
(DIR) Post #AcnrYRAkFhgGKcOj4q by daniel@gultsch.social
2023-12-14T14:43:32Z
0 likes, 0 repeats
@_dm disclaimer I'm well aware that measuring battery impact is hard but according to Androids own battery stats the one picture I took today had a more significant battery impact than Conversations had running in background. So did listing to podcasts for a few minutes.
(DIR) Post #AcnwArbgoij78bZzVI by _dm@infosec.exchange
2023-12-14T15:35:17Z
0 likes, 0 repeats
@daniel I assume this depends heavily on (at least) whether you are on wifi or cell. But, sure, a 4% drain might be considered awful by some users and totally acceptable by others. I guess it's nice that Signal offers the option to turn off FCM notifications (apparently? I no longer have an Android).
(DIR) Post #AcnxbHAyTSfJvFF3xI by daniel@gultsch.social
2023-12-14T15:51:17Z
0 likes, 0 repeats
@_dm indeed. Once you have a reasonable implementation the largest factor is quality of network (less wifi vs mobile but more just general quality)That's for idle connections. The amount of pushes/messages obviously plays a large role too. But that's true for Google Push too.The screenshot above was taken in what I would call 'average' conditions. I've been traveling all day so connection quality is 'mixed'.
(DIR) Post #Acp8V6SwftCzcbro0G by andre_meister@chaos.social
2023-12-12T21:50:54Z
1 likes, 0 repeats
Noone claims the content data of push notifications is significant. But the data connected to the push ID is: A Apple/Google-ID, and everything in it.While researching for our article, I sent Signal repeated press inquiries. Among my questions was:"Of all user accounts that Signal had to hand over data to authorities since 2020, how many datasets contained push tokens?"I still don't have an answer. I still would appreciate one. I'm sure, many other users, too.https://netzpolitik.org/2023/push-dienste-behoerden-fragen-apple-und-google-nach-nutzern-von-messenger-apps/
(DIR) Post #Acp91HSvJVaL0GCSRc by nus@mstdn.social
2023-12-13T00:57:03Z
0 likes, 0 repeats
@dalias how would you fork this and servers to fix the notification battery issues?https://github.com/binwiederhier/ntfy-android
(DIR) Post #Acp91IHyFiPzYa5E0m by dalias@hachyderm.io
2023-12-13T01:00:50Z
0 likes, 0 repeats
@nus I don't think I have the energy to dig into what it's doing, but on a high level, I'd make it use a background activity that maintains a TCP socket to the server and blocks waiting for input from it. With keepalive set in the socket options so kernel avoids droppage by bad NATs. No execution of any code except when data is received or connection drops & needs to be reestablished.
(DIR) Post #Acp91JBGw6ecK5xOD2 by nus@mstdn.social
2023-12-13T15:52:27Z
0 likes, 0 repeats
@dalias if this is as easy as you claim, you should at least file a ticket requesting it from ntfy. You'd be revolutionizing something that nobody has figured out since 2012. I can't overstate the level of achievement this would be.
(DIR) Post #Acp91JyC0DmmloqSSe by dalias@hachyderm.io
2023-12-13T17:13:59Z
0 likes, 0 repeats
@nus If I were a maintainer and got a ticket that was "I haven't actually read any of your code but you must be doing something wrong at a very high level, here's how you should be doing it", I would probably be annoyed & think the reporter had no idea what they were talking about on the basis of their lack of social skills. I'm not going to be that reporter. I stand by the high level principles, but taking an actionable report to a project requires having an understanding of what they've tried.
(DIR) Post #Acp91KiHEseJ4kPGIC by nus@mstdn.social
2023-12-13T17:21:05Z
0 likes, 0 repeats
@dalias well that's kind of the point, isn't it... Either you are correct and you're sitting on what could be one of the greatest advancements in Android history, or you aren't.With this incredible innovation, surely looking silly for a little while is worth it.
(DIR) Post #Acp91LMgocyX65JXHc by dalias@hachyderm.io
2023-12-13T17:23:41Z
0 likes, 0 repeats
@nus Um, no. It's not "looking silly for a little while". It's "being an asshole who mistreats maintainers and having your right technical points rightly overlooked because you were an asshole in how you presented them".
(DIR) Post #Acp91M5M8YhjKcDCu8 by nus@mstdn.social
2023-12-13T17:57:59Z
0 likes, 0 repeats
@dalias if these technical points are indeed correct, you will revolutionize open source apps using push notifications overnight. That department has stagnated for over a decade. What do you have to lose?
(DIR) Post #Acp91MrZFJGjk8li3E by dalias@hachyderm.io
2023-12-13T18:38:50Z
1 likes, 0 repeats
@nus Exactly what I said to lose: ensuring nobody adopts the right way to do this because the person pushing it is intolerable. Awful ppl pushing good ideas are the surest way to bury those ideas.