The case was the first time authorities charged people for alleged “Antifa” activities after President Trump designated the umbrella term a terrorist organization.
So it’ll use TLS encryption, meaning that others on your network won’t be able to snoop it, but not end-to-end encryption, so Google/Apple servers will see the plaintext of the push notification content.
This is a limitation of the specific implementation of how push notifications work. End-to-end encrypted push notifications would be technically possible but it would require Apple/Google to make it possible. Developers can’t implement it without getting you to run some services yourself, either self-hosted or a long-running background process on your phone, which would be a battery drain.
The link you shared isn’t really relevant to push notifications specifically.
The best happy medium we can get is to send empty/blank push notifications, which some apps including Signal offer as an option, but you often need to set it that way in the settings. I think Signal does that by default, but very few apps do.
The push notification for most messengers is a ping with little to no data in it, telling the app to grab messages directly via TLS. That’s how e2e works with push.
It depends on the app. Some apps do (or can be configured to) indeed send “empty”/blank notifications which just notify you that you’ve received a new message from an app, but not from whom, or what the message contains.
However most apps by default will contain more data, such as who the message is from, and some/all of the sent message body.
If you get a push notification on your phone, everything you see in that notification must by definition pass through the push notification service.
I’d disagree with “most messengers” doing that, in my experience, most don’t do it by default. Signal is a pretty rare exception to do so by default.
I’d disagree with “most messengers” doing that, in my experience, most don’t do it by default. Signal is a pretty rare exception to do so by default.
What messenger doesn’t? Signal, WhatsApp, Matrix, Snapchat, Discord, Telegram, etc. I’d say “most” is pretty accurate. No idea what Wechat does, but that’s a whole different story.
If you get a push notification on your phone, everything you see in that notification must by definition pass through the push notification service.
Also not true. What you “see” could have been retrieved post-notification, as described in the message you responded to. What you see has nothing to do with what goes through the push service and is a full technical inacurracy.
So it’ll use TLS encryption, meaning that others on your network won’t be able to snoop it, but not end-to-end encryption, so Google/Apple servers will see the plaintext of the push notification content.
This is a limitation of the specific implementation of how push notifications work. End-to-end encrypted push notifications would be technically possible but it would require Apple/Google to make it possible. Developers can’t implement it without getting you to run some services yourself, either self-hosted or a long-running background process on your phone, which would be a battery drain.
The link you shared isn’t really relevant to push notifications specifically.
The best happy medium we can get is to send empty/blank push notifications, which some apps including Signal offer as an option, but you often need to set it that way in the settings. I think Signal does that by default, but very few apps do.
Not true.
The push notification for most messengers is a ping with little to no data in it, telling the app to grab messages directly via TLS. That’s how e2e works with push.
As I wrote elsewhere:
I’d disagree with “most messengers” doing that, in my experience, most don’t do it by default. Signal is a pretty rare exception to do so by default.
What messenger doesn’t? Signal, WhatsApp, Matrix, Snapchat, Discord, Telegram, etc. I’d say “most” is pretty accurate. No idea what Wechat does, but that’s a whole different story.
Also not true. What you “see” could have been retrieved post-notification, as described in the message you responded to. What you see has nothing to do with what goes through the push service and is a full technical inacurracy.