I just started my de-googling journey recently, and so the mechanics of notifications were still unclear to me, and I found this video super helpful.
It explains how most mobile messaging apps (including privacy-focused ones like Signal) rely on Google and Apple’s centralized servers to deliver push notifications, which exposes vast amounts of user metadata.
Here’s the YT link, for people who prefer it: https://youtu.be/c3ennD3wKn0
You can use push providers if you trust them. For example mozilla hosts one.
The MollySocket service also does not need and does not have decryption keys, only keys to request encrypted messages from signal servers. Still not something I would want to run on someone elses server without serious privacy considerations.
Yup, that’s why I use my own server to host both MollySocket and UnifiedPush (via NTFY).
NTFY can provide UnifiedPush? I didn’t know that!
Yes, you only need to ensure your instance of
ntfyallows public access to all items with theupprefix in the settings.Oh and then set your mobile app to enable UP in the settings of course!