Comment

Comment on Time to get serious with E2E encrypted messaging

Andromxda@lemmy.dbzer0.com ⁨1⁩ ⁨month⁩ ago

your conversations are still tied to Google

That’s simply false. Signal Notifications never include the content of the message or any metadata, no matter if they’re sent over FCM, APN, WebSockets or UnifiedPush (via mollysocket). That wouldn’t even be possible, since the Signal server sending out the notification doesn’t even have the key to decrypt the message. Only the users involved in the conversation have the keys, that’s how end-to-end encryption works. Signal simply sends an empty message via FCM (or any other push system), and the Signal app on your device then receives and decrypts the encrypted message and shows you a preview of the message content as a notification on your operating system.

And every build of the Signal client for WhatsApp also supports WebSockets as a fallback push notification system, in case Play services aren’t installed or can’t be reached. The only reason why FCM is used by default is that it saves some battery, because it only maintains one background network connection for all apps, instead of each app handling notifications themselves.

source

Sort:hotnew top

mox@lemmy.sdf.org ⁨1⁩ ⁨month⁩ ago
The point is that since Signal’s default, well-supported installations use Google services, those services are present on most of your contacts’ devices. You might have the knowledge, skill, and motivation to avoid those services on your own device, but since they’re still present at the other end of most chats, you haven’t escaped them.

It’s also worth noting that E2EE doesn’t protect the endpionts, and that Google Play Services run with system-level privileges.

source
- Andromxda@lemmy.dbzer0.com ⁨1⁩ ⁨month⁩ ago
  
  Signal’s default, well-supported installations use Google services
  
  Signal only uses FCM for notifications, with a fallback mechanism (WebSockets) being available in all builds of the app, as well as Google Maps for location sharing (which most people probably don’t use anyway).
  
  so unless you’re an extremely atypical user, those services are present on most of your contacts’ devices
  
  Google Play services being present on people’s devices has nothing to do with Signal including the library. They are present on almost every Android device, because Google pressures OEMs to include them and grant them system level privileges.
  
  Let’s also remember that E2EE doesn’t protect the endpionts
  
  Yeah, but that’s the case with EVERY messenger app, so I really don’t know what your point is here?
  
  source