Ntfy - Jami on Android complains

Hello

Following an update, Jami now complains when launched in Android, asking for ntfy to be installed. Why is this, and what are the implications for privacy and security?

Many thanks.

2 Likes

Maybe this is because Jami wants to use an alternative to Google Push?

2 Likes

On LineageOS without microG, at last update (but only at update), Jami asked me to install a push distributor. I am not sure what that means exactly and how to do it.

I already have conversation using up.conversation.im for unified push for XMPP.

Actually the developers should put these informations into the docs.

Maybe it’s similar to OpenPush?

But also includes desktop?

Details are discussed here:

https://news.ycombinator.com/item?id=34094497

1 Like

Thanks. The best things to read I found are:

  • https://f-droid.org/2022/12/18/unifiedpush.html
  • https://unifiedpush.org/users/distributors/conversations/

I provided a summary in French on another thread on this forum.

I did setup the XMPP account in conversations for push notifications and kept up.conversations.im as push notification server, then in Jami the option to have push notifications appeared, unlike before.

However, the description says “Use Google servers to allow receiving calls/messages in the background”. I do hope it is just a wrong description (my phone is running LineageOS without microG so I hope that the phone never contacts any Google server, perhaps I should even tweak name resolution to drop anything going to Google).

@ECaptainRaj and @Avron – Thank you both for your input here. I think, maybe, that the developers might like to consider answering the question I posed,

@sblin SĂ©bastien, could you comment, please?

Actually I think @aberaud is currently one of the Android developers.

Oh. OK, thanks. I’ve had dealings with Sébastien regarding Linux matters.

Hi, we would like to clarify that the description in the settings is outdated and that Jami would actually use the push notification system configured by the user, not Google servers unless they are chosen.

This is true for the F-Droid version of Jami, which is built with Open Push support. The Google Play Store version is still built for Firebase/Google push notifications.

2 Likes

@aberaud Thank you so much. Very grateful indeed for your response. Could I please ask, what are the implications for privacy and security with the addition of the push notifications?

I am not an expert but I guess it means the nfty server maintains some connection with your phone, so if it wanted to, it could keep track of your IP address and, in a rough manner, of your location.

To avoid that, you could run the server on a machine you run that you keep permanently on and connected. The server is looking like it is free software (as respecting its user freedom) but it would be a good idea to check that this is true for all pieces including its dependencies. I tend to prefer things with as few and small dependencies as possible and good chances of being well-reviewed.

1 Like

@Avron Thank you. This is as I thought too.
Hopefully @aberaud will give us his thoughts, too. :slight_smile: