Can Google read my Matrix messages, when they are delivered to me as push notifications using Google Cloud Messaging service? This is probably not true, as because of E2EE, the homeserver should not have access to my messages in the first place, but still trying to confirm. I don’t want to run a battery draining F-droid build of element unnecessarily when I have Google Play services installed.
Not sure, but I think so. I think everything you see in your notification, Google can see
I could be wrong though.
Basically. GAPPS & privacy is impossible to achieve. Even moreas your GAPPS require internet for push notifications.Even sandboted CAPPS on GOS need internet for pn So if you want to make sure that Google can’t read what you’re getting as EZEE messages, you basically have to be offline (doesn’t make sense for e.g. Element tho) or get a degoogled device.
Is it not the app that sends the notification after receiving the push from GCM? Won’t the encryption key have to be stored on Google Cloud Messaging for Google to be able to read the content of the data being sent along with the push message? To be clear, the message does go through Google servers if using the play store version, but does the message go through the Google servers in plain text?
I don’t think so. Look, I don’t really know enough, but if Google has access to encrypted messages just because they run through Google Play Services, I feel like the privacy community would have discussed that to death by now. There are something thinks that are handled just be Android, so I can imagine the solution being something like an encrypted messages arrives to you via Google Play Services, but is then decrypted in the app and displayed via Android as a notification. I don’t think notifications themselves are run by Google Play Services. Could be totally wrong, though.
The messages are decrypted after they hit your device. That’s why you’re able to read them. If Google’s notifications are displaying the messages to you in plain text, then that means that Google theoretically has access to those messages. Many e2ee messaging apps have the option of hiding the message content in the notification partially for this reason (not sure about Element or whatever Matrix client you use specifically though).
I might have to ask at some bigger privacy forum to get a more definite answer.
Signal and Proton Mail uses Push notifications without giving content data access to Google. Don’t know about encrypted Matrix chat
Can you provide me the link to any document or blog post where Signal or Protonmail explain this?
I couldn’t find it anymore since I don’t keep all the articles I read but here is information on Threema which is a paid E2EE messenger What kind of data is transmitted via push notification services? – Threema
Signal and Proton should work in similar ways.
If anonyone can find the info for both of the services please share ^^
This doesn’t seem factually correct . For most of the services , google firebase messaging does not have the actual content of the message, but it can contain some meta data which would not be desired by the user. Thankfully signal sends only limited amount of data through firebase. i am not an expert on this and i have gathered the info from the signal’s community forum.
I’ll ask you to go through it for a better understanding.
Which telemetry/statistic information is sent to the server? - #4 by farmer - Android Support - Signal Community?
Use GCM/FCM alternatives for notifications - #6 by KeeJef - Android Feature Requests - Signal Community