Recent searches
Search options
PSA: We've received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you're talking to. 1/
In Signal, push notifications simply act as a ping that tells the app to wake up. They don't reveal who sent the message or who is calling (not to Apple, Google, or anyone). Notifications are processed entirely on your device. This is different from many other apps. 2/
What's the background here? Currently, in order to enable push notifications on the dominant mobile operating systems (iOS and Android) those building and maintaining apps like Signal need to use services offered by Apple and Google. 3/
Apple simply doesn’t let you do it another way. And Google, well you could (and we've tried), but the cost to battery life is devastating for performance, rendering this a false option if you want to build a usable, practical, dependable app for people all over the world.* 4/
So, while we do not love Big Tech choke points and the control that a handful of companies wield over the tech ecosystem, we do everything we can to ensure that in spite of this dynamic, if you use Signal your privacy is preserved. 5/
*(Note, if you are among the small number of people that run alt Android-based operating systems that don't include Google libraries, we implement the battery-destroying push option, and hope you have ways to navigate.) 6/
@Mer__edith How does it end up being battery-destroying? Shouldn't it just be waiting on a socket that has no data until there's a notification to be processed, with the TCP keepalive set on the socket options so kernel rather than userspace deals with stupid NATs that would otherwise drop it?
@dalias
There are a couple of options for notifications.
The most battery saving design is to have your app being woken up whenever a notification is received. This way, you app does not use battery while there is nothing for it to do. The dominant solution in this space is integrated into Google Play (proprietary). The opposite site of the spectrum, and the solution Signal chose, is for the app to require permission to stay awake all the time polling for notifications.
@Mer__edith
@dalias
The vexing part is that @signalapp (seemingly categorically ) refuses to cooperate with the rest of the FOSS world to integrate with open solutions, which already exist. Instead, their spokespeople like
@Mer__edith prefer to talk down to people who, for whichever reason can't or don't want to run proprietary Google services on their Android phone.
@ck @dalias @signalapp this is a very rude comment that misunderstands our choices and commitments. I, also, do not *want* to run corp software. But in a world where a few companies own and/or otherwise control most of the infra we all rely on, INCLUDING choosing which FOSS options receive support (via hiring their maintainers, funding via Linux Found etc), it's an unhelpful fantasy to paint operating in this ecosystem, shaped by these forces/actors, as a "choice" made out of obstinacy/stupidity
@ck @dalias @signalapp There's also a reckoning to be had within the FOSS community IMO, which in the 1990s took its eye off market actors even as it remained vigilant about government surveillance/overreach. The acceptance of corporate tech (and implicitly its surveillance business model), led by folks like ESR via the break from Free software to "open source," did a lot to get us here.
@Mer__edith @ck @dalias @signalapp
On the other hand, one could argue that it was the absolute ideological dogmatism of RMS and his followers that led to corporates to go their own way.
@julf @ck @dalias @signalapp Sure. Yes. I would argue that assholes abound, and that this--and how RMS was allowed to keep his crown for so long in spite of his rigid, ungenerous dogmatism and shitty behavior--needs to part of said reckoning.
@AngelaScholder @julf @ck @dalias @signalapp Richard Stallman
@Mer__edith @julf @ck @dalias @signalapp That helps, thanks.
@AngelaScholder
The ESR mentioned above is Eric S Raymond author of the Cathedral And The Bazaar and right wing ideologue.
@Mer__edith @ck @dalias @signalapp
Corporate surveillance *is also* (indirect) government surveillance. And with a bit of luck, it's not a government you are able to vote for.
@VincentTunru @ck @dalias @signalapp Yes, this is true.
@Mer__edith @ck @dalias @signalapp The world has paid such a high price for the founding ideology of the FOSS movement's lack of political consciousness around capitalist dynamics. "Markets produce just outcomes / markets naturally punish bad actors / small businesses will save the world" in all its forms (FOSS by no means alone) led directly to today's tech surveillance/policing/military-industrial oligarchies - against which we must build broad, powerful coalitions of ordinary people.
@jplebreton I would argue they were aware of the dynamics and were 100% pro-capitalism. The GPL, in particular, is very much a capitalist tool, and there isn’t much energy around fixing it.
Some of the old guard have made it very clear, open source is, and was, capitalist. Especially when the ideas of a communist public license or an anti-capitalist license come up.
@jollyrogue @jplebreton @Mer__edith @ck @dalias @signalapp @be
Do you have an example or link to a communist public license?
@marcusgreen @jollyrogue @jplebreton @Mer__edith @ck @dalias @signalapp @be
Have a look here and the "More reading & licenses" part at the bottom of the website:
https://anticapitalist.software/
@jollyrogue @jplebreton @Mer__edith @ck @dalias @signalapp @be do you have some more details on why you consider GPL a capitalist tool?
@frox Sure. It’s been a while, but these are some off the top of my head.
A long time ago, early ‘80s, RMS used to sell tapes of Emacs code, and this frames the outlook of the GPL license. He used to do fairly well with this from what I’ve read.
The GPL defines distribution as external distribution, and corps, like Google, have used this loophole to modify the code without having to distribute their changes. The APGL is better about this, but there are still ways around the license.
The GPL doesn’t specify the code released to the public has to be complete or buildable by the public. Parts can be left out, and the tooling to build the project doesn’t have to be public. VS Code is a good example of this. The code in the repo is not a complete project. It’s “open source”, but getting an exact copy of the binary as shipped by MS is not possible by building VS Code from the code repo. Granted the industry needs to do better about creating reproducible builds, and that muddies the waters a little bit.
Next, GPL allows for code which is available on request. I’ve personally seen a “open source” company use this to restrict access to their GPL code, and OpenBSD used to razz Linux distros about having a public CVS server. Plus the recent moves by RH, in regards to RHEL sources, is exactly how the GPL is supposed to be used.
The FUD around the GPL makes it sound scarier than what it is. It’s really pretty mild, and it’s more copyright of center than copyleft.
So applying such a criticism to Free Software licensing is nonsensical. Obviously is solely focused on user Freedom, as it is indeed the only thing it could meaningfully address.
And even then, while the ideology stands on its own, the licenses exist solely as hacks to repurpose part of a malicious system to hinder other actors within that system for the benefit of users.
@lispi314 @ck @dalias @Mer__edith @signalapp You've completely misinterpreted what I said. There's a reason I mentioned the movement and nothing about licenses; I actually agree that licenses are an ineffective instrument beyond a narrow domain of usage. It's the advocacy and policies of the FOSS movement as a whole that have failed to live up to its rhetoric and contributed to the current dysfunctional order, and we need explicitly non-ancap/non-libertarian core tenets to fight that.
The movement which did get significantly off the ground is the *Open Source* movement that was expicitly pushed and promoted by corporations and their supporters specifically because it misses the point. Indeed Open Source is not truly liberatory and indeed it *doesn't* center user freedom at all. User freedom is so little of a consideration it has no mention in any of the criteria (https://opensource.org/osd/) used to recognize whether a license is Open Source.
@Mer__edith @ck @dalias @signalapp Are there any articles you would recommend reading to learn more about this, particularly that last point about the break from Free software to open source? I'd like to find out more about this.
@mhucka I think Netscape going open source is considered one of the defining moments, and the then founding of the Open Source Initiative (OSI).
Other people would know more than I would though.
Did you ever get any references?
It's difficult because there has been quite a lot written, so the story is rather diffusely spread, and of course the story continues.
@dzho Haven't seen anything. Still hoping …
ok, hold on to your hat, I'm not sure where I'll stop with the links, but there are several I want to be sure to include and might err on the side of too much
I'm going to start with a single link to pin down the widely acknowledged timepoint around which the free vs open split pivots
then I'm going to work backwards, at least at first, because there is some important recent context that might explain why some of us who care about the free vs open distinction enough to want to talk about it are loathe to refer to parts of the history at all
In a meeting February 3, 1998, Christine Peterson introduced the term "open source" in this context. Her account is here:
https://opensource.com/article/18/2/coining-term-open-source-software
this 20th anniversary retrospective was a welcome reset for discussions of the history because there have been so many people involved along the way, but only two people already mentioned in this thread tend to suck all of the air out of discussions, either through what they've said, or what gets said about them.
with that massive caveat out of the way, and an account of the introduction of the term "open source" in hand, I'll move forward by noting that any split has two sides.
After all, if everyone agreed the new term is better, there might be a change in direction, but not necessarily a divergence.
the FSF & RMS did not and do not agree, however
“Open source” is something different: it has a very different philosophy based on different values. Its practical definition is different too, but nearly all open source programs are in fact free. We explain the difference in Why “Open Source” misses the point of Free Software.
https://www.gnu.org/philosophy/free-sw.en.html
and thus was the split established
what muddles the history here is the extent to which either open source, or free software, or both together ("FOSS" tends to be a common compromise term for talking about them together) attract criticism from people who would have serious disagreements amongst themselves if their sights weren't already set on OSS, FS, or FOSS or particular aspects of any of these.
for example, this decade-old criticism of the movements disregard for the material circumstances facing folks excluded from participating and more fully benefitting sadly remains all too relevant:
https://www.ashedryden.com/articles?page=6&c=index&m=admin&pc_hash=
and yet here elsewhere in this thread @jollyrogue criticizes the fact that the FSF once sold tapes to fund its work.
that concern for material reality goes all the way back to the original GNU Manifesto
If I get donations of money, I may be able to hire a few people full or part time. The salary won't be high by programmers' standards, but I'm looking for people for whom building community spirit is as important as making money. I view this as a way of enabling dedicated people to devote their full energies to working on GNU by sparing them the need to make a living in another way.
(not going to link it: as bad as search is these days it isn't yet so bad that that can't be found. I can avoid another link)
Seeing the FSF-originated and -promoted General Public License (GPL) in particular cast as a tool of capitalism grates pretty hard against memories of when it was likened to communism:
I mean, it's not wrong so much as it misses the forest for the trees: We live under capitalism, surrounded by, suffused by, the tools of capitalism, not least the computing industry thoroughly and entirely.
So, this is what I mean: Open source arose because talking about freedom wasn't business friendly enough. But even that isn't business friendly enough and thus we have things like the Business Source Software License and other departures from FOSS licensing in a pro-capital direction, on the one hand.
On the other hand, free software turned out to be too free, so thus has arisen the Ethical Source movement and things like the Hippocratic License.
(ok, might leave it at that for the moment)
@dzho Thank you for that detailed and informative reply!
Have you written it up anywhere, by any chance? Seems like something worth sharing more widely than just a reply to me on Mastodon :-)
@Mer__edith I agree. The empire has struck back, and now it’s time for the FOSS rebels to regroup.
Conversations about anti-capitalistic or communistic licenses have happened a little bit, but no one with power is particularly sympathetic. 
@Mer__edith in light of all this, would Signal consider adding @unifiedpush support on Android?
I think the frustration in this thread comes from things like Signal having an feature request (https://community.signalusers.org/t/use-gcm-fcm-alternatives-for-notifications/10264) about this topic open for 4 years with 0 official response from the Signal team whatsoever in that time, and no indication that it'd ever even be considered until now when push notification privacy is in the news again.
Alternatively/additionally, will Signal consider adding periodic notifications (ping to wake up every 10-20 mins instead of instantly) like @simplex does to avoid metadata timing attacks?