ErnestThornhill
Apologies, didn't get that.
Why tf does Proton Mail need Google Play Services to show notifications?
- Edited
whew-zee Your concerns, along with the post from akc3n have convinced me to ditch the proton mail app and use Vanadium to access my proton and other mail accounts. So far so good - I realize that I do not get mail urgent enough to require notifications from the mail servers.
Somewhere on this P7P there should be a list of accounts which are known to Firebase Cloud Messaging (FCM which I think is the evil mentioned in
Can anyone point me to where I can delete any FCM linkage to PMail and others? Possibly I need to deactivate it in google services in the main account!?
foxjaw Whatever you see in the notification, Google sees that too.
foxjaw Notifications are never encrypted on both Android & Google.
Both of these statements are not really true.
(Just a note, I don't know about Apple's APN, so I won't comment on that)
FCM is a push messaging service, not a push notification service. When a message / "notification" comes in, the app is woken up and can process the notification and display something. Many apps/services send messages with empty data fields, like Signal. Apps/services can also elect to encrypt data in the data field. It all depends on their implementation.
Given that, an FCM message without extra personal data included will only allow Google to see very basic info, like time and which service is sending the message and to who.
But of course there's the flip side to this. Lazy app developers can just shove a bunch of plain text data into notification messages.
As for whether the apps/services in question really send personal info via plaintext in FCM messages, I really don't know, but I seriously doubt it. I'd suggest you read through the code in their apps that process notifications to know for sure.
I suggest you read through this page: https://firebase.google.com/docs/cloud-messaging/concept-options
You can reason these other aspects like security, encryption, etc all you want, except not answering the main question itself ? Did you guys even read the thread title ?
- Edited
foxjaw besides the fact email is inherently insecure and unless you're emailing another person ALSO with encrypted email using an encrypted email services is a giant waste of time and nothing more than security theatre, why use them at all if you don't even trust them in the smallest sense? Go use tuta.io if you want cessation from GFM
- Edited
Read through the first 5-10 posts carefully. The answer to the title is "because". What kind of answer would you prefer or expect from the GrapheneOS community? Unless someone has classified intel from the proton dev team and is willing to share it, we all have to rely on publicly available information which is "because they decided to do so".
Apparently you're well aware of the pros and cons of the current implementation and decided to stay away from it. Good on you! But I doubt the truth will reveal itself by repeating the same paragraphs over and over again in this discussion. In fact, you could reach out to Proton and ask then right away - and let us know their answer.
@N3rdTek I'm already on tuta as my primary mail & I have no issues with push notifications (also have protonmail), despite not having any google services (not even microg).
@Phead I apologise for repeating myself. I did read this thread thoroughly. I hope proton implements their own unified push service. As one of their dev replied on reddit that they're working on it.
whew-zee dont use Protonmail. They try to reinvent already existing things, locking you into their apps.
- Edited
@missing-root That's a different concern. All cloud services do this. Even tuta too. Not a big issue caz no one's restricting you to use of all their services. You're free to use only certain service & discard the rest.
Yes but if you are forced to use their fancy TLS instead or just regular TLS, you have to use their app.
A normal provider, even with enforced TLS (blocks mails that come without, and servers that dont support it) will work with K9mail or FairEmail
Push notifications have been exposed for being used as surveillance so somehow removing google play store notifications would be extremely useful from apps
https://www.theregister.com/2023/12/06/apple_google_push_notifications_surveillance/
This has been talked about here.
- Edited
missing-root
But Proton Mail supports IMAP. You can upgrade to any of their paid tier, get the support & enjoy your mails on any client. Tuta doesn't.
foxjaw Only for desktop through proton mail bridge.
- Edited
SoulKeeper Welp that's very restrictive. If you're on a de-googled system with proton as your daily mail, you have no choice then.
I thought it was still possible & was my choice of being a free user & not get IMAP support.
foxjaw It's better to just use Tutanota or sign up for Posteo.mailbox.org if you want IMAP. I do not like when a company that claims itself privacy focused still uses FCM to send push notification.
- Edited
SoulKeeper I personally don't care about IMAP when the mail service provides a good enough client (which I think tuta does).
It's only problematic when the service restricts other clients, as well as forces problematic backend like FCM (which I think proton does).
Atleast providing support for android clients could've been solved this issue.
foxjaw myself I don't consider this to be political. It could be another third party such as your grandma being able to read your push notifications. That's the core issue I see - that push notifications can be used as a means to intercept your message, so it makes me wonder when app developers claim to have implemented end to end encryption between messages are worth anything if push notifications can be read nonetheless
As of now, if the solution is for individual apps to implement their own code for push notifications it might be worth raising the issue with Proton Mail dev team directly / on support forums