bisq
bisq copied to clipboard
bisq-network
bisq mobile notifications should NOT rely on "google play services"
The fact that this app relies on google play notifications is a big no for privacy. Users using lineage without GAPPS or users not using GAPPS period causes bisq notifications to not work correctly or/and is unusable.
This app needs its own push notifications socket as a fallback if user does not have GAPPS on the phone. Please consider for the privacy of users.
I think push notifications are not possible without the Google or Apple services. Data is encrypted, but of course those companies learn about the fact that you use Bisq. As it is an optional tool I don't consider it that critical. But if you have ideas how to implement that without those companies would be good! @joachimneumann is the developer of the notifications.
How tutanota replaced GCM: https://f-droid.org/en/2018/09/03/replacing-gcm-in-tutanota.html . Not sure if it's useful here.
Thanks @marcosdsanchez
Replacing Firebase Cloud Messaging with a different notification mechanism would indeed be very nice and could provide much better privacy.
However, the Bisq nodes communicate exclusively over the Tor hidden services and the Server-Sent Events which are mentioned in the Tutanota blog post would not work over Tor - at least as far as I could see. We could build our own notification mechanism (over Tor), but this is quite difficult in iOS. In Android, it is possible but it would still be a lot of work.
We should probably add a warning message to the App users about the privacy compromise they are making when using the iOS or Android App, would you agree?
@joachimneumann, Signal messaging app has also made their own push notifications as fallback if user does not have GCM/google play services
More info here: https://github.com/signalapp/Signal-Android/commit/1669731329bcc32c84e33035a67a2fc22444c24b I hope that link is of some help.
A working apk without google would be cool. Just tried to use the apk notification tool on lineage but it doesn't work. If pushing isn't working would there be a solution that the android app pulls information from the bisq app? Thanks.
Re/ OP: probably not easily avoidable, but what apps should be doing is WARN the user what the dangers of push messaging are. It's really non-obvious unless you are a native app developer who has implemented this before and knows what identifiers are exchanged and when.
A suggestion: why not take a step back in the process and instead of providing people the whole mobile app, relying on Google Play Services make the Bisq App simply make an HTTP request configurable in it?
This way anyone can set up a webhook to listen to this HTTP request and use whichever methods they deem relevant for delivering the notification instead of a) relying on a mobile app with Google Play Services and plus b) Bisq does not need to endorse nor develop/keep up to date, the mobile apps themselves.
Even users that aren' t technical can set up a webhook with zapier and such no-code tools.
I use Graphene OS and find it quite annoying that the Bisq UX is so poor in the notifications regard. Some notes on how the experience could be:
- user goes to Account > Notifications tab
- the Setup Section has a couple of simple fieds to configure the HTTP request (endpoint URL & auth token if any)
- Save button & Send Test notification button
And that's it, Bisq's development responsibility ends here and in providing some documentation as to how to set this up. I as the user can now get bisq notifications in the form of a Telegram bot, Matrix bot, even a postcard if I want.
I do wonder (and I'm ignorant about it) if clearnet http requests can be made from within the bisq client directly or if they need to be sent to seed nodes in order to move from onion to clearnet
Let me know what you think, @joachimneumann !
Thanks everyone,
I'd really love to see bisq notifications again in my Graphene phone :) and I'm confident I'm not the only one
On a Different note: the workaround I'm using now is that I set up a dumb Android phone with bisq that stays near my PC and put IFTTT on it. Whenever a notification from bisq arrives it sends me a private message over to a private telegram group I have with just myself and the IFTTT bot
Another example: the Session private messaging app offers two options for notifications, background polling and Firebase Cloud Messaging. The background polling method is described as "slow mode" (in contrast to FCM's "fast mode"), it runs in the background and periodically polls service nodes for new messages.
If Bisq could do some kind of background polling this would mean that notifications would be usually slower depending on the polling durations used. Also apps that are configured to continuously do background polling usually increase battery usage (I have noticed this with Session app configured in "slow mode").
But in any case Bisq app could also offer different options for notifications to its users.
Thanks for the example. I have been considering this recently and am thinking the best solution is a background polling method that directly polls the Bisq client over Tor. I agree that notifications would be delayed and it would potentially affect battery life, but without Google Services this is likely an acceptable compromise.
Hello. Signal has own socket as well as Whatsapp and Telegram. I do not have gapps and I even could not get past first screen.
Hodlhodl has very nice notifications to Telegram - if you use that, the app would not be needed.
