As far as I understand it, a client app using UP to recieve push notifications does perform a registration step with the UP gateway (via the distributor app which communicates with the gateway via its own transport), which sets up and responds with the api endpoint details, which the client app relays to its servers, which can then send UP notifications via the specified gateway.

So, if there was to be encryption done by UP, it would be handled by the gateway? For example, for Matrix, it would then be handled by the Matrix gateway in Ntfy [1]?

Yeah, I was doing some more reading and I think it might only be the newest version of the UnifiedPush spec which requires the message to be encrypted.

The question I would then have is: Who would be responsible for updating their system to support this (ie the Unified Push encryption)? Say if we, for example, look at Matrix. Would Matrix need to modify their notification API? Would the Matrix gateway in Ntfy need to be modified? Would some other component of Ntfy be modified? Would the distributor app need to be modified? Would the end-user application need to be modified?

https://www.politifact.com/article/2023/mar/31/no-evidence-growing-trend-trans-radicalization-or/

Thank you for the source! One critique that I have of it is that, while it does state that trans people are 4 times more likely than cis people to be victims of violent crime [1], it doesn’t appear to answer the question of rates of perpetrating violent crime between trans and cis people — well, aside from conjecture [2][3].

I never heard of one shooting up a school church or whatever.

First off, one must be very careful of generalizing to an entire group from the actions of a small sample [1]. Using the metric of whether there have been trans people who have engaged in mass shootings is quite reductionist, and is a faulty generalization — if I am to interpret what you said to mean that “conservatives” are “against” all trans people because they think that they are all responsible for “shooting up” schools and churches. Second, to address your belief, to my knowledge, there has been at least one instance of a school shooter being trans [2].

Why does it seem most people, mainly conservatives, against Trans people?

I think it’s important to establish the validity of the claim, and the assumptions being made, since you cited no sources, nor did you provide any definitions, nor did you specify any assumptions; I will presume that by “conservative”, you are referring to American Republicans.

Why does it seem most people […][are] against Trans people?

It does not appear that “most people” (I assume you mean “the majority of people”) are “against trans people” (I’m not entirely sure exactly what you mean by this, so I will assume it means not being in favor of protecting trans people from discrimination) [1.2][1.1].

Why does it seem […] conservatives […][are] against Trans people?

It does seem that the majority of Republicans are against trans protections [1.1].

ADDENDUM (2024-11-23T06:49Z): Could someone who’s downvoting this please tell me why they are doing so? I’m rather confused about what the rationale could be. I didn’t even state any opinions; I was only fact checking. Was I perhaps too abrasive sounding? I wasn’t intending to be rude.

I know I can post and be the change I seek.

Imo, this is your answer. I’m not sure exactly what other solution you want. Content will not appear on Lemmy without someone first posting it. Advertising the platform to help draw people in is also important.

I enabled logging in the Ntfy app, and, upon receiving a message in Element X, it showed the Matrix notification push message in plain text in the logs. If Ntfy indeed doesn’t know anything about Unified Push and is just the medium through which a Unified Push message travels, then I would think that it wouldn’t be the service decrypting the message, yet it is decrypted in the logs.

So, in this image, if the application server, the push server, and the distributor app have nothing to do with Unified Push, then where exactly does it come into play? What exactly is it doing? I was of the belief that Unified Push standardized the notification communication protocol with the application server, replacing things like Google Firebase (which, iiuc, is equivalent to the push server in the above diagram, and the distributor app being built into the phone — ie Android). What’s also confusing me in all this is what exactly a push gateway is doing. Ntfy, for example, implemented a Matrix Gateway [1][2], but I’m not exactly sure the point of that if it’s not doing anything with Unified Push (Matrix uses it’s own push API [3])

So, for example, if one were to register Unified Push notifications with Matrix using Ntfy, the creation of the encrypted Unified Push notifications would be done by the Matrix Unified Push Gateway which then gets handed off to Ntfy? Is there a way to confirm that the received notification is indeed encrypted?

TL;DR: I blame FPTP.

Hm, I’d argue that this is a byproduct of the spoiler effect — I think it’s due to strategic voting. I think that it’s likely not due to people consciously voting against their own interests to benefit the rich (assuming that they indeed do this ­— ie that voting to benefit the rich is against their interests), but instead that the entities that support these sorts of beliefs, also tend to align with other beliefs that are more important to the voters, and “benefiting the rich”, while possibly perceived negatively, is a sacrifice that the voters are willing to make.

Yes, they can read the data.

Isn’t this contradicting the Unified Push spec? It states:

Push message: This is an array of bytes (ByteArray) sent by the application server to the push server. The distributor sends this message to the end user application. It MUST be the raw POST data received by the push server (or the rewrite proxy if present). The message MUST be an encrypted content that follows RFC8291. Its size is between 1 and 4096 bytes (inclusive). [1]

Isn’t this contradicting the Unified Push spec? It states:

Push message: This is an array of bytes (ByteArray) sent by the application server to the push server. The distributor sends this message to the end user application. It MUST be the raw POST data received by the push server (or the rewrite proxy if present). The message MUST be an encrypted content that follows RFC8291. Its size is between 1 and 4096 bytes (inclusive). [1]

What’s interesting, and is confusing me about this, is that Ntfy does not adhere to this [1]. I’m not sure how this can be.

The app that wants to provide the notifications would then be said to use UnifiedPush, right?

I will preface by saying that I am not casting doubt on your claim, I’m simply curious: What is the rationale behind why it would be so unlikely for such an exploit to occur? What rationale causes you to be so confident?

Looks like a Fractal Node 304?

Yep! I’ve found that the case is possibly a little too cramped for my liking — I’m not overly fond of the placement of the drive bay hangars — but overall it’s been alright. It’s definitely a nice form factor.

It wasn’t a deliberate choice. It was simply hardware that I already had available at the time. I have had no performance issues of note as a result of the hardware’s age, so I’ve seen no reason to upgrade it just yet.

Main Server

Services

• Jellyfin
• FreshRSS
• Borg
• Immich
• Nextcloud AIO
• RSS-Bridge

Hardware

• CPU: Intel Core i5-4460
• GPU: Nvidia GeForce GTX 760
• Memory: Kingston KHX1600C10D3/8G (8GB DDR3-1600)
• Motherboard: ASUS H81I-PLUS

OS

• Ubuntu 22.04.5 LTS

Reverse Proxy

Services

• Caddy

Hardware

• Rasbperry Pi 4 Model B Rev 1.5 (2GB)

OS

• Debian 12

Router

Hardware

• TP-Link Archer C7 AC1750

OS

• OpenWRT 23.05.5

For clarity, I’m not claiming that it would, with any degree of certainty, lead to incurred damage, but the ability to upload unvetted content carries some degree of risk. For there to be no risk, fedi-safety/pictrs-safety would have to be guaranteed to be absolutely 100% free of any possible exploit, as well as the underlying OS (and maybe even the underlying hardware), which seems like an impossible claim to make, but perhaps I’m missing something important.

HA, “broligarchy” 😆