Same

There’s also nothing saying they are even in the US. Or at this point even human

Or maybe it’s the governments dislike of VPNs being used to bypass surveillance

Gotcha. I misunderstood. I didn’t think it would be just that, because of course if they have your phone they have the contents. Signal encrypts end to end, but if they have the end device of course it isn’t encrypted.

I know about the setting. Why are you saying that information is sent to Google’s servers? As far as I have found, that information is only stored locally on your phone

Edit: If this is just about the fact it’s on the phone locally, of course if they have your actual phone they can see it. Signal is end to end encrypted, but it isn’t go to be encrypted on each end, otherwise you couldn’t read messages. Them getting your actual phone is very different from them intercepting the communication without you knowing

Source? I am not seeing anything about that. The only problem I have seen on Android is when applications use firebase for notifications, which is most play store apps to be fair, just no FDroid apps or some privacy preserving apps

You also don’t need to do this on Android unless you are concerned about random people seeing the messages on your screen. Signal on Android does not use Google’s push notification service

As I already replied om one of your other comments:

It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

Is is 100% because of firebase. Here is an example payload from firebases official document:

{
  "message":{
    "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...",
    "notification":{
      "title":"Portugal vs. Denmark",
      "body":"great match!"
    }
  }
}

https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type

Notification history is purely local to the device. It is not sent to any servers.

It’s not because of push notifications. the message is not sent to firebase, just a signal that the app should do a refresh.

Is is 100% because of firebase. Here is an example payload from firebases official document:

{
  "message":{
    "token":"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P1...",
    "notification":{
      "title":"Portugal vs. Denmark",
      "body":"great match!"
    }
  }
}

https://firebase.google.com/docs/cloud-messaging/customize-messages/set-message-type

Notification history is purely local to the device. It is not sent to any servers.

This is not always the same on Android. Any app from FDroid will not use Google’s push notification service because it is proprietary, meaning it violates the rules for FDroid. Signal does not use Google’s notification service

It’s worth noting apps can avoid this on Android: https://tuta.com/blog/google-push-alternative#alternatives-to-google-push

Any FDroid app cannot use Firebase for push notifications since it’s proprietary: https://forum.f-droid.org/t/firebase-allowed-in-fdroid-apps/7540

Not all, no. There are alternatives on Android:

The good news is that alternative methods for push notifications are available, namely SSE (Server Sent Events) and WebSockets.

Additionally, a new open source project, UnifiedPush is becoming increasingly popular. UnifiedPush is an open source, private alternative to Google for notifications.

https://tuta.com/blog/google-push-alternative#alternatives-to-google-push

Signal for android uses web sockets for notifications

The only way apple is seeing it is when the notification is displayed. It only sees the contents of the notification itself. So it would still see who sent you a message, but it wouldn’t say what it was

I always boil the water first, so i can’t speak to that portion. But what I do is add the boils to a sealed container with cold water. Then give it a good shake so that shells crack, but not so hard the eggs themselves are damaged. But after that the shells slide right off

Why link the fork of a fork in your original response?

Why NPMplus and not the default NPM?

There is a new story every week in Steve Gibson’s “Security Now” podcast about why you should virtually never open ports. And if you do, you’d better IP restrict. Even, or especially, in commercial products. Cisco has a new CVSS 10.0 every other week just about

That’s assuming it is in fact a credit card.

Depends on the country. .tv and .io don’t, though I know .io is shifting to disallow it

The ISP wouldn’t see your self hosted traffic. Not to mention many people don’t encrypt it if it’s on their own local network. And ISP tracking is becoming less successful with QUIC, Encrypted Client Hello, and DNS over HTTPS or DNS over TLS.