I was surprised how easy it was to integrate. I'm on GrapheneOS/FDroid. I installed the ntfy app and connected it to my ntfy server. I wanted to set it up for Tusky (Mastodon app). I was confused about the lack of instructions. What do I set on Tusky? What do I set on all my Mastodon servers? It turned out there were no instructions. I was already configured for Tusky. Tusky found the ntfy app, got my ntfy server's URL from it, and passed it on to the Mastodon servers.<p>Now, I actually think this is a little <i>too</i> easy. What if I want to keep my ntfy server private for certain at-home uses? But still, very impressive. Element does it right, it at least asks you when you open the app (or it's in a setting or something). But I think UnifiedPush or ntfy instructions should make these steps more clear (or I failed to find it), even if just to say "it's actually that easy" to save our time looking.<p>BTW I'm working on porting ntfy to Sandstorm. Already works, I just have a handful of loose ends.
It's worth noting that there are self-hostable XMPP-based implementations for this: <a href="https://unifiedpush.org/users/distributors/conversations/" rel="nofollow">https://unifiedpush.org/users/distributors/conversations/</a><p>What is old is new again (Google used XMPP for Android Push Notifications before they switched to something else).
If this encourages more open source applications to use standards and an open source library for push notification,that's quite cool. Extra bonus if it allows users not to rely on Google server.
> Regarding iOS, they have made some progress in adopting webpush, but it does not seem possible to push for mobile applications with it yet.<p>This is a key point right at the very end. It has always been much easier to implement push notifications to Android devices, even when only Web Push is implemented.
Google has been the main force behind the adoption of PWAs as Native apps on devices, even by immediately showing a "Install this app?" popup when navigating to a PWA-enabled website/web app.<p>iOS permits "Installing to home screen" but there is no popup shown natively, nor any indication from the OS that the website you're visiting is a PWA. The user has to go through several steps to add the app to his device.<p>Once it is added, it's possible for the device to receive web push notifications and show them as native push notifications (IIRC), even with the app is closed, however the reliability is inconsistent. Sometimes you get them, sometimes you don't. At least that was my experience still about 6 months ago when I tried implementing web push with PWA for iOS.<p>I gave up trying to go the pure PWA route and instead wrapped my web app with PWABuilder into a native app, and went through the whole process of submitting to the App Store, getting APN, registering the web app in Firebase, then sending the push notifications to the native app via Firebase Messaging. Works great then, but it's a lot more work than keeping everything simply as a web app and using web push.
Push notifications are a powerful concept, but I feel like their potential has been stifled by Google's and Apple's near-total control over them on their respective OSes.<p>And while I'm not fun of heavy-handed government intervention, I hope the EU compels both companies to adopt a more open approach; provided that security remains uncompromised.
If I understand the notifications flow correctly: a device (typically mobile phone) will get a "registration" with a "push url" from its platform/provider (eg android/google or iphone/apple), which it hands to an application server (eg IMAP server), which then uses that to send notifications to the push url, "authenticating" with vapid. And due to vapid, no special account/preregistration is required for the application server to talk to the provider, hence decentralized (good!). The platform/provider behind the push url makes the notification appear at the device. It is quite a complicated way to get a message from server to device...<p>The post says it is about Android. But I'm online searches turns up documents about VAPID at apple/ios. Will it work there too? What about other platforms (eg non-google android-likes)?
So would I be correct to say the distributor is a a 3rd party "satellite" app, that your app pulls from and the notification server pushes to? So end users would need to install this distributor app in addition to your own app?
In this direct to FCM model, does the application running on the untrusted user's device need to embed any sensitive credentials?<p>What prevents someone else from impersonating my app or other users on my app?
Quick note that this is for Android and gets rid of the centralized gateway talking to the centralized Google service. Leaving only the centralized Google service. There's no decentralized way to get a push notification onto a Google/Android phone. Except perhaps if you hack something up using EAS.
This looks very over engineered and complicated, we don't need more push notifications.<p>Just use or improve upon email or RSS (recommended).<p>It's anonymous, fast, privacy friendly (no device registrations or whatever), open and already decentralised so no need for anything else.