Yeah, I was doing some more reading and I think it might only be the newest version of the UnifiedPush spec which requires the message to be encrypted.

• https://codeberg.org/UnifiedPush/specifications/pulls/1
• https://github.com/binwiederhier/ntfy-android/pull/98
• https://codeberg.org/iNPUTmice/Conversations/issues/428

I noticed that the examples given on https://codeberg.org/iNPUTmice/up/src/branch/master/README.md are unencrypted.

I mean ntfy’s primary purpose is not dependent on UnifiedPush – all UP functionality could be removed and ntfy would still work as intended.

Ntfy server knows how to be a UP gateway, and relays those messages to the ntfy app, which knows how to be a UP distributor.

As far as I understand it, a client app using UP to recieve push notifications does perform a registration step with the UP gateway (via the distributor app which communicates with the gateway via its own transport), which sets up and responds with the api endpoint details, which the client app relays to its servers, which can then send UP notifications via the specified gateway.

You could have a look at the messages ntfy is passing around using its trace function: https://docs.ntfy.sh/troubleshooting/

It doesn’t matter. Even if the ntfy message was plaintext, that plaintext content would be a UnifiedPush “Push message” which is the RFC8291-encrypted raw POST data.

Not really. “Use” isn’t a well defined word in this context.

The ntfy server/client and the protocol it uses is merely the conduit for the UnifiedPush protocol. Sort of like how tls or ssl are a conduit for http.

In its typical primary use, ntfy is unrelated to UnifiedPush.

yeah. rat lungworm.

a private DNS server that only has records from your local services would at least prevent apps from reaching out as long as they aren’t smart enough to fall back to an IP address if DNS fails.

Yes, this. It’s important that your local DNS server does not even forward queries from the isolated subnet to external DNS, because these queries (and responses) can contain information. (“DNS tunneling”).

What will this mean for Lemmy instances? XMPP servers? Email servers?

What if a 15 year old runs their own personal Mastodon server? LoL this is gonna be yet another entertaining Australian government shitshow.

I think a lot of comments have missed that ntfy.sh does not use UnifiedPush, the ntfy server is a UnifiedPush provider and the ntfy app is a UnifiedPush distributor.

Regarding encryption of the push message, from https://unifiedpush.org/developers/spec/android/ :

Push message: This is an array of bytes (ByteArray) sent by the application server to the push server. The distributor sends this message to the end user application. It MUST be the raw POST data received by the push server (or the rewrite proxy if present). The message MUST be an encrypted content that follows RFC8291. Its size is between 1 and 4096 bytes (inclusive).

Jojo Rabbit is a good one.

Huh:

Arkenfox is a tool to assist setting up stock Firefox.

ffs, every time someone from a community group asks me “Can you have a quick look at our basic website, we just need to change <reallySimpleThing>”, and I’m like “sure, i used to do web development, let’s have a look […] FFFFFFUUUUUC…”

“Current AI models cannot forget data they were trained on, even if the data was later removed from the training data set,” Han’s report said.

Bullshit. You delete the entire model and start again.

x.x.x.x))<ICMP>((1.1.1.1

Potatoes 🥔🧂🍟

No worries. The situation I was describing is indeed absurd and defies reasonable expectations.

Ah, that’s good then.

In Australia you really only need a name and date of birth and ID such as a passport or driving license number of the owner. No physical or even photographic proof. Some phone companies send the original sim a notification before moving it, but no response is required and moving the number often only takes 10~30mins.

Banks in Australia commonly use sms codes as 2fa.

A large percentage (20~30%?) of adult Australians have had their ID details leaked in recent years because there are no adequately enforced security requirements or data-retention limits. One of the largest breaches was the second largest mobile phone provider…