Enforcing Registration Requirement to Utilize Push Gateway

Its there :see_no_evil: It does seem the contrast is pretty hard tell its an action button

image

Let me bring this up with design, this for sure should be changed

I did not see that at all with that contrast. I did not even see the Password and E-Mailadress. Sry old fart need glasses…oh I have. :see_no_evil:

1 Like

Hello, how can I reset the connectivity services in rocket chat and re-token it? I made the error of connecting the wrong instance with the wrong account. As those are different companies I don’t want them intertwined in any wich way. Deleteing the service in the cloud.rocketchat and disconnecting did not seem to do the trick, as it always wants to reconnect with the wrong account. I also don’t want to reset Rocket.Chat as a whole because its 3 years of devs conversation stored. Please help.

Login to the account you want to unlink from on https://cloud.rocket.chat click the 3 dots on right side and delete.

Then in connectivity services hit sync. It’ll realize it’s been de-registered when it tries to talk and then allow you to enter a token again.

Then you can link with the appropriate account.

Actualy it does not. I have done so. and then I miss the manual part on the page. If I click the blue button again, I will be forwarded to the Rocket cloud login. When I enter the correct credentials, the login page just refreshes (It does seem to throw an invisible error).
When I login into the correct Rocket.cloud manually the workspace part is empty. So I can login to the account but something something is going wrong when connecting out of rocket.chat.

Found the “invisible error”: I get an 500 by the Server with this URL

Wich makes kind of sense, because that instance is not accessible by the internet.

When I click “disconnect”, I can only connect again via O-Auth wich does not work. The manual buttons will not reappear. :frowning:

Removed link for privacy. I’ll reply in DM so can help you more directly with specific account related things. :grin:

Publishing your own apps with custom push notification API keys, getting them into the app/play store and keeping them updated is quite the effort. Can’t you make the API keys configurable (maybe even getting them from the server), so it would be easy to use our own google/apple accounts?
If this is really just about your costs for running the API gateway, that should be a solution that can make many people happy.

what happened if i will not register my server?

The certificates are configurable at the Rocket.Chat instance side, you need to get yours, configure there and publish your apps compiled with them. Unfortunately, it’s not dynamic, there is no way other than compile the apps with the certificates, and we can’t share our certificates or anyone would be able to push notifications to our apps, that’s why we had to create the gateway. The registration enforcement is the way we found to protect our gateway against malicious users and provide a stable service for the real users. We will charge later to cover the infrastructure costs and prevent abuse of the service, or course it will be a revenue to keep improving the product and services as well.

If you rely on our push gateway (you are using our official mobile apps) the push notifications will stop working on Aug 14h. If you have your own mobile apps or you are not using mobile apps it will not affect you. Registering your server you receive the access to our Apps Marketplace as well to install plugins.

@rodrigo.nascimento
@aaron.ogle
@bradley.hilton
@gabriel.engel

Hello,

Could anyone from the rocket chat team address the privacy issues raised in my previous posts ?

Thank you.

Hello
I just tried to Register our self-hosted workspace, but when i copied the code from cloud rocket chat and pasted it, it showed “An error occured connecting”.
Then it registered our domain as “https://your-workspace-address”!! not our rocket chat server real domain
Then i tried to remove it from the cloud to register it again, the removal succeeded on the cloud dashboard, but keeps giving me “An error occurred syncing” on my workspace admin area when i click on disconnect and register.

Version 3.4.2

Help please?

Update: Click on Sync gives, An error occurred syncing


Update2: error back in the console shown is:

rocket.mydomain.com rocketchat-server.rocketchat-server[14326]: Failed to get AccessToken from Rocket.Chat Cloud. Error: oauth_unable_to_find_workspace

Which is logical, as i already deleted it from the cloud, but can’t delete it from my dashboard

Facing same issue, did you fix it and manage to re-register?

I am back at the system in 2 days, then I can try, but I think we have a solution.
I will get back at you when I tried.

1 Like

Hi, firstly I am sorry but I didn’t understand anything. If I did not register my rocket chat server on the cloud, my push notifications will be stopped. If I register the cloud with community edition, push notifications will be 5k, and I am not paying for 5k push notifications. And lastly, if I use 5001+ push notifications, I will be paid for this.

So if I understand this truth, I have a lot of questions. What should I pay extra push notifications? Push notifications settings is will be limited? I just want to limit my push notifications. If I use 5k push notifications, by notifications will be stopped for another month. I don’t want to pay extra push notifications. So I don’t want to pay extra costs.

@rodrigo.nascimento
@aaron.ogle
@bradley.hilton
@gabriel.engel

Hello,

I am still waiting for a clarification regarding the leakage of all our private messages to your Gateway and Google/Apple.

I came across this PR, which seems to confirm that up until now our messages have been sent to third parties without us ever accepting your privacy policy.

I think the community deserves to know if our trust in your service has been misplaced and if our privacy has been violated.

Are the Push Notifications SSL/TLS encrypted from the RocketChat server until they reach the mobile clients?

Hi @SomeGuy

Push notifications are only sent if the push notification gateway is activated in the workspace settings, a message qualifies for being a push notification AND if users use mobile clients to receive that push notification. Claiming that all private messages have been leaked is not true. A push notification has to go via some third party gateway to reach the mobile clients. Both allowing users to use mobile clients and utilizing push notifications are settings that the workspace admin has to decide upon before opening up his server to his users, no one is forced to. And every admin wanting to use push notifications without his own gateway has to employ a third party. That is how the technology works. It is no secret and therefore no leakage. We provide such a gateway as a service for the benefit of RC users and admins that want to use it. Our privacy policy is transparent that we further use Apple and Google PN gateways. As stated above, PN content is also not analyzed or saved, but merely passed through the gateway and deleted once delivered.

To make this even clearer for new workspaces, the referenced PR disables the push notification for nonregistered workspaces and adds a helping banner. To continue using push notifications via our gateway, workspaces have to register and accept the privacy policy. We value both your and the other feedback in this thread which is why we made the PR to aid admins in understanding better the conditions of using our gateways. We hope you can understand our position here.

Hello and thank you for your reply.

I understand the way push notifications work.
My concern is that, as far as I can tell, the push notification gateway is enabled by default (at least via the snap package).

Consider the following scenario :

  • I set up a new private instance on a physical private server at home
  • I do not register it (and therefore do not accept your privacy policy, the option is even greyed out!)
  • Not knowing that Push Notifications are enabled, I do not explicitly disable them
  • One of my contacts decides to download the Rocket Chat App on the Play Store
  • All the messages this user has access to are now sent to your Gateway and Google/Apple.

The real problem is that unless one is familiar with Rocket Chat, it may not be obvious that this is what’s going on (until August 14 that is), with the default settings. One would assume that the whole point of hosting a private chat server is to keep the messages private. Therefore Push Notifications should have been disabled by default.

I wonder how many users who host a modest private server like me are aware that their messages have been sent to third parties. Perhaps I am too naive but I usually associate open source projects with respect for privacy so I did not bother looking through all the options, assuming that the default configuration was safe. If I need to read privacy policies and dig through many pages of settings to make sure my privacy is respected, I might as well use a proprietary solution.

And talking about your privacy policy, even if I trust you do not store or analyze the messages (what about Google/Apple??), there is always a possibility that your servers might be compromised at any time. Such a risk would have to be weighed when one decides to enable push notifications, therefore reaffirming my previous point that it should have been an opt-in option, not opt-out.

Thank you.

1 Like

Is the Push Gateway Hipaa compliant?

Thanks, Peter

Registration is not working - Error:An error occured! Request ID: 6996c2bd-21ef-4af0-b85d-a5e7065f5bf8