Hello and thank you for your reply.
I understand the way push notifications work.
My concern is that, as far as I can tell, the push notification gateway is enabled by default (at least via the snap package).
Consider the following scenario :
- I set up a new private instance on a physical private server at home
- Not knowing that Push Notifications are enabled, I do not explicitly disable them
- One of my contacts decides to download the Rocket Chat App on the Play Store
- All the messages this user has access to are now sent to your Gateway and Google/Apple.
The real problem is that unless one is familiar with Rocket Chat, it may not be obvious that this is what’s going on (until August 14 that is), with the default settings. One would assume that the whole point of hosting a private chat server is to keep the messages private. Therefore Push Notifications should have been disabled by default.
I wonder how many users who host a modest private server like me are aware that their messages have been sent to third parties. Perhaps I am too naive but I usually associate open source projects with respect for privacy so I did not bother looking through all the options, assuming that the default configuration was safe. If I need to read privacy policies and dig through many pages of settings to make sure my privacy is respected, I might as well use a proprietary solution.