Enforcing Registration Requirement to Utilize Push Gateway

Actualy it does not. I have done so. and then I miss the manual part on the page. If I click the blue button again, I will be forwarded to the Rocket cloud login. When I enter the correct credentials, the login page just refreshes (It does seem to throw an invisible error).
When I login into the correct Rocket.cloud manually the workspace part is empty. So I can login to the account but something something is going wrong when connecting out of rocket.chat.

Found the “invisible error”: I get an 500 by the Server with this URL

Wich makes kind of sense, because that instance is not accessible by the internet.

When I click “disconnect”, I can only connect again via O-Auth wich does not work. The manual buttons will not reappear. :frowning:

Removed link for privacy. I’ll reply in DM so can help you more directly with specific account related things. :grin:

Publishing your own apps with custom push notification API keys, getting them into the app/play store and keeping them updated is quite the effort. Can’t you make the API keys configurable (maybe even getting them from the server), so it would be easy to use our own google/apple accounts?
If this is really just about your costs for running the API gateway, that should be a solution that can make many people happy.

what happened if i will not register my server?

The certificates are configurable at the Rocket.Chat instance side, you need to get yours, configure there and publish your apps compiled with them. Unfortunately, it’s not dynamic, there is no way other than compile the apps with the certificates, and we can’t share our certificates or anyone would be able to push notifications to our apps, that’s why we had to create the gateway. The registration enforcement is the way we found to protect our gateway against malicious users and provide a stable service for the real users. We will charge later to cover the infrastructure costs and prevent abuse of the service, or course it will be a revenue to keep improving the product and services as well.

If you rely on our push gateway (you are using our official mobile apps) the push notifications will stop working on Aug 14h. If you have your own mobile apps or you are not using mobile apps it will not affect you. Registering your server you receive the access to our Apps Marketplace as well to install plugins.

@rodrigo.nascimento
@aaron.ogle
@bradley.hilton
@gabriel.engel

Hello,

Could anyone from the rocket chat team address the privacy issues raised in my previous posts ?

Thank you.

Hello
I just tried to Register our self-hosted workspace, but when i copied the code from cloud rocket chat and pasted it, it showed “An error occured connecting”.
Then it registered our domain as “https://your-workspace-address”!! not our rocket chat server real domain
Then i tried to remove it from the cloud to register it again, the removal succeeded on the cloud dashboard, but keeps giving me “An error occurred syncing” on my workspace admin area when i click on disconnect and register.

Version 3.4.2

Help please?

Update: Click on Sync gives, An error occurred syncing


Update2: error back in the console shown is:

rocket.mydomain.com rocketchat-server.rocketchat-server[14326]: Failed to get AccessToken from Rocket.Chat Cloud. Error: oauth_unable_to_find_workspace

Which is logical, as i already deleted it from the cloud, but can’t delete it from my dashboard

Facing same issue, did you fix it and manage to re-register?

I am back at the system in 2 days, then I can try, but I think we have a solution.
I will get back at you when I tried.

1 Like

Hi, firstly I am sorry but I didn’t understand anything. If I did not register my rocket chat server on the cloud, my push notifications will be stopped. If I register the cloud with community edition, push notifications will be 5k, and I am not paying for 5k push notifications. And lastly, if I use 5001+ push notifications, I will be paid for this.

So if I understand this truth, I have a lot of questions. What should I pay extra push notifications? Push notifications settings is will be limited? I just want to limit my push notifications. If I use 5k push notifications, by notifications will be stopped for another month. I don’t want to pay extra push notifications. So I don’t want to pay extra costs.

@rodrigo.nascimento
@aaron.ogle
@bradley.hilton
@gabriel.engel

Hello,

I am still waiting for a clarification regarding the leakage of all our private messages to your Gateway and Google/Apple.

I came across this PR, which seems to confirm that up until now our messages have been sent to third parties without us ever accepting your privacy policy.

I think the community deserves to know if our trust in your service has been misplaced and if our privacy has been violated.

1 Like

Are the Push Notifications SSL/TLS encrypted from the RocketChat server until they reach the mobile clients?

Hi @SomeGuy

Push notifications are only sent if the push notification gateway is activated in the workspace settings, a message qualifies for being a push notification AND if users use mobile clients to receive that push notification. Claiming that all private messages have been leaked is not true. A push notification has to go via some third party gateway to reach the mobile clients. Both allowing users to use mobile clients and utilizing push notifications are settings that the workspace admin has to decide upon before opening up his server to his users, no one is forced to. And every admin wanting to use push notifications without his own gateway has to employ a third party. That is how the technology works. It is no secret and therefore no leakage. We provide such a gateway as a service for the benefit of RC users and admins that want to use it. Our privacy policy is transparent that we further use Apple and Google PN gateways. As stated above, PN content is also not analyzed or saved, but merely passed through the gateway and deleted once delivered.

To make this even clearer for new workspaces, the referenced PR disables the push notification for nonregistered workspaces and adds a helping banner. To continue using push notifications via our gateway, workspaces have to register and accept the privacy policy. We value both your and the other feedback in this thread which is why we made the PR to aid admins in understanding better the conditions of using our gateways. We hope you can understand our position here.

Hello and thank you for your reply.

I understand the way push notifications work.
My concern is that, as far as I can tell, the push notification gateway is enabled by default (at least via the snap package).

Consider the following scenario :

  • I set up a new private instance on a physical private server at home
  • I do not register it (and therefore do not accept your privacy policy, the option is even greyed out!)
  • Not knowing that Push Notifications are enabled, I do not explicitly disable them
  • One of my contacts decides to download the Rocket Chat App on the Play Store
  • All the messages this user has access to are now sent to your Gateway and Google/Apple.

The real problem is that unless one is familiar with Rocket Chat, it may not be obvious that this is what’s going on (until August 14 that is), with the default settings. One would assume that the whole point of hosting a private chat server is to keep the messages private. Therefore Push Notifications should have been disabled by default.

I wonder how many users who host a modest private server like me are aware that their messages have been sent to third parties. Perhaps I am too naive but I usually associate open source projects with respect for privacy so I did not bother looking through all the options, assuming that the default configuration was safe. If I need to read privacy policies and dig through many pages of settings to make sure my privacy is respected, I might as well use a proprietary solution.

And talking about your privacy policy, even if I trust you do not store or analyze the messages (what about Google/Apple??), there is always a possibility that your servers might be compromised at any time. Such a risk would have to be weighed when one decides to enable push notifications, therefore reaffirming my previous point that it should have been an opt-in option, not opt-out.

Thank you.

1 Like

Is the Push Gateway Hipaa compliant?

Thanks, Peter

Registration is not working - Error:An error occured! Request ID: 6996c2bd-21ef-4af0-b85d-a5e7065f5bf8

Looks like its saying invalid email. Could you DM me the email trying to use so I can see why its not passing the email validator?

We provide the controls in your own Rocket.Chat installation to aid you in being hipaa compliant and I believe the newest enterprise version actually contains a feature that makes it even easier for you to get HIPAA compliant.

HIPAA compliance is an odd thing. Anyone can claim compliance of a tool they provide you. But really until you configure it and run your own HIPAA compliance checks… I’ve seen people use “HIPAA compliant” tools in none HIPAA compliant ways.

If interested in HIPAA compliance with Rocket.Chat i’d recommend you get in contact with the sales team to have a discussion about this.

Hi Aaron,

thanks a lot for your reply - but there’s one issue - where is the button to DM you? :smile: i don’t find it :smile:

my emailaddress is also listed in the profile, which i’m trying to use for the registration.

BR

Sent DM :slight_smile: