Enforcing Registration Requirement to Utilize Push Gateway

Facing same issue, did you fix it and manage to re-register?

I am back at the system in 2 days, then I can try, but I think we have a solution.
I will get back at you when I tried.

1 Like

Hi, firstly I am sorry but I didn’t understand anything. If I did not register my rocket chat server on the cloud, my push notifications will be stopped. If I register the cloud with community edition, push notifications will be 5k, and I am not paying for 5k push notifications. And lastly, if I use 5001+ push notifications, I will be paid for this.

So if I understand this truth, I have a lot of questions. What should I pay extra push notifications? Push notifications settings is will be limited? I just want to limit my push notifications. If I use 5k push notifications, by notifications will be stopped for another month. I don’t want to pay extra push notifications. So I don’t want to pay extra costs.

@rodrigo.nascimento
@aaron.ogle
@bradley.hilton
@gabriel.engel

Hello,

I am still waiting for a clarification regarding the leakage of all our private messages to your Gateway and Google/Apple.

I came across this PR, which seems to confirm that up until now our messages have been sent to third parties without us ever accepting your privacy policy.

I think the community deserves to know if our trust in your service has been misplaced and if our privacy has been violated.

1 Like

Are the Push Notifications SSL/TLS encrypted from the RocketChat server until they reach the mobile clients?

Hi @SomeGuy

Push notifications are only sent if the push notification gateway is activated in the workspace settings, a message qualifies for being a push notification AND if users use mobile clients to receive that push notification. Claiming that all private messages have been leaked is not true. A push notification has to go via some third party gateway to reach the mobile clients. Both allowing users to use mobile clients and utilizing push notifications are settings that the workspace admin has to decide upon before opening up his server to his users, no one is forced to. And every admin wanting to use push notifications without his own gateway has to employ a third party. That is how the technology works. It is no secret and therefore no leakage. We provide such a gateway as a service for the benefit of RC users and admins that want to use it. Our privacy policy is transparent that we further use Apple and Google PN gateways. As stated above, PN content is also not analyzed or saved, but merely passed through the gateway and deleted once delivered.

To make this even clearer for new workspaces, the referenced PR disables the push notification for nonregistered workspaces and adds a helping banner. To continue using push notifications via our gateway, workspaces have to register and accept the privacy policy. We value both your and the other feedback in this thread which is why we made the PR to aid admins in understanding better the conditions of using our gateways. We hope you can understand our position here.

Hello and thank you for your reply.

I understand the way push notifications work.
My concern is that, as far as I can tell, the push notification gateway is enabled by default (at least via the snap package).

Consider the following scenario :

  • I set up a new private instance on a physical private server at home
  • I do not register it (and therefore do not accept your privacy policy, the option is even greyed out!)
  • Not knowing that Push Notifications are enabled, I do not explicitly disable them
  • One of my contacts decides to download the Rocket Chat App on the Play Store
  • All the messages this user has access to are now sent to your Gateway and Google/Apple.

The real problem is that unless one is familiar with Rocket Chat, it may not be obvious that this is what’s going on (until August 14 that is), with the default settings. One would assume that the whole point of hosting a private chat server is to keep the messages private. Therefore Push Notifications should have been disabled by default.

I wonder how many users who host a modest private server like me are aware that their messages have been sent to third parties. Perhaps I am too naive but I usually associate open source projects with respect for privacy so I did not bother looking through all the options, assuming that the default configuration was safe. If I need to read privacy policies and dig through many pages of settings to make sure my privacy is respected, I might as well use a proprietary solution.

And talking about your privacy policy, even if I trust you do not store or analyze the messages (what about Google/Apple??), there is always a possibility that your servers might be compromised at any time. Such a risk would have to be weighed when one decides to enable push notifications, therefore reaffirming my previous point that it should have been an opt-in option, not opt-out.

Thank you.

1 Like

Is the Push Gateway Hipaa compliant?

Thanks, Peter

Registration is not working - Error:An error occured! Request ID: 6996c2bd-21ef-4af0-b85d-a5e7065f5bf8

Looks like its saying invalid email. Could you DM me the email trying to use so I can see why its not passing the email validator?

We provide the controls in your own Rocket.Chat installation to aid you in being hipaa compliant and I believe the newest enterprise version actually contains a feature that makes it even easier for you to get HIPAA compliant.

HIPAA compliance is an odd thing. Anyone can claim compliance of a tool they provide you. But really until you configure it and run your own HIPAA compliance checks… I’ve seen people use “HIPAA compliant” tools in none HIPAA compliant ways.

If interested in HIPAA compliance with Rocket.Chat i’d recommend you get in contact with the sales team to have a discussion about this.

Hi Aaron,

thanks a lot for your reply - but there’s one issue - where is the button to DM you? :smile: i don’t find it :smile:

my emailaddress is also listed in the profile, which i’m trying to use for the registration.

BR

Sent DM :slight_smile:

I’m certain that I did initially opt to register, but I don’t see any of the screens shown.

I see this:

(continued below as Discourse wont let me add two images to this post)

(having to do this as two posts as Discourse wouldn’t let me add two images to the previous post…)

However, if I login to https://cloud.rocket.chat I see that my self-hosted Rocket.Chat is indeed registered:

But I don’t see where I can get my Token?!?

Help!

Thanks.

If you follow this guide, does it help? https://docs.rocket.chat/guides/administrator-guides/connectivity-services

And if not, let me know and we can follow up about it.

And that’s maybe dumb, but you have no way to allow users to use a dual-push system ?

Like when you use the official play store version of the app, the server know it and use your public gateway.
But if you use a custom made app by the server owner, it use your own certificate/key/whatever ?