Email or username:

Password:

Forgot your password?
Top-level
Digital Mark λ 📚 🕹 💾 🥃

@Gargron You record just what data your app keeps. Presumably you have a server list and logins. Do you cache anything? Report that.

5 comments
Eugen Rochko

@mdhughes Hm. It connects to the public api.joinmastodon.org to get the list of servers, anonymously. Any cache is local within the phone.

Григорий Клюшников

Eugen, also what sends push (APNS) notifications? Or does each instance handle that on its own?

Eugen Rochko

@grishka There's a relay Web Push to APN server that sees device tokens (not sure how much of a PII this is), but does not see notification contents as they are encrypted

Eugen Rochko

@grishka Documentation says the device token is unique both to the device and the app, that means the device token should not be usable for identifying a user... I think

Japorized

@Gargron Afaik, unless if you’re tying the device token to the user on the server, or you have some way to identify the user who’s using the app, device token + app doesn’t really tell you who the user is. At least for Firebase, if the user logs out and logs into another account, the 2 accounts might even use the same device token.

Go Up