Hey guys. Im running Home Assistant in docker container for few years and I’m super happy with it. The only way I access my server when not home is wireguard VPN. I noticed that I’m still receiving notifications even when not connected to VPN. I wonder how is that possible?

I don’t have sub for HA Cloud or Nabu Casa. I also don’t own a domain, using duckdns for wireguard connection and reverse proxy (npm). I thought I have 100% local setup, but I guess there is a Google or HA server in between. I don’t want to disable the feature, I just want to know where is my data being sent

Thx

  • dan@upvote.au
    link
    fedilink
    English
    arrow-up
    25
    ·
    edit-2
    4 months ago

    Notifications go through Google Firebase servers. This is documented here: https://companion.home-assistant.io/docs/notifications/notification-details/. Your HA server sends the notification to Google, which then sends it to your phone. They don’t store the notification they just relay it.

    Most mobile apps do something like this. One reason is to improve battery life - your phone can have a single connection to a Google server instead of every app needing its own separate connection.

    There used to be a way to use local notifications (meaning you have to be on the same network, either locally or via a VPN), but I can’t find the setting any more so maybe it’s gone now. (edit: this is still possible)

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        9
        ·
        4 months ago

        That’s what I was thinking of! It’s not in the settings section I’d expect it to be in (notifications) so I thought it wasn’t doable any more.

    • helenslunch@feddit.nl
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      edit-2
      4 months ago

      They don’t store the notification they just relay it.

      Yes they do

      E: additional context

      The data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        edit-2
        4 months ago

        I don’t see anything in that article that says that Google store the contents of the notification. It just says that they link push tokens to emails, which is true - they have to know who to send the push notification to.

        In any case, if you don’t want Home Assistant notifications being relayed through Google, you can use a persistent connection so that the app connects directly to your Home Assistant server.

        • helenslunch@feddit.nl
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          4 months ago

          I don’t see anything in that article that says that Google store the contents of the notification

          Not sure how you think they hand over information they don’t have?

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        4 months ago

        My friend, did you read what the article you linked says? That isn’t storing the data, that’s capturing the data and relaying it, as directed by court order.

        • helenslunch@feddit.nl
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          3
          ·
          4 months ago

          My guy, how is it you think they are capturing and relaying data that they haven’t stored?

          • KairuByte@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            3
            ·
            4 months ago

            Capture and relay have nothing to do with storage. You can absolutely add storage, but it is in no way a necessary step.

            • helenslunch@feddit.nl
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              4 months ago

              I don’t understand. How do you provide someone else with information you don’t have?

              • KairuByte@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                3
                ·
                4 months ago

                Let’s say notifications are like walkie-talkies. You push a button, it sends an alert or your voice to the paired device. Neither one is storing the information, they are just relaying to each other. Now, in this case the government has issued a court order stating that a third party be given a walkie-talkie with the ability to understand the information transmitted by the first. There is still no storage being done, but a second party now receives all the information being broadcast.

                It’s not about not having the information. You don’t actually need to store it anywhere to facilitate communication, at least beyond it being in memory which most would agree doesn’t constitute storage in this situation.

                Now, could that third party store the information? Absolutely.

          • tyler@programming.dev
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            3
            ·
            4 months ago

            I’m guessing you aren’t a programmer or network engineer, because a relay does not necessitate storing anything. Your router does not “store” your webpages when you go to a page on the internet. Something like mulvad vpn doesn’t store anything when using it.

    • GreatAlbatross@feddit.ukM
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 months ago

      It definitely threw me the first time I was out of the house.
      I decided the best solution was just to limit alerts to non-sensitive things.
      While I’m generally very big on privacy, I really don’t give a monkeys if Apple/Google is relaying a message that says “Cat in garden!”

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        You can enable a persistent connection to get alerts directly without relaying them through Google, but then you need to have a connection to your Home Assistant server all the time (eg by using a VPN or by exposing it publicly)

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      edit-2
      4 months ago

      There’s a few comments like this in this thread, from people that I guess didn’t actually read the post :)

      They weren’t asking how to do it; they were asking why it works out-of-the-box with the standard Home Assistant notifications.

      You don’t need ntfy; the standard Home Assistant app notifications work anywhere since they route via Google Firebase.

  • SolidGrue@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    4 months ago

    I don’t know this for sure, but if you installed the mobile companion app thru the Store for your platform, then the integration is probably using its push API to reach your device remotely.

    I’m >90% sure notification workflows find me even when I am remote and untethered from home when I notify the app on my mobile devices.

  • ALERT@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    4 months ago

    HA mobile application opens up a notify service that I use to send notifications specifically on my mobile device HA application.

  • Treczoks@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    There are GSM modems that can be used by the server to send an SMS. I nearly bought one when it was cheap, but noticed just in time that the GSM level of that device was 3, which is no longer available here. And it needs a valid Sim card to work.

  • SayCyberOnceMore@feddit.uk
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Just to add… if you don’t want this, the minimal version of the HA app doesn’t use 3rd party systems for notifications (you’d need to setup something yourself), so if this is a problem for you, there’s also that option…

    Just sayin’…