there's been a lot of misinformation out there beyond the factually balanced #reuters article on gov requests for push notification metadata from google and apple.

it's not new news that govs can request messaging data. yes, i recommend using #unifiedpush on a self-hosted server, but please note, governments can request data from any push notification service so #unifiedpush isn't a panacea, but it's better.

also, it is more likely governments are requesting push meta data to find out the device and services people are using so they can subpoena them and request actual data.

depending on your threat model, i'd be more concerned about the data your services collect than push notification meta data.

this isn't new news but yet another reminder to practice good infosec, opsec, comsec, and persec.

my recommendation is to use #grapheneos. know your threat model. be mindful of, and seek to reduce the data your services collect from you.

it is worth noting that grapheneos only uses graphene os services. sandboxed google play with fcm is optional