Hey guys. Im running Home Assistant in docker container for few years and I’m super happy with it. The only way I access my server when not home is wireguard VPN. I noticed that I’m still receiving notifications even when not connected to VPN. I wonder how is that possible?
I don’t have sub for HA Cloud or Nabu Casa. I also don’t own a domain, using duckdns for wireguard connection and reverse proxy (npm). I thought I have 100% local setup, but I guess there is a Google or HA server in between. I don’t want to disable the feature, I just want to know where is my data being sent
Thx
Notifications go through Google Firebase servers. This is documented here: https://companion.home-assistant.io/docs/notifications/notification-details/. Your HA server sends the notification to Google, which then sends it to your phone. They don’t store the notification they just relay it.
Most mobile apps do something like this. One reason is to improve battery life - your phone can have a single connection to a Google server instead of every app needing its own separate connection.
There used to be a way to use local notifications (meaning you have to be on the same network, either locally or via a VPN), but I can’t find the setting any more so maybe it’s gone now. (edit: this is still possible)
Under the Companion app settings, select your server, then persistent connection
https://companion.home-assistant.io/docs/notifications/notification-local/
That’s what I was thinking of! It’s not in the settings section I’d expect it to be in (notifications) so I thought it wasn’t doable any more.
Yes they do
E: additional context
I don’t see anything in that article that says that Google store the contents of the notification. It just says that they link push tokens to emails, which is true - they have to know who to send the push notification to.
In any case, if you don’t want Home Assistant notifications being relayed through Google, you can use a persistent connection so that the app connects directly to your Home Assistant server.
Not sure how you think they hand over information they don’t have?
My friend, did you read what the article you linked says? That isn’t storing the data, that’s capturing the data and relaying it, as directed by court order.
My guy, how is it you think they are capturing and relaying data that they haven’t stored?
Capture and relay have nothing to do with storage. You can absolutely add storage, but it is in no way a necessary step.
I don’t understand. How do you provide someone else with information you don’t have?
Let’s say notifications are like walkie-talkies. You push a button, it sends an alert or your voice to the paired device. Neither one is storing the information, they are just relaying to each other. Now, in this case the government has issued a court order stating that a third party be given a walkie-talkie with the ability to understand the information transmitted by the first. There is still no storage being done, but a second party now receives all the information being broadcast.
It’s not about not having the information. You don’t actually need to store it anywhere to facilitate communication, at least beyond it being in memory which most would agree doesn’t constitute storage in this situation.
Now, could that third party store the information? Absolutely.
I’m guessing you aren’t a programmer or network engineer, because a relay does not necessitate storing anything. Your router does not “store” your webpages when you go to a page on the internet. Something like mulvad vpn doesn’t store anything when using it.
Thank you. It makes sense now
It definitely threw me the first time I was out of the house.
I decided the best solution was just to limit alerts to non-sensitive things.
While I’m generally very big on privacy, I really don’t give a monkeys if Apple/Google is relaying a message that says “Cat in garden!”
You can enable a persistent connection to get alerts directly without relaying them through Google, but then you need to have a connection to your Home Assistant server all the time (eg by using a VPN or by exposing it publicly)