- From: Peter Beverloo <notifications@github.com>
- Date: Tue, 16 May 2017 09:53:47 -0700
- To: w3c/push-api <push-api@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/push-api/issues/258/301845779@github.com>
Hi Kepeng, > I think the issue is, whether the User Agent can subscribe multiple push services at the same time or not? If the User Agent can subscribe more than one Push Services, is it possible that the subscribed multiple Push Services can interact in some way, e.g. avoid to push the same messges? Neither the W3C Push API nor the IETF Web Push Protocol provide support for this sort of coordination. Is this a theoretic case, or are you aware of a user agent that's specifically looking to support this functionality? > About privacy issues, the Push Service knows what Application Servers the User Agent has subscibed, the Push Service already knows the user privacy, e.g. user wants to subcribe to some adult contents, and he does not want this to be known by others. Also, some Application Servers may not encrypt the push messages, in this way, Push Service can get the payloads of the push messages. It's true that the Push Service could derive the source of a message by looking up the source's IP address, or the provided contact information in the VAPID JWT header. The ability to have subscriptions with multiple Push Services doesn't change that however, it just moves the problem to another actor. The Push API mandates use of encryption for messages that include a payload. Even if the developer includes an unencrypted payload, it will never reach their JavaScript code. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/258#issuecomment-301845779
Received on Tuesday, 16 May 2017 16:54:21 UTC