Public/Private endpoint access

[karmanyaahm]

So, (some) Tox clients send the endpoint to a bunch of untrusted devices. This means that when the sending endpoint and subscribing endpoint are symmetric (such as with public ntfy), any one of the untrusted devices can see what any of the other devices have sent.

There are a couple of solutions:

1. The most architecturally correct solution to me seems like treating each untrusted device as a separate instance, and having unique endpoints for them. Downside: public ntfy rate limits to 30 subscriptions per IP
2. We could modify ntfy to have public/private topic IDs. downside: complexity in ntfy.
3. Making a gateway for tox that maps multiple public URLs to a private URL. Downside: introduces additional points of failure and centralization.

[karmanyaahm]

Personally, I think 1 is the best option, because it requires no code changes, only a rate limit change. Also, it keeps UnifiedPush a simple one-to-one messaging platform, and does not introduce the complexities of many-to-one.

[p1gp1g]

I don't know if this is the right place for this issue.

Is it still relevant ? I though there were a way for ntfy to "reserve" a channel, and be sure no one else subscribe to the channel.

Also, does it mean Tox gives the same endpoint for every contacts ? It would be better it they use one endpoint per contact