Your forum software asks users to allow it to run arbitrary javascript inside a “Web Worker”. As is typically the case with these invasive scriptlets, it claims they’ll only be used for “push notifications”, but the actual WebWorker system is not restricted to notifications, instead, it can do anything doable inside javascript, even when the user is not on the website. These scriptlets also are often self-updating, which means a compromised “notification server” can be used to launch attacks against people’s computers. In short, this is a fairly serious “miss-feature”, which a privacy-oriented, freedom-respecting company ought not use.
There is a standard format for push notifications, which people who want them can use (and your website probably ought to offer): RSS.
Fair comments but Purism is using the Discourse forum software AFAIK - so if someone wants to pursue this then the first question would be whether Discourse even offers control over this.
If it doesn’t then I am fairly sure I want Purism software engineer resources devoted to getting the L5 out the door rather than forking Discourse.
I take it that you have looked over your own forum profile to confirm that there is no per-user control over this.
There is per-browser control over this. You can get rid of the notification request on each device. Not sure how long it will last, as most websites ask again in a week or so.
It’s a fair point that this is standard software, so it’s not worth developer time chasing upstream, but if Discourse does allow control over this, it should be properly configured.
One thing that many manufactures do and that I really don’t like is when they create exceptions for themselves, with respect to how the operating system works. Microsoft does it from time to time. Just recently, Samsung has been doing it on my Note 9. Samsung is sending me notifications (advertising of paid features that they want me to try), and those notifications can’t be turned off. I can disable other notifications, but not the Samsung ones. I hope Purism never does this kind of thing. Operating system features need to always be consistent, no matter what.
