Privacy options for push notifications
Currently no matter what your push notification is the body is provided to the push notification service and arrives cleartext to the endpoint: browser, phone (iOS APNS, Android Firebase), etc.
There may be instances where this is less than ideal. One example would be DMs. Do we want the body of the DMs to be sent to devices, or should it simply inform you a new Direct Message has arrived? e.g., the Signal messenger has the option of
Name and Content,
Name Only, or
No Name or Content. I feel that we should permit the same options.
Let's not get distracted by discussions around "security of DMs in the fediverse". Perfect is the enemy of good. We should continue to make incremental improvements in this area where possible, and when we can upgrade to fully E2E for DMs we will.