ICEBlock climbs to the top of the App Store charts after officials slam it
Technology
85
Beiträge
52
Kommentatoren
0
Aufrufe
-
The devs don't really seem to have a clue about smartphone.
https://bsky.app/profile/grapheneos.org/post/3lt2prfb2vk2rLol, called it.
Incompetence and false bravado is all but guaranteed with development teams. Especially when it's closed source, not audited, and has minimal room for feedback loops.
-
This is a genuine concern that we should recognize.
I'm about 99% confident it isn't, but considering it is the kind of caution we should all be exercising these days.
- Is it open source? (No)
- Is it's publishing and build pipeline open? (No)
- Can anyone audit it? (No)
- Does the author make unreliable claims of privacy? (Yes)
- Does the author detail how data privacy and security is implemented? (No)
It's probably not a honeypot. But it's also likely to be negligent enough in implementation that it might as well be.
-
How would we learn either way if it was or wasn't?
When the feds come for you for using it
-
Federated application for a map with markers and notes?
It seems for me that this would be too narrow a purpose.
Maybe a general-purpose public notification map. With some functionality allowing to separate markers by their authors and by tags. Or it can be spammed with bogus markers. By tags - well, for it to be general-purpose. By authors - because moderation can't be left to instance admins.
And, of course, I'm personally for separation of moderation, instance ownership, identities and hosting, but my own toy attempt showed me that the logic of checking the chain of privilege delegation is kinda PITA. That is, separating identities from instances is not that hard. And communities. What's hard is the community owner delegating rights to other identities, and in general authorized actions. It's a task of determining which privileges does an identity currently possess, and how does it affect its own actions on the community, and in which order should those be processed ... Everything is harder than it seems. Sad.
So federation is fine LOL.
Why too narrow of a use case?
Imagine federation with text linked to other text, that'd be crazy, right?
Wait, it's actually more complicated than that
But FR using existing federated protocols to build something like this is EXACTLY what the protocols are for. You don't need to implement the federation yourself, you can use an existing network
-
The devs don't really seem to have a clue about smartphone.
https://bsky.app/profile/grapheneos.org/post/3lt2prfb2vk2rGlad others have pointed this out. Their "reasons" for not supporting 70% of worldwide smartphones via Android seemed very suspect.
-
There is not and it is due to privacy implications. You can read more on their site about it and ALSO, there are fake Android apps of this that they caution you to not install. As of now, there is no Android version and unlikely unless Android fixes the way notifications work to not have any account or privacy issues for such an app.
Incompetence is not a "privacy implication". You think Apple servers are beyond reach of US warrants?
-
they probably want to also make it as easy as possible for those who aren't technologically savvy or whose native language isn't english, though
Then don't claim the reasoning is anonymity.
-
No, they are saying that Android and Apple both have a privacy issue on the same level.
It's not on the same level. Android at least provides the option of using an alternative notification system, and also supports downloading apps from anywhere. Including places that don't require an account.
-
She said that there's been a 500 percent increase against ICE agents who are just "trying to do their jobs and remove public safety threats from... communities."
Exactly what the Nazis who ran extermination camps claimed.
It's so blatant as if theyre using an instruction manual or something
-
Glad others have pointed this out. Their "reasons" for not supporting 70% of worldwide smartphones via Android seemed very suspect.
not defending the dev here, but iOS is the majority in the US, why would worldwide market share be relevant for a US app?
-
This post did not contain any content.
ICEBlock climbs to the top of the App Store charts after officials slam it
The application, which allows users to add a pin on a map to show where ICE agents have recently been spotted, has climbed to the to the top of the App Store charts.
Engadget (www.engadget.com)
Is it only available in the US App Store? I can imagine that some people who could make good use of it don’t have a US Apple ID.
-
not defending the dev here, but iOS is the majority in the US, why would worldwide market share be relevant for a US app?
Because visitors to the US don't tend to be from the US, that's only logical
-
Glad others have pointed this out. Their "reasons" for not supporting 70% of worldwide smartphones via Android seemed very suspect.
I think he thinks HE had to store the information, and if he isn't the one storing it, it's anonymous.
Except, on Android, you can also do it where only google stores the information and he doesn't have to store any. And there are no user name or passwords or accounts involved to listen to specific channels like he claims.
You can collect this information, and you'd be able to write a more custom push service, but it isn't needed at all, but Google and Apple will always know who is getting the messages.
-
Lol, called it.
Incompetence and false bravado is all but guaranteed with development teams. Especially when it's closed source, not audited, and has minimal room for feedback loops.
You don't even need to audit a closed source app to know that Apple knows which devices its sending pushes to. It works because they know.
-
Maybe they want that, but the statement on their website is not wrong on a technicality because it's oversimplified; it's wrong because it asserts a privacy difference between the two operating systems that does not exist.
It's actually not possible to build a push service like FCM or APNS on Android and have it function at the same level as FCM. FCM has special permissions to bypass certain device states on the device to ensure message delivery that nothing else can match.
The best you can do is approximate it with an always active websocket and a foreground service always running with battery optimizations disabled, but good luck not having that foreground service shut down on occasion as well. Devices are hostile to them for battery saving purposes. You'd have the best luck with a Pixel device though for something like that. You could also do some sort of scheduled background polling, but the device can be hostile to that as well, and it would eat more battery.
-
Obvious troll is obvious
I don't think everybody who makes a bad claim is a troll. A lot of people just are that stupid.
-
they can monitor who connects to what.
They can also not do that.
We should assume anything in the US is compromised by the fed
International VPNs are not immune from US subpoena.
international VPNs are not immune from US subpoena
And condoms are only 98% effective.
A condom and VPN work on the same principle: a layer of protection. No protection is ever 100% effective, but you can at least try.
Remember, they’re already building the camps. It’s only a matter of time before “helping illegals” is a crime that gets you sent to the camps. I’d rather make the fascists work for it at least.
-
not defending the dev here, but iOS is the majority in the US, why would worldwide market share be relevant for a US app?
Think about that for a second. Immigration and Customs Enforcement by definition involves at least one border and 2 countries. Even if they only went after American citizens (which they're trying to do), they'd be deporting you somewhere else.
As it is, I suspect a significant number of at-risk people in the US and their advocates use Android.
-
How would we learn either way if it was or wasn't?
Someone knowledgeable enough would be able to figure out where every upload is going, I'd wager. But that would take Someone that is knowledgeable enough, as well as willing to expose an app like that given the potential consequences.
-
It's actually not possible to build a push service like FCM or APNS on Android and have it function at the same level as FCM. FCM has special permissions to bypass certain device states on the device to ensure message delivery that nothing else can match.
The best you can do is approximate it with an always active websocket and a foreground service always running with battery optimizations disabled, but good luck not having that foreground service shut down on occasion as well. Devices are hostile to them for battery saving purposes. You'd have the best luck with a Pixel device though for something like that. You could also do some sort of scheduled background polling, but the device can be hostile to that as well, and it would eat more battery.
Yes, I used web sockets for Signal for a while. It drained 30% of my battery when the phone sat idle for a day. Absolutely bonkers. Made the phone almost unusable so had to revert to FCM or disable notifications.
