No, the thing that’s lost is all the vulnerable people using an app filled with vulnerabilities waiting to be exploited by a vindictive government.
Comment on Unfortunately, the ICEBlock app is activism theater
Zaktor@sopuli.xyz 4 days agoSo what’s the complaint here, that he’s being rude? The only thing lost if people build an alternate app rather than being allowed to work on his app is him.
Ulrich@feddit.org 4 days ago
jarfil@beehaw.org 4 days ago
The complaint is: Narcissistic incompetent dev spreads FUD while putting vulnerable people at risk.
It’s rather concerning, if true.
Zaktor@sopuli.xyz 4 days ago
The risk appears to be anxiety, not an active threat to their safety. The black box security analysis did not indicate any direct data leakage. We don’t know the app is safe, but we also don’t have any indication it’s doing anything particularly risky.
Ulrich@feddit.org 4 days ago
For the most part, we don’t know what the risks are, because the app is closed-source.
What we do know is that Apple logs the downloads of every account on their platform. That alone is enough to paint a target on the backs of vulnerable people.
We also know that the gov is intercepting notification data, in the form of " which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification."
You can bypass this data collection by using UnifiedPush on Android. Apple has no such alternative.
These are all things that I, a random internet dumbass with no development experience, knows, but somehow this fool does not, despite being educated over and over.
Zaktor@sopuli.xyz 4 days ago
I appreciate the link about the potential for push harvesting. That was not something I was aware of.
It doesn’t sound like they’re intercepting though, it sounds like they’re asking the platform to provide it. That should require a warrant unless Apple has gone full collaboration, but that does make it insecure to a targeted search. And paired with fake reports could potentially be used to geolocate someone to a rough area with some work.
Though I think if they have enough to compel cooperation from the platform they could also just get cell tower or direct GPS info. I’m not sure this really opens up a new attack vector.