vzqq@lemmy.blahaj.zone
on 02 Sep 05:24
nextcollapse
An important part of the effort is culture and esthetics. “ICE SUCKS DONKEY BALLS AND YOU SHOULD AVOID THEM LIKE THE PLAGUE INFESTED RAT FASCISTS THEY ARE” is a message worth amplifying, even if the tool to actually do the avoidance is flawed.
There’s a lot of secure software, that probably people in this room work on, that is developed in the open, and that is used primarily by at-risk users, including things like Tor, Signal, SecureDrop. That’s great, because it makes it easy for folks to contribute. Maybe you don’t want that, I understand that can be hard. But it also makes it easier for people to audit and gain assurance that the app is doing what you claim without having to have, you know, EFF reverse engineer it. Would you be open to making the app open source?
His answer: “Absolutely not.”
Why? “I don’t want anybody from the government to have their hooks in how I’m doing what I’m doing. Once you go open source, everybody has access to it. So I’m just going to keep the codebase private at this time.”
He also claimed that the government can’t learn everything about how an app works by reverse engineering it, which isn’t true.
I agree with Jen. His answers are very concerning.
interdimensionalmeme@lemmy.ml
on 02 Sep 07:26
nextcollapse
All activism is activism theater if it does not serve to direct counter-battery fire
orca@orcas.enjoying.yachts
on 02 Sep 15:40
collapse
Mobilization is the spark; organization is the fire. If you have the first and not the latter, you’re not moving the needle. Governments love mobilization because they can co-opt it. They can waste people’s energy via constant mobilization without established organizations.
interdimensionalmeme@lemmy.ml
on 02 Sep 17:13
collapse
Aren’t they going to dismantle any organization that works to undermine them ?
Maybe even shortcircuit it covertly to serve their own ends ?
I think the mobilization has to point toward something self-organization, an air-tight logic of action that operated randomnly enough that they don’t see it coming and therefore their bureaucracy can’t stop it or recuperate it
orca@orcas.enjoying.yachts
on 02 Sep 19:29
collapse
Yep, that’s why the super mainstream organizations putting marches together are always suspicious to me. They get their funding from somewhere and the overarching goal is never 100% clear. Often times it’s good people at the center that aren’t aware of the ulterior motive behind the ones bankrolling it.
Even smaller orgs can be easily manipulated. They often don’t do any real research on people before giving them access to internal information that they could easily send to whoever they are working for. It’s something I wish more activist and other organizations would invest their time into.
It sounds like he’s just a dev who’s in over his head but either doesn’t want anyone to take his baby or doesn’t want people to see his sloppy and possibly insecure code. It’s probably a hack job behind the scenes and he’s not really as sure of its security, so he might be opting for security through obscurity.
But this isn’t really taking up space. Someone else can make a better app. If this guy isn’t the one to really make a useful crowd sourced anti ICE app, that’s not a problem. Let’s get that OS crowd together and work with local groups and make something better. In the meantime, this is a statement.
So what’s the complaint here, that he’s being rude? The only thing lost if people build an alternate app rather than being allowed to work on his app is him.
The risk appears to be anxiety, not an active threat to their safety. The black box security analysis did not indicate any direct data leakage. We don’t know the app is safe, but we also don’t have any indication it’s doing anything particularly risky.
For the most part, we don’t know what the risks are, because the app is closed-source.
What we do know is that Apple logs the downloads of every account on their platform. That alone is enough to paint a target on the backs of vulnerable people.
We also know that the gov is intercepting notification data, in the form of " which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification."
You can bypass this data collection by using UnifiedPush on Android. Apple has no such alternative.
These are all things that I, a random internet dumbass with no development experience, knows, but somehow this fool does not, despite being educated over and over.
I appreciate the link about the potential for push harvesting. That was not something I was aware of.
It doesn’t sound like they’re intercepting though, it sounds like they’re asking the platform to provide it. That should require a warrant unless Apple has gone full collaboration, but that does make it insecure to a targeted search. And paired with fake reports could potentially be used to geolocate someone to a rough area with some work.
Though I think if they have enough to compel cooperation from the platform they could also just get cell tower or direct GPS info. I’m not sure this really opens up a new vulnerability separate from the general risk of using a smartphone when the government can produce a warrant (which with the coopting of the judiciary may not be as high a bar as it once was).
“They received an ICE block push” isn’t a meaningful piece of information compared to location. It’s already a targeted search. What do you think the government will do with that information?
“They received an ICE block push” isn’t a meaningful piece of information compared to location.
Quite the opposite. Getting notifications from ICEBlock shows that they are potentially “fugitives” or “aiding and abetting criminals” or “targeting law enforcement”. These are not my words, these are words from the current federal administration. A random location tells them nothing about any of that activity.
What do you think the government will do with that information?
We’ve reached the inevitable future where the govt is using any and all information they can get to target “criminals” and feeding them into databases and processing them with shitty AI in order to decide who they’re going to harass that day.
It’s still a targeted search, which may be bullshit but isn’t a trawling operation. If they’re targeting you, a demerit for simply having ICEBlock installed is the least of your worries. And if Apple goes full collaboration, then any “improper” app install is going to be a danger regardless of whether it’s pushing.
Getting the information in the first place is a targeted search. Unless Apple goes full collaborator they will require a court order. They have already made the decision (for whatever reason) to target you.
No, the thing that’s lost is all the vulnerable people using an app filled with vulnerabilities waiting to be exploited by a vindictive government.
If you actually read the post they go into detail about this.
burntbacon@discuss.tchncs.de
on 02 Sep 13:50
nextcollapse
It sounds like he’s just a dev who’s in over his head but either doesn’t want anyone to take his baby or doesn’t want people to see his sloppy and possibly insecure code
I’d bet it’s a LOT more along the lines of the second guess, because it’s now cost his wife her job and has gotten him quite publicly tagged along with it. He’s got a large portion of himself invested in it, and of course it will sting and suck for a bunch of folks to come along and point out, both gently and horribly, knowing OSS folks, all the shortcomings and then make changes.
I agree that there should be an alternative, open-source project, though I know I’m not all that qualified to support outside of financially, (which I would).
I disagree that this isn’t taking up space. Notoriety is a huge asset, especially for tools like this that rely on crowd-sourced information. It would be far better, all other things being equal, to start with the user base and name of ICEBlock than to make a competitor and need to promote it enough to get people to use it over ICEBlock. I highly doubt that a competitor will get anywhere close to the same media attention that this got.
prole@lemmy.blahaj.zone
on 02 Sep 12:51
nextcollapse
It doesn’t really seem like there’s any “secret sauce” there. What’s to stop someone who knows more about development from making a better version?
AlecSadler@lemmy.blahaj.zone
on 02 Sep 15:26
nextcollapse
I’m down to do it, I just need to figure out a way not to get deported over it.
There are lots of better versions that exist. Unfortunately they haven’t received the same amount of traction, which is important for this type of app. Here’s one: fire-app.net
threaded - newest
An important part of the effort is culture and esthetics. “ICE SUCKS DONKEY BALLS AND YOU SHOULD AVOID THEM LIKE THE PLAGUE INFESTED RAT FASCISTS THEY ARE” is a message worth amplifying, even if the tool to actually do the avoidance is flawed.
Yes, it’s theater. But theater is praxis too.
.
Has anyone else already read the whole thing and could save us a little time?
The first one seems irrelevant. The second is sort of inevitable without making it hard to report anything.
Everything else is just exactly what people were saying from the start. I dont know why people keep defending this privacy nightmare of an app.
I agree. I’m just repeating what I read.
Yeah i know. Wasnt judging your comment, only the original article based on the info in your comment. :)
An excerpt
All activism is activism theater if it does not serve to direct counter-battery fire
Mobilization is the spark; organization is the fire. If you have the first and not the latter, you’re not moving the needle. Governments love mobilization because they can co-opt it. They can waste people’s energy via constant mobilization without established organizations.
Aren’t they going to dismantle any organization that works to undermine them ?
Maybe even shortcircuit it covertly to serve their own ends ?
I think the mobilization has to point toward something self-organization, an air-tight logic of action that operated randomnly enough that they don’t see it coming and therefore their bureaucracy can’t stop it or recuperate it
Yep, that’s why the super mainstream organizations putting marches together are always suspicious to me. They get their funding from somewhere and the overarching goal is never 100% clear. Often times it’s good people at the center that aren’t aware of the ulterior motive behind the ones bankrolling it.
Even smaller orgs can be easily manipulated. They often don’t do any real research on people before giving them access to internal information that they could easily send to whoever they are working for. It’s something I wish more activist and other organizations would invest their time into.
It sounds like he’s just a dev who’s in over his head but either doesn’t want anyone to take his baby or doesn’t want people to see his sloppy and possibly insecure code. It’s probably a hack job behind the scenes and he’s not really as sure of its security, so he might be opting for security through obscurity.
But this isn’t really taking up space. Someone else can make a better app. If this guy isn’t the one to really make a useful crowd sourced anti ICE app, that’s not a problem. Let’s get that OS crowd together and work with local groups and make something better. In the meantime, this is a statement.
The problem is that people are falling over themselves to help him and he keeps declining while looking at them like they’re the idiots.
So what’s the complaint here, that he’s being rude? The only thing lost if people build an alternate app rather than being allowed to work on his app is him.
The complaint is: Narcissistic incompetent dev spreads FUD while putting vulnerable people at risk.
The risk appears to be anxiety, not an active threat to their safety. The black box security analysis did not indicate any direct data leakage. We don’t know the app is safe, but we also don’t have any indication it’s doing anything particularly risky.
For the most part, we don’t know what the risks are, because the app is closed-source.
What we do know is that Apple logs the downloads of every account on their platform. That alone is enough to paint a target on the backs of vulnerable people.
We also know that the gov is intercepting notification data, in the form of " which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered. In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification."
You can bypass this data collection by using UnifiedPush on Android. Apple has no such alternative.
These are all things that I, a random internet dumbass with no development experience, knows, but somehow this fool does not, despite being educated over and over.
I appreciate the link about the potential for push harvesting. That was not something I was aware of.
It doesn’t sound like they’re intercepting though, it sounds like they’re asking the platform to provide it. That should require a warrant unless Apple has gone full collaboration, but that does make it insecure to a targeted search. And paired with fake reports could potentially be used to geolocate someone to a rough area with some work.
Though I think if they have enough to compel cooperation from the platform they could also just get cell tower or direct GPS info. I’m not sure this really opens up a new vulnerability separate from the general risk of using a smartphone when the government can produce a warrant (which with the coopting of the judiciary may not be as high a bar as it once was).
Pretty meaningless in the context of our current dictatorship.
Cell towers and GPS info don’t provide any information about what the user is doing on the device.
“They received an ICE block push” isn’t a meaningful piece of information compared to location. It’s already a targeted search. What do you think the government will do with that information?
Quite the opposite. Getting notifications from ICEBlock shows that they are potentially “fugitives” or “aiding and abetting criminals” or “targeting law enforcement”. These are not my words, these are words from the current federal administration. A random location tells them nothing about any of that activity.
We’ve reached the inevitable future where the govt is using any and all information they can get to target “criminals” and feeding them into databases and processing them with shitty AI in order to decide who they’re going to harass that day.
It’s still a targeted search, which may be bullshit but isn’t a trawling operation. If they’re targeting you, a demerit for simply having ICEBlock installed is the least of your worries. And if Apple goes full collaboration, then any “improper” app install is going to be a danger regardless of whether it’s pushing.
I’m telling you it’s not a “targeted search”, It’s an AI-generated output from a bullshit generator.
You don’t know that.
Also correct. But some apps are more sensitive than others.
Getting the information in the first place is a targeted search. Unless Apple goes full collaborator they will require a court order. They have already made the decision (for whatever reason) to target you.
No, the thing that’s lost is all the vulnerable people using an app filled with vulnerabilities waiting to be exploited by a vindictive government.
If you actually read the post they go into detail about this.
I’d bet it’s a LOT more along the lines of the second guess, because it’s now cost his wife her job and has gotten him quite publicly tagged along with it. He’s got a large portion of himself invested in it, and of course it will sting and suck for a bunch of folks to come along and point out, both gently and horribly, knowing OSS folks, all the shortcomings and then make changes.
I agree that there should be an alternative, open-source project, though I know I’m not all that qualified to support outside of financially, (which I would).
I disagree that this isn’t taking up space. Notoriety is a huge asset, especially for tools like this that rely on crowd-sourced information. It would be far better, all other things being equal, to start with the user base and name of ICEBlock than to make a competitor and need to promote it enough to get people to use it over ICEBlock. I highly doubt that a competitor will get anywhere close to the same media attention that this got.
It doesn’t really seem like there’s any “secret sauce” there. What’s to stop someone who knows more about development from making a better version?
I’m down to do it, I just need to figure out a way not to get deported over it.
There are lots of better versions that exist. Unfortunately they haven’t received the same amount of traction, which is important for this type of app. Here’s one: fire-app.net
How is this any better? From the site it appears to also be closed source with no security audit and using push notifications.
It’s better because you can download it directly from the site. And also they have a web version.
That only solves one problem, unfortunately. Other than that, the FIRE app seems to have the same problems as the ICEBlock app.
Isnt that they same App that got completely obliterated by a single Mastodon post by GrapheneOS?
Doesn’t seem like it? grapheneos.social/search?q=iceblock&type=statuses
It was BlueSky, not Mastodon and is linked in the article: bsky.app/profile/grapheneos.org/…/3lt2prfb2vk2r