Official site: https://www.iceblock.app/
The CNN article talks a bit more about privacy issues. This bit caught my eye:
It’s only available on iOS because Aaron says the app would have to collect information that could ultimately put users at risk to provide the same experience on Android.
I would like to see some details about this. Perhaps there’s a way to work around that problem, even if it meant publishing on F-Droid instead of Google Play.
remember when these guys couldn’t breath while wearing a mask during lockdown?
Breath - rhymes with ‘death’, and is what comes out of your mouth
Breathe - the action of breathing
Try to remember it this way: when you add the ‘e’ on the end, you’re really breeeething.
i just can’t type worth shit on a touch screen
Hey, no judgement here.
While i agree with the point you are making, its just quite the obvious difference. Medical masks have much much denser material so they dont let water droplets through. These masks are usually just some clothing fabric that is full of big openings and really easy to breathe through.
I have tumor riddled lungs and chest muscles that don’t quite do their job any more and I was able to breath just fine with a N95 on for hours at a time. These gigantic turd burglers must be more out of shape than my dead gran if not being able to breathe was their excuse.
I can’t speak for the states but here people I absolutely know wore balaclavas and neck masks before covid also started complaining about those just the same because the medical authorities were saying it was better than nothing.
These idiots didn’t wear medical masks during, I live in conservative hell and they all wore neck gaiters and kept them under their noses and still bitched that they couldn’t breathe.
Well thats fucking dumb
Oh yes, specially designed masks for MEDICAL purposes, designed to be usable for childreb abd the elderly are harder to breathe through for tough macho guys like this than some bullshit they bought at a gunstore.
Clearly they only care about protecting themselves and can’t be bothered to protect others.
You people are so weird. At no point did i say that medical masks are hard to breathe through. I only said that whatever they are wearing will be easier to breathe through. Obviously the standard masks are also pretty easy to breathe through, billions of people did it for 2-3 years without any major problems.
What you’re doing is white-knighting for the gestapo. That’s weird.
Quit trying ‘to be fair’ towards thugs who absolutely give zero shits about being fair to you.
Well i definitely wouldn’t want your help in killing nazis. Considering how blind you are, you will just end up killing your own.
I merely said something designed formedical use is probably easier to bread tbrough tha something designed for military use. Y’know, thick materials are harder to breathe through. Wouldn’t want a wild boar, terrorist or immigrant tearing through it. So probably harder to breathe throug than a thin little mask that breaks if you try to put it on your face more than a few times. Talking from experience. Didn’t know ICE masks were disposable.
You people are so weird. At no point did i say that medical masks are hard to breathe through. I only said that whatever they are wearing will be easier to breathe through.
I… Erm…
Why not just release it as a self install not connected to an appstore?
Not disagreeing. The issues that come with it:
1 - Not many people will install it because you have to disable default security features. Android gives a huge “Your device is insecure” scary message.
2 - Then you’ll get the people who will use this for malicious reasons. Even the app store gets copycats that do nothing but steal information.
Regarding (1), it still gets the network effect because of iOS users. That it’s harder for android users to install does not mean the marginal utility of an android user installing the app is lower than that of an iOS user installing the app.
Yeah. They literally relying on ios walled garden.
Without open source, it could be a honey pot.
the fact that i cannot use the app at all if i deny location permissions is a red flag. there’s no reason not to have a read only mode.
there may be no trackers as the other commenter mentioned about the TechCrunch analysis, but who is this random company that owns it: ALL U Chart, Inc. They’re likely pinging back their own servers with your coords
Fake your GPS and put it inside Republican homes
Can you do that on iOS?
you can using xcode and a manual gpx file
Easily? No. You could run an android emulator on desktop though.
I did check to see what permissions and data is wants access to. None. That seems like a good sign.
A nefarious app might also want permissions to see all your contacts.
that mainly applies to trackers and analytics. the company still makes backend calls to its own servers and can do whatever it wants there with the location data it collects from you
Don’t apps self-report this stuff? You presumably need to make a DB query from their backend to see any reportings in a 5mi radius, so at minimum they have your GPS coordinates and IP address (which when combined would uniquely identify you)
Iirc, permissions for iOS are required for devs to be able to use the functions/methods under those permissions.
So if the app doesn’t use them, they won’t show up as needing them.
That may be true for things like contacts, but here they have your location, and they use the network. Thus they could hoover that up and store it, even mapping everywhere you go over time in their DB.
“Apple keeps most of your location history on your device: the bits of information stored in the cloud are either end-to-end encrypted, meaning only you can decipher them, or anonymized. As such, the risk of having your location history compromised by a data breach, or by a request from law enforcement to Apple for this data, is greatly reduced.”
In this case they are anonymized. The service can tell what device is where but not what user that deviceID matches and those identifiers are rotated to make it harder to match that data up.
That’s for Apple services specifically. If I build an iOS app, I can get geo coordinates.
But if the user doesn’t create an account and the deviceID rotates frequently, is there any way to tie those coordinates at a specific time to a specific person in a large enough geographical area and provide notifications (also provided via on device only services)? That’s what it seems like the developer has said Apple facilitates better.
The also said they will have a more detailed post up July 2nd about android on their site.
Looks like honey to me
TechCrunch did a traffic analysis: https://techcrunch.com/2025/07/01/iceblock-an-app-for-anonymously-reporting-ice-sightings-goes-viral-overnight-after-bondi-criticism/
Would it be possible to create a webapp version of this? With ICE and CBP freely able to search phones now, I am worried about retaliation if they find this app on the phone.
Yes, it’s not hard for a full stack developer to make. Probably a thousand people already in the fediverse can, including me.
But it cannot be hosted on USA controlled servers, and the developers need to find a way to be anonymous to USA offices
Maybe with something like this? With veilid in the backend. No servers used for communication.
This is actually a spot where I think a public blockchain could work and it’s censorship resistant properties will be crucial one day.
The server is the blockchain, so it’s not hosted anywhere specific and can’t be taken down. It’s also a smart contract which ended up working in favor of the devs of TornadoCash where a judge overturned the sanctions on it since it was just immutable public code.
Now that Tornado Cash isn’t sanctioned, you could mix your coins through it to then pay the sub cent fee to post the sighting on one of the layer 2s like Arbitrium (the fee which will also help combat spam)
The app could then be open source (web/android/iphone) and monitor the blockchain for the sightings in your area.
The problem still becomes push notifications if it’s all being done locally… It would need to be your device itself monitoring. Apple is also bad about background processing, but it’s a better on Android, and especially easier if you don’t deploy to the store and can bypass some of the requirements.
This way incurs no hosting costs for the developer, no load balancing, nothing to be seized etc.
It does require adoption of something like Ethereum though.
Why would you need the block chain here again? At that point it needs to be an app because your browser can’t consume any of that shit and you are creating an immutable record of who reported who in such a way to ensure punishment.
Because the government can’t take it down, and the government will want to take it down, and the government would even try to issue arrest warrants for people who made it outside the US to try and punish them. This dude who wrote this is in danger now.
Web browsers are capable of self checking a smart contract for new transactions, it is totally possible.
Who reported it would be anonymous if they used something like Tornado Cash, or if a service was able to be built ontop of a privacy coin like Monero.
Once you need a normal server you might as well just have the server you already need serve the info preferably simply by grabbing a diff from previously so you reveal no info and without downloading a substantial portion of a chain. I swear people want to shove a blockchain into shit when it almost never adds any value whatsoever. You didn’t address the fact about making an indelible link between you and your report and indeed prior reports if you are ever nabbed.
You wanna go to jail hosting that server? You want to be extradited from another partnering country to the USA for inciting violence? For accessory to murder if something went wrong?
How is the link indelible when it’s anonymous? This isn’t money that can be traced back to you once it goes through Tornado Cash, or if it was done on something like Monero.
Edit:
https://www.yahoo.com/news/attorney-general-pam-bondi-warns-092112825.html
“Our ICE agents, all of our federal agents who are working hand in hand on these task force[s] — our federal agents from the Justice Department could be injured,” Bondi said Monday on “Hannity.”
“He’s giving a message to criminals where our federal officers are. And he cannot do that. And we are looking at it, we are looking at him, and he better watch out, because that’s not a protected speech. That is threatening the lives of our law enforcement officers throughout this country.”
This dudes life might be fucked now.
But sure, no reason, just trying to shove blockchain into everything.
A block chain is a distributed permanent ledger of transactions where any intermediary who claims to provide anonymity is in danger of being compromised and turning instantly into a Honey pot
It definitely solves many issues!
Will lookup tornado cash
It’s a cool tech. Just to help others out, a very brief TLDR on it
You can only submit certain denominations like 0.01 Ethereum, which then gets shuffled amongst everyone else submitting the same 0.01 Ethereum.
Then you can’t trace back who’s 0.01 is who’s.
You can leave the money in the smart contract as long as you want to increase anonymity before withdrawing it.
There’s a page “People Over Papers” or something along those lines. A linktree has the current working URL that I don’t have on hand at the moment
Good stuff, but IOS only at the moment.
Only for iOS… Oof.
At this point my understanding from other sources is that they can’t distribute via the android App Store in a way that uses location tracking but is still anonymous where they can with iOS because location services is device side only.
Android Location manager can get the location without Google Services and there are alternative notification services like ntfy.
EDIT: The location manager is part of the official API and ntfy is available on the play store, so apps using them will also be allowed. Besides, it’s android, you can install alternative app stores or install apps directly. Maybe it’s a good time to teach vulnerable communities how to do it safely, because using Big Tech services is not safe for them.
Fused Location Provider data sent to Google is anonymized with a temporary device id anyway. They also can’t tell if you needed location for this, maps, or Pokémon Go. But they do sometimes collect GPS, WiFi, and cell data. Not using it is more private but I don’t think it’s worth worrying about.
I don’t know. An app that only people with direct interest in this matter would use regularly, seems like a pretty convenient way to mark people of interest, no?
Not even in a sci-fk distopían way. Imaginet: TSE sees the app on your screen as you’re powering it down in line? BOOM baby, alligator town.
No?
As much as I trash DeCeNtrAlIZaTiOn, maybe THIS is when you actually need DeCeNtrAlIZaTiOn, to protect all participants
What a good country we live in when this app is the #1 app in the Social Networking category.
I just got a spare vest from the security department, I could totally costume change into an ICE agent if I wanted…
Anyone can cosplay as an ICE agent; all you’ve gotta do is remove your license plate and wear a facemask+hat.
even if it meant publishing on F-Droid instead of Google Play.
Sadly this means it’s not accessible to like 95% of people, even if driven to install it.
BS,
it’s way better to release to F-droid than to just not release it at all for android.
Yeah that doesn’t make sense to me. They could easily release it on fdroid and through a website where you can download the apk.
Have you ever fear for your life? Ever can’t sleep because of the police sirens?
Now INTRODUCING: The GestapALERT App to inform you on when you will be sent to the camps! DOWNLOAD NOW, and sign up for a limited FREE Trial!
*For Ad-Free Immediate access without 30-Second Ad-Delay, subscribe to our Basic Tier of GestapALERT 360 Radar to reduce Ads to 5 seconds and increase scanning range to 5 miles for
$59.99 /monthour limited introductory price of $39.99 /month for your first 6 months, or subscribe to our PREMIUM Tier of GestapALERT + S.S. Detection Shield 360+ Radar and remove all Ads and increase scanning range to 10 miles for just$89.99 /monthat our incredible discount of $59.99 /month for your first year!30 days SATISFACTION GUARANTEED OR YOUR MONEY BACK!*
*[You may be subject to an ICE Raid if you decide to request a refund]
/too soon?
You forgot the GestapALERT Max tier, now with kung fu grip and 89% more GestapALERTING for an extra $15.99. Also comes a free key fob you can press when you get slammed to the ground. ( Queue up b-roll of old life alert lady and you’re golden. Also not too soon. )
There needs to be an Icebook. A Facebook for tracking them with the express purpose of naming, shaming, and black listing.
Super skeptical that this is a Honeypot, or they’d just make it a web app.
A honeypot in a walled garden? What has this nation become?
Regarding the an Android version:
https://www.iceblock.app/android
TL,DR: “It’s difficult, so we’ll hide behind privacy excuses rather than helping the largest number of at-risk people.”
Seriously, if VPN companies and every other company that handles sensitive data anonymously can do it, so can these developers. When 70% of the worldwide smartphone user base uses Android, an iOS-only app is just not good enough anymore.
I think their argument is sounding.
Offering VPN is different from storing private information like a device ID. You don’t get notifications from your VPN.
The developer put up more specific details: https://www.iceblock.app/android
Thanks for the link.
So the problem is that using Android’s push notification system would require ICEBlock to store people’s device IDs, which could then be used against them.
I wonder if this could be avoided by using Web Push instead of google’s native push notification system. Or perhaps some other push notification system using rotating ephemeral IDs.
Not an expert but ephemeral IDs would not give you much.
AFIK under the hoods android notifications is just… a chat app (Ehehe classic google). So for sending a notification you need to send it to the ID of your mobile. Even if you manage to convince Android to register with an additional ephemeral ID Google would be able to map the ephemeral to the real since… well… it is running on the mobile
Note this part of what I wrote:
some other push notification system
Google’s default one is not the only one.
…almost none of what is said about Android push notification is true. A lot of apps uses firebase, which does not require the creation of user accounts or whatever to send push notifications to a device.
Either they’re completely unfamiliar with it, or they don’t want to do it, but what they claim is dubious at best.
How can you tell firebase who to notify?
I guess you need a firebase id of sort… and firebase needs the device id… and firebase is an US Company… so it’s just an extra step but the result is the same. They have to store IDs that can link to devices
The gist of what they’re saying is we trust Apple, not Google. Both american companies. But on android it is possible to have real time notifications without google. I also didn’t like the wording of their page, read a lot like Apple apologia if not an utter advertisement - an iPhone XR costs only 50$! Don’t you guys have
phonesiPhones??Let’s go back for a second and think about the people who need this type of service the most, today, in the US. Are they Apple or Android users?
The same way with iOS. At some point, the third-party service have a way to link a push to a device. It does not mean that you can link an user to a device, or a specific request to a device. You get a unique ID for the notifications, yeah. And someone could tell that the app server have these ID. But that’s not particularly different with iOS. It not being exposed to the app dev directly does not mean that this info does not exist on the third-party server, that can still get asked about it.
Unless Apple found a way to magically send a message to a specific device, from a specific external server, without anyone, anywhere, having any idea where the notification should go. Which, fair, could be done by sending every messages to everyone after encrypting it for a specific recipient, but that would be a bit inefficient at this scale. The trace for push notifications exists, whether you’re using Apple or Google as the backend.
From what I’ve been reading on this lately (since this started) on iOS a method exists for a service to send out a list of locations, or references list that exists on device (this can work with date/time triggers as well) that would trigger a notification and the local device itself handles notification of the user so the developer has no idea who has been notified for all they know they just shouted locations out into the void and the on-device location services handles the rest.
https://developer.apple.com/documentation/usernotifications/unlocationnotificationtrigger
