Official site: https://www.iceblock.app/
The CNN article talks a bit more about privacy issues. This bit caught my eye:
It’s only available on iOS because Aaron says the app would have to collect information that could ultimately put users at risk to provide the same experience on Android.
I would like to see some details about this. Perhaps there’s a way to work around that problem, even if it meant publishing on F-Droid instead of Google Play.
Why can’t it just be a website? Why does everything have to be a fucking “app”?
Chrome?
It’s probably a security risk like Android, and the vast majority use it.
Also, apps are better at sending notifications (like ICE warnings). IMO this is a pretty decent justification for an ‘iOS only’ app.
Regarding the an Android version:
https://www.iceblock.app/android
TL,DR: “It’s difficult, so we’ll hide behind privacy excuses rather than helping the largest number of at-risk people.”
Seriously, if VPN companies and every other company that handles sensitive data anonymously can do it, so can these developers. When 70% of the worldwide smartphone user base uses Android, an iOS-only app is just not good enough anymore.
I think their argument is sounding.
Offering VPN is different from storing private information like a device ID. You don’t get notifications from your VPN.
Sounds like the dev is just not that familiar with Android.
I think you aren’t that familiar with android. Android’s main purpose is to collect as much information on you as possible. Google did not offer it up out of the goodness of their heart. It’s integral to their data collection and resale business model.
Super skeptical that this is a Honeypot, or they’d just make it a web app.
There needs to be an Icebook. A Facebook for tracking them with the express purpose of naming, shaming, and black listing.
I don’t know. An app that only people with direct interest in this matter would use regularly, seems like a pretty convenient way to mark people of interest, no?
Not even in a sci-fk distopían way. Imaginet: TSE sees the app on your screen as you’re powering it down in line? BOOM baby, alligator town.
No?
As much as I trash DeCeNtrAlIZaTiOn, maybe THIS is when you actually need DeCeNtrAlIZaTiOn, to protect all participants
The developer put up more specific details: https://www.iceblock.app/android
Thanks for the link.
So the problem is that using Android’s push notification system would require ICEBlock to store people’s device IDs, which could then be used against them.
I wonder if this could be avoided by using Web Push instead of google’s native push notification system. Or perhaps some other push notification system using rotating ephemeral IDs.
Not an expert but ephemeral IDs would not give you much.
AFIK under the hoods android notifications is just… a chat app (Ehehe classic google). So for sending a notification you need to send it to the ID of your mobile. Even if you manage to convince Android to register with an additional ephemeral ID Google would be able to map the ephemeral to the real since… well… it is running on the mobile
Note this part of what I wrote:
some other push notification system
Google’s default one is not the only one.
…almost none of what is said about Android push notification is true. A lot of apps uses firebase, which does not require the creation of user accounts or whatever to send push notifications to a device.
Either they’re completely unfamiliar with it, or they don’t want to do it, but what they claim is dubious at best.
How can you tell firebase who to notify?
I guess you need a firebase id of sort… and firebase needs the device id… and firebase is an US Company… so it’s just an extra step but the result is the same. They have to store IDs that can link to devices
The same way with iOS. At some point, the third-party service have a way to link a push to a device. It does not mean that you can link an user to a device, or a specific request to a device. You get a unique ID for the notifications, yeah. And someone could tell that the app server have these ID. But that’s not particularly different with iOS. It not being exposed to the app dev directly does not mean that this info does not exist on the third-party server, that can still get asked about it.
Unless Apple found a way to magically send a message to a specific device, from a specific external server, without anyone, anywhere, having any idea where the notification should go. Which, fair, could be done by sending every messages to everyone after encrypting it for a specific recipient, but that would be a bit inefficient at this scale. The trace for push notifications exists, whether you’re using Apple or Google as the backend.
From what I’ve been reading on this lately (since this started) on iOS a method exists for a service to send out a list of locations, or references list that exists on device (this can work with date/time triggers as well) that would trigger a notification and the local device itself handles notification of the user so the developer has no idea who has been notified for all they know they just shouted locations out into the void and the on-device location services handles the rest.
https://developer.apple.com/documentation/usernotifications/unlocationnotificationtrigger
The gist of what they’re saying is we trust Apple, not Google. Both american companies. But on android it is possible to have real time notifications without google. I also didn’t like the wording of their page, read a lot like Apple apologia if not an utter advertisement - an iPhone XR costs only 50$! Don’t you guys have
phonesiPhones??Let’s go back for a second and think about the people who need this type of service the most, today, in the US. Are they Apple or Android users?
If a person is armed and masked and does not identify itself, it is most likely a terrorist and a threat to the public.
I’m surprised how non of them were gunned down on self defense,
I think they have been. But they’re not reporting it to avoid copycats.
There was a large number of police shootings in my state when one guy opened fire on a state trooper. Then we were hearing stories every week.
So I’m supposed to believe groups of people with masks running up to folks and grabbing them haven’t been getting retaliation back?
Saw some video clip from “ice” getting beat tf up in a Haitian community. No guns on the civ side, but they were charging and tackling " ice" and not letting any of their people get kidnapped. love to see it.
It probably helps that they are targeting decent, normal working immigrants, who are unlikely to be armed.
If they were actually going after armed gang members, they probably would be getting shot. But as we can tell by the fact they are hiding their faces, they are chicken shit losers cosplaying as tough guys targeting defenseless people because it’s easier.
Crime statistics plainly show that the immigrant community is objectively one of the least likely groups to commit any crime, let alone violent crimes.
The vast majority of immigrants fear any interaction with police that could jeopardize their path to citizenship, even before trump took office and made everything way worse. These people just want to work and go home to their families. They’re unfortunately a perfect target for fascists like Trump because they are under represented, decent people who aren’t likely to fight back at first. Remember that fascism requires a nebulous “enemy” to rally people towards. You need a group that is simultaneously “evil” and capable of great harm to the government and people, but also easily handled by “security” measures. This allows the dictator to convince the public that all these sweeping powers that are being demanded are for their own safety. And unfortunately the vast majority of people just believe the first thing they hear, and we end up in this situation.
I’m just waiting for a trial where a jury has to decide if shooting at a gang of masked unidentified men in unmarked vehicles kidnapping you or your loves ones counts as self defense.
and regardless of the verdict the supreme court will uphold the right of the state to let unidentified gangs kidnap people off the streets.
I agree with every part of this except for the word “most likely,” since the incidence of ICE arrests are extremely high right now but terrorism is otherwise not.
The ICE kidnappings are terrorism.
Did you not notice I said “otherwise”?
Regardless, terrorist is a subjective term, and typically one excludes agencies with jurisdiction or organized militia; so the police, ICE, U.S. military, IDF, etc. don’t qualify regardless of your disposition toward them. This is why newspapers are usually quite hesitant to use the word “terrorist.” There’s a good case for calling the CIA (and other foreign-intelligence TLAs) terrorists though, since they operate outside of places where they have the authority to do so. Obviously, it’s semantics at the end of the day.
remember when these guys couldn’t breathe while wearing a mask during lockdown?
edit: “e”
Breath - rhymes with ‘death’, and is what comes out of your mouth
Breathe - the action of breathing
Try to remember it this way: when you add the ‘e’ on the end, you’re really breeeething.
i just can’t type worth shit on a touch screen
Hey, no judgement here.
While i agree with the point you are making, its just quite the obvious difference. Medical masks have much much denser material so they dont let water droplets through. These masks are usually just some clothing fabric that is full of big openings and really easy to breathe through.
I can’t speak for the states but here people I absolutely know wore balaclavas and neck masks before covid also started complaining about those just the same because the medical authorities were saying it was better than nothing.
I have tumor riddled lungs and chest muscles that don’t quite do their job any more and I was able to breath just fine with a N95 on for hours at a time. These gigantic turd burglers must be more out of shape than my dead gran if not being able to breathe was their excuse.
These idiots didn’t wear medical masks during, I live in conservative hell and they all wore neck gaiters and kept them under their noses and still bitched that they couldn’t breathe.
Well thats fucking dumb
Oh yes, specially designed masks for MEDICAL purposes, designed to be usable for childreb abd the elderly are harder to breathe through for tough macho guys like this than some bullshit they bought at a gunstore.
Clearly they only care about protecting themselves and can’t be bothered to protect others.
You people are so weird. At no point did i say that medical masks are hard to breathe through. I only said that whatever they are wearing will be easier to breathe through. Obviously the standard masks are also pretty easy to breathe through, billions of people did it for 2-3 years without any major problems.
What you’re doing is white-knighting for the gestapo. That’s weird.
Quit trying ‘to be fair’ towards thugs who absolutely give zero shits about being fair to you.
To be clear: I’m not saying you aren’t factually correct. I’m saying that, in the Thunderdome of public sentiment, that sort of comment comes across as excusing fascism and that’s why people are rightfully getting pissed off at you for making it.
Removed by mod
I merely said something designed formedical use is probably easier to breathe tbhough than something designed for military use. Y’know, thick materials are harder to breathe through. Wouldn’t want a wild boar, terrorist or immigrant tearing through it to reveal your identity.
So it’s probably harder to breathe through a bandit mask that than a thin little surgical one.
You people are so weird. At no point did i say that medical masks are hard to breathe through. I only said that whatever they are wearing will be easier to breathe through.
I… Erm…
Why not just release it as a self install not connected to an appstore?
Yeah. They literally relying on ios walled garden.
Not disagreeing. The issues that come with it:
1 - Not many people will install it because you have to disable default security features. Android gives a huge “Your device is insecure” scary message.
2 - Then you’ll get the people who will use this for malicious reasons. Even the app store gets copycats that do nothing but steal information.
Regarding (1), it still gets the network effect because of iOS users. That it’s harder for android users to install does not mean the marginal utility of an android user installing the app is lower than that of an iOS user installing the app.
No Android app?
Yep. Pathetic. They think ios will save them
Have you ever fear for your life? Ever can’t sleep because of the police sirens?
Now INTRODUCING: The GestapALERT App to inform you on when you will be sent to the camps! DOWNLOAD NOW, and sign up for a limited FREE Trial!
*For Ad-Free Immediate access without 30-Second Ad-Delay, subscribe to our Basic Tier of GestapALERT 360 Radar to reduce Ads to 5 seconds and increase scanning range to 5 miles for
$59.99 /monthour limited introductory price of $39.99 /month for your first 6 months, or subscribe to our PREMIUM Tier of GestapALERT + S.S. Detection Shield 360+ Radar and remove all Ads and increase scanning range to 10 miles for just$89.99 /monthat our incredible discount of $59.99 /month for your first year!30 days SATISFACTION GUARANTEED OR YOUR MONEY BACK!*
*[You may be subject to an ICE Raid if you decide to request a refund]
/too soon?
You forgot the GestapALERT Max tier, now with kung fu grip and 89% more GestapALERTING for an extra $15.99. Also comes a free key fob you can press when you get slammed to the ground. ( Queue up b-roll of old life alert lady and you’re golden. Also not too soon. )
Without open source, it could be a honey pot.
TechCrunch did a traffic analysis: https://techcrunch.com/2025/07/01/iceblock-an-app-for-anonymously-reporting-ice-sightings-goes-viral-overnight-after-bondi-criticism/
I did check to see what permissions and data it wants access to. None. That seems like a good sign.
A nefarious app might also want permissions to see all your contacts.
Edit to clarify: The app install page says only “Data Not Collected”. I would presume they would list IP and/or location if that were amongst the data collected as I have seen other apps do, but I am certainly no expert. The dev is All U Chart, Inc.
Don’t apps self-report this stuff? You presumably need to make a DB query from their backend to see any reportings in a 5mi radius, so at minimum they have your GPS coordinates and IP address (which when combined would uniquely identify you)
Iirc, permissions for iOS are required for devs to be able to use the functions/methods under those permissions.
So if the app doesn’t use them, they won’t show up as needing them.
That may be true for things like contacts, but here they have your location, and they use the network. Thus they could hoover that up and store it, even mapping everywhere you go over time in their DB.
“Apple keeps most of your location history on your device: the bits of information stored in the cloud are either end-to-end encrypted, meaning only you can decipher them, or anonymized. As such, the risk of having your location history compromised by a data breach, or by a request from law enforcement to Apple for this data, is greatly reduced.”
In this case they are anonymized. The service can tell what device is where but not what user that deviceID matches and those identifiers are rotated to make it harder to match that data up.
That’s for Apple services specifically. If I build an iOS app, I can get geo coordinates.
But if the user doesn’t create an account and the deviceID rotates frequently, is there any way to tie those coordinates at a specific time to a specific person in a large enough geographical area and provide notifications (also provided via on device only services)? That’s what it seems like the developer has said Apple facilitates better.
The also said they will have a more detailed post up July 2nd about android on their site.
Sightings are tiny and compressible you could download all the sightings then diffs and never leak anything but ip or if a VPN not even that.
that mainly applies to trackers and analytics. the company still makes backend calls to its own servers and can do whatever it wants there with the location data it collects from you
the fact that i cannot use the app at all if i deny location permissions is a red flag. there’s no reason not to have a read only mode.
there may be no trackers as the other commenter mentioned about the TechCrunch analysis, but who is this random company that owns it: ALL U Chart, Inc. They’re likely pinging back their own servers with your coords
Fake your GPS and put it inside Republican homes
Can you do that on iOS?
Easily? No. You could run an android emulator on desktop though.
you can using xcode and a manual gpx file
Looks like honey to me
Good stuff, but IOS only at the moment.
Edit to include link: https://www.iceblock.app/
Only for iOS… Oof.
At this point my understanding from other sources is that they can’t distribute via the android App Store in a way that uses location tracking and notifications but is still anonymous where they can with iOS because location services is device side only.
Android Location manager can get the location without Google Services and there are alternative notification services like ntfy.
EDIT: The location manager is part of the official API and ntfy is available on the play store, so apps using them will also be allowed. Besides, it’s android, you can install alternative app stores or install apps directly. Maybe it’s a good time to teach vulnerable communities how to do it safely, because using Big Tech services is not safe for them.
Fused Location Provider data sent to Google is anonymized with a temporary device id anyway. They also can’t tell if you needed location for this, maps, or Pokémon Go. But they do sometimes collect GPS, WiFi, and cell data. Not using it is more private but I don’t think it’s worth worrying about.
Would it be possible to create a webapp version of this? With ICE and CBP freely able to search phones now, I am worried about retaliation if they find this app on the phone.
Yes, it’s not hard for a full stack developer to make. Probably a thousand people already in the fediverse can, including me.
But it cannot be hosted on USA controlled servers, and the developers need to find a way to be anonymous to USA offices
Edit: also some other issues. Cannot put it as an onion service because most people in the USA do not use tor. This means regular domain.
- register domain where cannot be seized
- server must be load balanced or using something like kubernetes
- heavy traffic costs money , how to pay bills without crossing USA banking system? And cannot expose payers or contributors
- where to host?
many people can build it, but most of us have no clue to the obstacles
This is actually a spot where I think a public blockchain could work and it’s censorship resistant properties will be crucial one day.
The server is the blockchain, so it’s not hosted anywhere specific and can’t be taken down. It’s also a smart contract which ended up working in favor of the devs of TornadoCash (A coin mixing service that provides privacy) where a judge overturned the sanctions on it since it was just immutable public code, not owned by anyone.
Now that Tornado Cash isn’t sanctioned, you could mix your coins through it to then pay the sub cent fee to post the sighting on one of the layer 2s like Arbitrium (the fee which will also help combat spam)
The app could then be open source (web/android/iphone) and monitor the blockchain for the sightings in your area.
The problem still becomes push notifications if it’s all being done locally… It would need to be your device itself monitoring. Apple is also bad about background processing, but it’s a better on Android, and especially easier if you don’t deploy to the store and can bypass some of the requirements.
This way incurs no hosting costs for the developer, no load balancing, nothing to be seized etc.
It’s also harder to set up than what you listed, so even fewer people could do it.
It does require adoption of something like Ethereum though.
Edit: Some clarity, but also to post that transactions fees for example on Arbitrium today are $0.00087 for a 15 second confirmation. Add on a very tiny similar cost to post some GPS coordinates and a small description.
It definitely solves many issues!
Will lookup tornado cash
It’s a cool tech. Just to help others out, a very brief TLDR on it
You can only submit certain denominations like 0.01 Ethereum, which then gets shuffled amongst everyone else submitting the same 0.01 Ethereum.
Then you can’t trace back who’s 0.01 is who’s.
You can leave the money in the smart contract as long as you want to increase anonymity before withdrawing it.
Why would you need the block chain here again? At that point it needs to be an app because your browser can’t consume any of that shit and you are creating an immutable record of who reported who in such a way to ensure punishment.
Because the government can’t take it down, and the government will want to take it down, and the government would even try to issue arrest warrants for people who made it outside the US to try and punish them. This dude who wrote this is in danger now.
Web browsers are capable of self checking a smart contract for new transactions, it is totally possible.Who reported it would be anonymous if they used something like Tornado Cash, or if a service was able to be built ontop of a privacy coin like Monero.
Edit: Sorry I’m wrong about the web browser, you’d have to run your own node outside the browser or trust someone else’s node, and then the browser would hit the node. On phones you’d need to use a mobile app which can be a light client, or connect to your desktop’s node.
Once you need a normal server you might as well just have the server you already need serve the info preferably simply by grabbing a diff from previously so you reveal no info and without downloading a substantial portion of a chain. I swear people want to shove a blockchain into shit when it almost never adds any value whatsoever. You didn’t address the fact about making an indelible link between you and your report and indeed prior reports if you are ever nabbed.
You wanna go to jail hosting that server? You want to be extradited from another partnering country to the USA for inciting violence? For accessory to murder if something went wrong?
How is the link indelible when it’s anonymous? This isn’t money that can be traced back to you once it goes through Tornado Cash, or if it was done on something like Monero.
Edit:
https://www.yahoo.com/news/attorney-general-pam-bondi-warns-092112825.html
“Our ICE agents, all of our federal agents who are working hand in hand on these task force[s] — our federal agents from the Justice Department could be injured,” Bondi said Monday on “Hannity.”
“He’s giving a message to criminals where our federal officers are. And he cannot do that. And we are looking at it, we are looking at him, and he better watch out, because that’s not a protected speech. That is threatening the lives of our law enforcement officers throughout this country.”
This dudes life might be fucked now.
But sure, no reason, just trying to shove blockchain into everything.
A block chain is a distributed permanent ledger of transactions where any intermediary who claims to provide anonymity is in danger of being compromised and turning instantly into a Honey pot
Maybe with something like this? With veilid in the backend. No servers used for communication.
There’s a page “People Over Papers” or something along those lines. A linktree has the current working URL that I don’t have on hand at the moment
