317
remember when these guys couldn't breath while wearing a mask during lockdown?
Without open source, it could be a honey pot.
TechCrunch did a traffic analysis: https://techcrunch.com/2025/07/01/iceblock-an-app-for-anonymously-reporting-ice-sightings-goes-viral-overnight-after-bondi-criticism/
I did check to see what permissions and data it wants access to. None. That seems like a good sign.
A nefarious app might also want permissions to see all your contacts.
Edit to clarify: The app install page says only "Data Not Collected". I would presume they would list IP and/or location if that were amongst the data collected as I have seen other apps do, but I am certainly no expert. The dev is All U Chart, Inc.
Don’t apps self-report this stuff? You presumably need to make a DB query from their backend to see any reportings in a 5mi radius, so at minimum they have your GPS coordinates and IP address (which when combined would uniquely identify you)
Iirc, permissions for iOS are required for devs to be able to use the functions/methods under those permissions.
So if the app doesn't use them, they won't show up as needing them.
That may be true for things like contacts, but here they have your location, and they use the network. Thus they could hoover that up and store it, even mapping everywhere you go over time in their DB.
"Apple keeps most of your location history on your device: the bits of information stored in the cloud are either end-to-end encrypted, meaning only you can decipher them, or anonymized. As such, the risk of having your location history compromised by a data breach, or by a request from law enforcement to Apple for this data, is greatly reduced."
In this case they are anonymized. The service can tell what device is where but not what user that deviceID matches and those identifiers are rotated to make it harder to match that data up.
That’s for Apple services specifically. If I build an iOS app, I can get geo coordinates.
load more comments
(2 replies)
Sightings are tiny and compressible you could download all the sightings then diffs and never leak anything but ip or if a VPN not even that.
load more comments
(1 replies)
the fact that i cannot use the app at all if i deny location permissions is a red flag. there’s no reason not to have a read only mode.
there may be no trackers as the other commenter mentioned about the TechCrunch analysis, but who is this random company that owns it: ALL U Chart, Inc. They’re likely pinging back their own servers with your coords
load more comments
(1 replies)
Have you ever fear for your life? Ever can't sleep because of the police sirens?
Now INTRODUCING: The GestapALERT App to inform you on when you will be sent to the camps! DOWNLOAD NOW, and sign up for a limited FREE Trial!
*For Ad-Free Immediate access without 30-Second Ad-Delay, subscribe to our Basic Tier of GestapALERT 360 Radar to reduce Ads to 5 seconds and increase scanning range to 5 miles for ~~$59.99 /month~~ our limited introductory price of $39.99 /month for your first 6 months, or subscribe to our PREMIUM Tier of GestapALERT + S.S. Detection Shield 360+ Radar and remove all Ads and increase scanning range to 10 miles for just ~~$89.99 /month~~ at our incredible discount of $59.99 /month for your first year!
30 days SATISFACTION GUARANTEED OR YOUR MONEY BACK!*
*[You may be subject to an ICE Raid if you decide to request a refund]
~/too~ ~soon?~
Good stuff, but IOS only at the moment.
Edit to include link: https://www.iceblock.app/
Only for iOS... Oof.
At this point my understanding from other sources is that they can't distribute via the android App Store in a way that uses location tracking and notifications but is still anonymous where they can with iOS because location services is device side only.
Android Location manager can get the location without Google Services and there are alternative notification services like ntfy.
EDIT: The location manager is part of the official API and ntfy is available on the play store, so apps using them will also be allowed. Besides, it's android, you can install alternative app stores or install apps directly. Maybe it's a good time to teach vulnerable communities how to do it safely, because using Big Tech services is not safe for them.
Fused Location Provider data sent to Google is anonymized with a temporary device id anyway. They also can't tell if you needed location for this, maps, or Pokémon Go. But they do sometimes collect GPS, WiFi, and cell data. Not using it is more private but I don't think it's worth worrying about.
If a person is armed and masked and does not identify itself, it is most likely a terrorist and a threat to the public.
load more comments
(5 replies)
"If it's a legitimate disappearing, the public has ways to try to shut that whole thing down."
load more comments
(1 replies)
Nice masks. Must feel like they're doing something wrong.
I love how, even when they're using them to hide their face, half of them still don't know how to use a mask and put it under their nose
Yeah way to advertise that you're a mouth-breather, right?
I thought they were talking about banning masks?
even if it meant publishing on F-Droid instead of Google Play.
Sadly this means it’s not accessible to like 95% of people, even if driven to install it.
What a good country we live in when this app is the #1 app in the Social Networking category.
Would it be possible to create a webapp version of this? With ICE and CBP freely able to search phones now, I am worried about retaliation if they find this app on the phone.
Yes, it’s not hard for a full stack developer to make. Probably a thousand people already in the fediverse can, including me.
But it cannot be hosted on USA controlled servers, and the developers need to find a way to be anonymous to USA offices
Edit: also some other issues. Cannot put it as an onion service because most people in the USA do not use tor. This means regular domain.
- register domain where cannot be seized
- server must be load balanced or using something like kubernetes
- heavy traffic costs money , how to pay bills without crossing USA banking system? And cannot expose payers or contributors
- where to host?
many people can build it, but most of us have no clue to the obstacles
This is actually a spot where I think a public blockchain could work and it's censorship resistant properties will be crucial one day.
The server is the blockchain, so it's not hosted anywhere specific and can't be taken down. It's also a smart contract which ended up working in favor of the devs of TornadoCash (A coin mixing service that provides privacy) where a judge overturned the sanctions on it since it was just immutable public code, not owned by anyone.
Now that Tornado Cash isn't sanctioned, you could mix your coins through it to then pay the sub cent fee to post the sighting on one of the layer 2s like Arbitrium (the fee which will also help combat spam)
The app could then be open source (web/android/iphone) and monitor the blockchain for the sightings in your area.
The problem still becomes push notifications if it's all being done locally... It would need to be your device itself monitoring. Apple is also bad about background processing, but it's a better on Android, and especially easier if you don't deploy to the store and can bypass some of the requirements.
This way incurs no hosting costs for the developer, no load balancing, nothing to be seized etc.
It's also harder to set up than what you listed, so even fewer people could do it.
It does require adoption of something like Ethereum though.
Edit: Some clarity, but also to post that transactions fees for example on Arbitrium today are $0.00087 for a 15 second confirmation. Add on a very tiny similar cost to post some GPS coordinates and a small description.
It definitely solves many issues!
Will lookup tornado cash
It's a cool tech. Just to help others out, a very brief TLDR on it
You can only submit certain denominations like 0.01 Ethereum, which then gets shuffled amongst everyone else submitting the same 0.01 Ethereum.
Then you can't trace back who's 0.01 is who's.
You can leave the money in the smart contract as long as you want to increase anonymity before withdrawing it.
Why would you need the block chain here again? At that point it needs to be an app because your browser can't consume any of that shit and you are creating an immutable record of who reported who in such a way to ensure punishment.
Because the government can't take it down, and the government will want to take it down, and the government would even try to issue arrest warrants for people who made it outside the US to try and punish them. This dude who wrote this is in danger now.
~~Web browsers are capable of self checking a smart contract for new transactions, it is totally possible.~~
Who reported it would be anonymous if they used something like Tornado Cash, or if a service was able to be built ontop of a privacy coin like Monero.
Edit: Sorry I'm wrong about the web browser, you'd have to run your own node outside the browser or trust someone else's node, and then the browser would hit the node. On phones you'd need to use a mobile app which can be a light client, or connect to your desktop's node.
load more comments
(2 replies)
load more comments
(1 replies)
load more comments
(1 replies)
I just got a spare vest from the security department, I could totally costume change into an ICE agent if I wanted...
Anyone can cosplay as an ICE agent; all you've gotta do is remove your license plate and wear a facemask+hat.
Yeah that doesn't make sense to me. They could easily release it on fdroid and through a website where you can download the apk.
Why not just release it as a self install not connected to an appstore?
load more comments
(1 replies)
Why can't it just be a website? Why does everything have to be a fucking "app"?
Chrome?
It's probably a security risk like Android, and the vast majority use it.
Also, apps are better at sending notifications (like ICE warnings). IMO this is a pretty decent justification for an 'iOS only' app.
Super skeptical that this is a Honeypot, or they'd just make it a web app.
view more: next ›
this post was submitted on 01 Jul 2025
317 points (98.8% liked)
News
31302 readers
830 users here now
Welcome to the News community!
Rules:
1. Be civil
Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.
2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.
Obvious right or left wing sources will be removed at the mods discretion. Supporting links can be added in comments or posted seperately but not to the post body.
3. No bots, spam or self-promotion.
Only approved bots, which follow the guidelines for bots set by the instance, are allowed.
4. Post titles should be the same as the article used as source.
Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.
5. Only recent news is allowed.
Posts must be news from the most recent 30 days.
6. All posts must be news articles.
No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.
7. No duplicate posts.
If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.
8. Misinformation is prohibited.
Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.
9. No link shorteners.
The auto mod will contact you if a link shortener is detected, please delete your post if they are right.
10. Don't copy entire article in your post body
For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.
founded 2 years ago
MODERATORS