I’ve seen this app panned by folks who don’t like that it’s iOS only and the legitimate concerns they have about anonymity with android, even if you’re on graphene or the like.
Their concerns regarding push notifications on android are legitimate, they’re basically saying “we don’t want to collect data on our users and android would necessarily require this for push notifications to work”.
This does not mitigate any threat from your device being connected to Apple and iCloud, which is how the push notifications work.
So the options are a database containing push notifications and uuids that can specifically identify a user location and device maintained by the developer or using the automatic Apple infrastructure. Both are equally beholden to subpoenas and hacking but the risk level changes significantly depending.
I’d urge folks to read the independent security analysis done against this app instead of trusting me or anyone else about it.
I would argue more that anyone grabbing this from the app store is painting a target on their back. It doesn’t matter what permissions it does or does not have: You are now giving a mega company run by a c-suite that have demonstrably bended the knee to a fascist information that you care about this.
Push notifications are incredibly valuable. I still argue that doing it through a dedicated app at all is idiotic and it should instead be through a semi-anonymous chat system like Signal or Matrix and the like and get group blasted.
There are no legitimate concerns outside of iOS. The dev doesn’t know what they’re talking about. Apple and Google have identical privacy flaws in their notifications. The difference is only 1 platform allows you to use a different notification system entirely. And only 1 platform allows you to download apps without logging who is doing it.
You can develop apps on Android that do not utilize the notification system that sends information to Google.
There’s an entire development system called f droid that specifically focus on not utilizing Google services or Android services.
Graphene we’re entirely correct in their through critism of the application as some one that works with application security and privacy professionally.
I’ve seen this app panned by folks who don’t like that it’s iOS only and the legitimate concerns they have about anonymity with android, even if you’re on graphene or the like.
Their concerns regarding push notifications on android are legitimate, they’re basically saying “we don’t want to collect data on our users and android would necessarily require this for push notifications to work”.
This does not mitigate any threat from your device being connected to Apple and iCloud, which is how the push notifications work.
So the options are a database containing push notifications and uuids that can specifically identify a user location and device maintained by the developer or using the automatic Apple infrastructure. Both are equally beholden to subpoenas and hacking but the risk level changes significantly depending.
I’d urge folks to read the independent security analysis done against this app instead of trusting me or anyone else about it.
I would argue more that anyone grabbing this from the app store is painting a target on their back. It doesn’t matter what permissions it does or does not have: You are now giving a mega company run by a c-suite that have demonstrably bended the knee to a fascist information that you care about this.
Push notifications are incredibly valuable. I still argue that doing it through a dedicated app at all is idiotic and it should instead be through a semi-anonymous chat system like Signal or Matrix and the like and get group blasted.
There are no legitimate concerns outside of iOS. The dev doesn’t know what they’re talking about. Apple and Google have identical privacy flaws in their notifications. The difference is only 1 platform allows you to use a different notification system entirely. And only 1 platform allows you to download apps without logging who is doing it.
Please could you explain what you mean here?
You can develop apps on Android that do not utilize the notification system that sends information to Google.
There’s an entire development system called f droid that specifically focus on not utilizing Google services or Android services.
Graphene we’re entirely correct in their through critism of the application as some one that works with application security and privacy professionally.
I just did. Could you be more specific about what you’re asking?
Link?
To which bit?
The independent security analysis you mentioned.
My main concern is that the app isn’t open source. I don’t trust any software that isn’t fully open source.