there are no legitimate concerns outside of iOS.

Please could you explain what you mean here?

Skepticism is good but there has been an almost blind fanaticism about this.

Grapheme made a statement, correct as it may be it cast more shade on this app than necessary and that makes sense as they have a vested interest in pushing android as a more secure ecosystem than iOS as that’s their true rival in this space.

What I am getting at is it is worthwhile to be skeptical of all sides, not just take the word of a side that fits with your biases.

I’d expect, and personally would not continue to use this app otherwise, this app to receive continuous grey box analysis from independent security professionals.

Take what I’m saying with a grain of salt but I’ve done mobile device analysis professionally for some time wearing a number of hats and that’s the perspective I am speaking from

To which bit?

Do you believe the independent security analysis of the app to be malicious then?

I’ve seen this app panned by folks who don’t like that it’s iOS only and the legitimate concerns they have about anonymity with android, even if you’re on graphene or the like.

Their concerns regarding push notifications on android are legitimate, they’re basically saying “we don’t want to collect data on our users and android would necessarily require this for push notifications to work”.

This does not mitigate any threat from your device being connected to Apple and iCloud, which is how the push notifications work.

So the options are a database containing push notifications and uuids that can specifically identify a user location and device maintained by the developer or using the automatic Apple infrastructure. Both are equally beholden to subpoenas and hacking but the risk level changes significantly depending.

I’d urge folks to read the independent security analysis done against this app instead of trusting me or anyone else about it.

Terrifying.

We did it just as a for funsies test, when we actually began to put equipment in it was all properly secured.

…. God I have the dumbest idea for a project now

then where?

I once worked for a fairly large multinational and was the main data center admin.

We ordered two separate comcast business account lines to serve as an emergency management network juuuuuuuuuuuust in case everything enterprise level went down. A true catastrophe somewhere else.

My boss put a windows xp box on it, and it alone with a single linux router in between it any the internet, totally insecure except for fail2ban and port knocking.

The entire time we were waiting for the rest of the data center to be wired it stood up, never being penetrated. Maybe a month or so.

BUT we’d banned basically the entire public IP space.

This was back in the early 2010s

Seems more like someone got confused and dumped info for chicken pox instead of “chicken pops”

^ what this is about

^ too Reddit comment link

nephew