checks post, 9h

sets VPN to UK

I support Palestine Action

I have a lot more faith in SaskTel succeeding here than if its been given to Rogers or Bell.

All push notifications go through APNS on apple. That’s Apple Push Notifications Service.

APNS requires the device to authenticate with it and can uniquely identify the device by an id. Its how it sends messages to devices.

Firebase cloud messaging acts the same way for true push notifications.

You don’t need to audit a device using APNS or FCM on Android to know that it is not anonymous.

Ya, for sure. My beef was just with people saying you can roll your own, but glossing over the reduced user experience and reliability if you do.

With those trade offs it’s absolutely doable and makes sense for certain situations.

Ya, it can be brutal on battery.

I worked on an app once where delivery was critical, so we gave them the option of the active service+websocket, but for them the trade off was acceptable.

Pushes can be pretty flakey given all the shenanigans OEMs do on the device, even when marked as high priority correctly.

And the even worse part is when OEMs reset battery saving flags the user had set to help pushes get through and they stop working one day because of it.

Every few trips to Costco already seems too often, but it is delicious.

They don’t treat their people like shit, they treat them like slaves. In countries outside China at that.

https://www.bbc.com/news/articles/c3v5n7w55kpo

It’s actually not possible to build a push service like FCM or APNS on Android and have it function at the same level as FCM. FCM has special permissions to bypass certain device states on the device to ensure message delivery that nothing else can match.

The best you can do is approximate it with an always active websocket and a foreground service always running with battery optimizations disabled, but good luck not having that foreground service shut down on occasion as well. Devices are hostile to them for battery saving purposes. You’d have the best luck with a Pixel device though for something like that. You could also do some sort of scheduled background polling, but the device can be hostile to that as well, and it would eat more battery.

You don’t even need to audit a closed source app to know that Apple knows which devices its sending pushes to. It works because they know.

I think he thinks HE had to store the information, and if he isn’t the one storing it, it’s anonymous.

Except, on Android, you can also do it where only google stores the information and he doesn’t have to store any. And there are no user name or passwords or accounts involved to listen to specific channels like he claims.

You can collect this information, and you’d be able to write a more custom push service, but it isn’t needed at all, but Google and Apple will always know who is getting the messages.

Now GrapheneOS the privacy based Android OS is calling them out

https://bsky.app/profile/grapheneos.org/post/3lt2prfb2vk2r

He really must be thinking just about himself, and not that Apple had the info.

There was an issue with running the dock on anything but their cable or something like that ya.

You left off the part where after you finish the bag of skittles the lay you off again.

Just figured I’d add Apples own documentation as well

https://developer.apple.com/documentation/usernotifications/registering-your-app-with-apns

Apple Push Notification service (APNs) must know the address of a user’s device before it can send notifications to that device. This address takes the form of a device token unique to both the device and your app. At launch time, your app communicates with APNs and receives its device token, which you then forward to your provider server. Your server includes that token with any notifications it sends.

No, you’re right, GOOGLE will take the device identifier, but him talking about how he would need to store it, and especially for channels where he talks about user names and passwords really makes me think that he thinks he personally has to do it, with his own backend storing it. (edit: The point is, that he doesn’t HAVE to do it this way. You can, and it gives you more control, but you can let Google do it all. It’s never anonymous with anyone though.)

Apple knows which devices have the app installed. They would be able to link that back to the device if it was demanded, even if it is a bit more obscured.

Tornado Cash is a smart contract. It’s not anything that can be compromised. It’s code. It’s cryptography. Its immutable and can never be altered.

It’s unstoppable short of making using it against the law, and the US government tried that, and lost their court case.

Edit: Just further clarity - Once you deposit money into it, you get cryptographically signed response that says you have the right to withdraw that much money, but the response has no link to you. The money you get back is mixed with millions of other peoples money, and you withdraw someone elses money.

How do you suppose APNS knows which device to deliver the notification to?

Something that… links it to the device? Like, a unique ID that Apple can identify?

It sounds like he thinks HE has to store this information, which is simply incorrect. It will obviously be stored by Google in Firebase, and by Apple wherever that gets stored, but HE does not have to store it.

I write apps for a living. I have users subscribe and unsubscribe to channels, and at no point is there a user account with password involved in either iOS or Android. If you want the memory of which channels they have subscribed to to persist across uninstall/reinstalls or different devices, then yes, but for an app like this you don’t need to persist those settings.

At any point the government could subpoena who’s received pushes (or at least, who’s registered to) from both Google and Apple.

You wanna go to jail hosting that server? You want to be extradited from another partnering country to the USA for inciting violence? For accessory to murder if something went wrong?

How is the link indelible when it’s anonymous? This isn’t money that can be traced back to you once it goes through Tornado Cash, or if it was done on something like Monero.

Edit:

https://www.yahoo.com/news/attorney-general-pam-bondi-warns-092112825.html

“Our ICE agents, all of our federal agents who are working hand in hand on these task force[s] — our federal agents from the Justice Department could be injured,” Bondi said Monday on “Hannity.”

“He’s giving a message to criminals where our federal officers are. And he cannot do that. And we are looking at it, we are looking at him, and he better watch out, because that’s not a protected speech. That is threatening the lives of our law enforcement officers throughout this country.”

This dudes life might be fucked now.

But sure, no reason, just trying to shove blockchain into everything.

It’s a cool tech. Just to help others out, a very brief TLDR on it

You can only submit certain denominations like 0.01 Ethereum, which then gets shuffled amongst everyone else submitting the same 0.01 Ethereum.

Then you can’t trace back who’s 0.01 is who’s.

You can leave the money in the smart contract as long as you want to increase anonymity before withdrawing it.

Because the government can’t take it down, and the government will want to take it down, and the government would even try to issue arrest warrants for people who made it outside the US to try and punish them. This dude who wrote this is in danger now.

Web browsers are capable of self checking a smart contract for new transactions, it is totally possible.

Who reported it would be anonymous if they used something like Tornado Cash, or if a service was able to be built ontop of a privacy coin like Monero.

Edit: Sorry I’m wrong about the web browser, you’d have to run your own node outside the browser or trust someone else’s node, and then the browser would hit the node. On phones you’d need to use a mobile app which can be a light client, or connect to your desktop’s node.