ICEBlock isn't ‘completely anonymous'
Aaron released ICEBlock in early April, and it rocketed to the top of the App Store earlier this month after US Homeland Security Secretary Kristi Noem called it an 'obstruction of justice.' When calls for an Android version followed, however, the developer said it wasn't possible. 'Our application is designed to provide as much anonymity as possible without storing any user data or creating accounts,' reads part of the lengthy message. 'Achieving this level of anonymity on Android is not feasible due to the inherent requirements of push notification services.'
The statement rankled some. The developers of GrapheneOS, an open-source, privacy-focused take on Android, took to BlueSky to accuse ICEBlock of 'spreading misinformation about Android' by describing it as less private than iOS. The developers said that ICEBlock ignores data kept by Apple itself and claims it 'provides complete anonymity when it doesn't.'
Aaron told The Verge ICEBlock is built around a single database in iCloud. When a user taps on the map to report ICE sightings, the location data is added to that database, and users within five miles are automatically sent a push notification alerting them. Push notifications require developers to have some way of designating which devices receive them, and while Aaron declined to say precisely how the notifications function, he said alerts are sent through Apple's system, not ICEBlock's, letting him avoid keeping his own database of users or their devices. 'We utilized iCloud in kind of a creative way,' Aaron said.
No security model is 100 percent safe, but in theory, ICEBlock has managed to limit the risks for people both reporting and receiving information. The Department of Homeland Security could demand information on who submitted a tip, but per Aaron's explanation, the app wouldn't have user accounts, device IDs, or IP addresses to hand over. Likewise, if ICE thinks someone used the app to find an operation and interfere, it could seek records from ICEBlock tied to who received a particular push notification — and again, it should come away empty-handed.
That trick is iOS-only, though. The ICEBlock iOS app can piggyback on Apple's iCloud infrastructure to route push notifications because every iPhone user is guaranteed to have an iCloud account. Android users aren't similarly required to create Google accounts, so 'some kind of database has to be created in order to capture user information,' Aaron said. (Sharing reports across both phone platforms would create its own privacy challenges, too.)
I spoke to Gaël Duval, founder and CEO of /e/OS, another privacy-focused version of Android, and he admitted that Android's push notifications require 'a registration token that uniquely identifies a given app on a given device' and that this 'would normally be saved on ICEBlock's server.'
'It's a long and random string,' he said, that doesn't include either an Android ID or the IMEI that identifies a specific phone. 'Google can still map it back to the hardware on their side, but for ICEBlock, it's pseudonymous until you link it to anything else.' So, indeed, Android notifications would require ICEBlock to store potentially identifiable information. Normally, iOS would, too, but a clever workaround lets ICEBlock avoid just that.
But you might have spotted the problem: ICEBlock isn't collecting device data on iOS, but only because similar data is stored with Apple instead.
Apple maintains a database of which devices and accounts have installed a given app, and Carlos Anso from GrapheneOS told me that it likely also tracks device registrations for push notifications. For either ICEBlock's iOS app or a hypothetical Android app, law enforcement could demand information directly from the company, cutting ICEBlock out of the loop. Aaron told me that he has 'no idea what Apple would store,' and it 'has nothing to do with ICEBlock.'
For people who submit reports, Duval suggested that there might also be 'a residual risk' from matching report timings and telemetry data, and Anso echoed a similar worry. But without the precise details of ICEBlock's design — which Aaron is understandably reluctant to share — that's impossible to verify. 'Absolutely not,' Aaron said when I asked if it's a concern. He insisted that 'there is no risk' of Apple having data on which users have submitted reports.
Aaron said ICEBlock stores essentially no data on its users on iOS right now and that he couldn't achieve the same setup on Android, a web app, or an open-source design. Critics argue he's offering a false sense of security by offloading the risk to Apple. And while it's not clear exactly what data Apple has on ICEBlock's users, it's enough to cast doubt on the claim that 'there is no data.'
The question then is how safe that data is with Apple. Aaron insisted that 'nothing that Apple has would harm the user,' and he was confident that Apple wouldn't share it anyway. 'Apple has a history, that when the government tries to come after them for things, they haven't divulged that information, they've gone to court over it,' he said. 'They've fought those battles and won.'
That isn't entirely true. While Apple has engaged in some high-profile privacy fights with governments and law enforcement — including efforts to get into the San Bernardino shooter's iPhone or its recent refusal to build a backdoor into iCloud encryption in the UK — it complies with the majority of government requests it receives. In its most recent transparency report, for the first half of 2024, Apple said it agreed to 86 percent of US government requests for device-based data access, 90 percent for account-based access, and 28 percent for push notification logs. Many of these will be benign — they include help tracking lost or stolen phones, for example — but others relate to cases where an 'Apple account may have been used unlawfully.' Demanding push notification data from both Apple and Google has become a key way for law enforcement to identify suspected criminals.
People have a constitutional right to record public police operations and share tips about sightings. As Aaron said, an app like ICEBlock — contrary to Noem's claims — 'is in no way illegal' under current American law. But during a period where neither the president nor the Supreme Court have much regard for constitutional rights, the question isn't whether ICEBlock is legal, it's whether any information that runs through it could expose people who resist ICE, legally or not.
'We don't want anything,' Aaron said. 'I don't want a private database. I don't want any kind of information on my side at all.'
And there's the rub. ICEBlock says your data is safe because it doesn't have any, but that doesn't mean it isn't out there. Do you have as much faith in Apple as Aaron does?
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
4 minutes ago
- Forbes
10 Tiny Habits That Make Or Break A Founding Team
The habits that define strong startup teams aren't flashy - they're consistent. Learn 10 small, ... More high-leverage rituals that early-stage founders use to build alignment, trust, and momentum. The success of an early-stage startup often comes down to a few key habits. Not vision. Not funding. Not product. Just the repeatable behaviors a team establishes in the first few months. These small patterns shape how decisions get made, how conflict is resolved, and how momentum builds or stalls. Here are ten habits that often fly under the radar but make a disproportionate difference. 1. Start Every Week With A Quick Priorities Check High-functioning teams get aligned often. A 10-minute Monday standup (async or live) focused solely on what matters most for the week helps avoid drift. It's not a status update. It's a coordination tool. Just one shared Google Doc or Slack thread each week can clarify who's pushing what forward. 2. Write Things Down Before Debating Them Discussions go faster and deeper when each person writes their thinking down first. Stripe famously used written memos for key decisions, helping to clarify logic and reduce groupthink. In small teams, this habit prevents dominant voices from steering conversations without scrutiny. 3. Close The Loop, Every Time It sounds basic, but closing the loop - on a bug report, a sales follow-up, or a customer message builds trust. Early teams that make this a reflex are more operationally tight. Users and teammates start to feel like action follows words. That makes everything else easier. 4. Default To Showing, Not Telling Instead of talking about a problem for 30 minutes, show a mockup, spreadsheet, or quick Loom video. A rough version beats a vague explanation. Founders at Figma and Superhuman made this a habit early - visual, concrete communication shortened feedback loops and made their teams feel faster. 5. End Each Week With A Lightweight Retro Even a 15-minute end-of-week reflection helps early teams improve. What worked? What didn't? What felt off? You don't need fancy tooling. Just capture a few bullet points and a single improvement to try next week. Tiny improvements compound faster than you'd think. 6. Discuss How You Communicate, Not Just What You're Communicating Most teams wait until things are tense to talk about how they talk. But tiny misalignments in communication style create friction early. Do you use Slack or email for decisions? Are async replies expected within hours or days? These patterns can quietly sabotage trust if they're not clarified early. You can check our Startup Communication & Negotiation Guide for a bit more in-depth insights into the importance of how to communicate effectively in the team and with outside stakeholders. 7. Name The Hard Stuff Out Loud It's tempting to avoid naming difficult truths like a strategy that's not working or a cofounder dynamic that's drifting. But high-trust teams normalize surfacing tension early. That doesn't mean oversharing. It just means saying the quiet part out loud, before it becomes resentment. 8. Keep The Calendar Sacred In the early days, teams often overbook meetings or swing to the other extreme and meet only when there's a fire. A consistent cadence, like for example a product review every Friday, a retro every two weeks, helps establish a rhythm. Rituals aren't bureaucracy. They're a defense against chaos. 9. Limit Who Touches What Too many founders try to "co-own" everything. But the strongest teams make clear calls on ownership. Who owns marketing copy? Who decides on design changes? Ownership creates clarity. Clarity reduces churn. It doesn't mean people stop collaborating - it just means someone decides. 10. Celebrate Progress Publicly (Even If It's Small) Momentum is fragile. Especially in a startup's first year. Teams that develop a habit of sharing wins, even small ones, build morale. This doesn't require parties or bonuses. A simple Slack thread or internal weekly email can remind everyone that forward motion is happening.
Yahoo
41 minutes ago
- Yahoo
Alphabet Inc. (GOOGL): 'This Stock Should Be Up Much More,' Says Jim Cramer
We recently published . Alphabet Inc. (NASDAQ:GOOGL) is one of the stocks Jim Cramer recently discussed. Cramer regularly discussed tech mega-cap Alphabet Inc. (NASDAQ:GOOGL) ahead of its earnings. The firm's shares have reversed course in July and are up by 1.9% year-to-date, primarily due to July's 9.9% gain. Before the report, Cramer was explicit in sharing that he regretted selling Alphabet Inc. (NASDAQ:GOOGL)'s stock. This time, he discussed the firm's businesses and shared that the stock should be higher after the earnings: [GOOGL]'[On earnings report] Yeah, look cloud was important. I think the big focus is frankly, uh, that paid clicks picked up 4%. I mean I was thinking paid clips might be down, I was worried that I felt that this was the beginning of the erosion and the cannibalization versus Gemini. That was completely wrong. YouTube up 200 million. Really, really fantastic. . . .Look the story here is this that the more chips that they get, better they're doing. They have so much demand I was quite surprised. 20 New Technology Trends for 2024 'This stock should be up much more than that. While we acknowledge the potential of GOOGL as an investment, our conviction lies in the belief that some AI stocks hold greater promise for delivering higher returns and have limited downside risk. If you are looking for an extremely cheap AI stock that is also a major beneficiary of Trump tariffs and onshoring, see our free report on the . READ NEXT: 30 Stocks That Should Double in 3 Years and 11 Hidden AI Stocks to Buy Right Now. Disclosure: None. This article is originally published at Insider Monkey.
Forbes
an hour ago
- Forbes
OpenAI: ChatGPT Wants Legal Rights. You Need The Right To Be Forgotten.
As systems like ChatGPT move toward achieving legal privilege, the boundaries between identity, ... More memory, and control are being redefined, often without consent. When OpenAI CEO Sam Altman recently stated that conversations with ChatGPT should one day enjoy legal privilege, similar to those between a patient and a doctor or a client and a lawyer, he wasn't just referring to privacy. He was pointing toward a redefinition of the relationship between people and machines. Legal privilege protects the confidentiality of certain relationships. What's said between a patient and physician, or a client and attorney, is shielded from subpoenas, court disclosures, and adversarial scrutiny. Extending that same protection to AI interactions means treating the machine not as a tool, but as a participant in a privileged exchange. This is more than a policy suggestion. It's a legal and philosophical shift with consequences no one has fully reckoned with. It also comes at a time when the legal system is already being tested. In The New York Times' lawsuit against OpenAI, the paper has asked courts to compel the company to preserve all user prompts, including those the company says are deleted after 30 days. That request is under appeal. Meanwhile, Altman's suggestion that AI chats deserve legal shielding raises the question: if they're protected like therapy sessions, what does that make the system listening on the other side? People are already treating AI like a confidant. According to Common Sense Media, three in four teens have used an AI chatbot, and over half say they trust the advice they receive at least somewhat. Many describe a growing reliance on these systems to process everything from school to relationships. Altman himself has called this emotional over-reliance 'really bad and dangerous.' But it's not just teens. AI is being integrated into therapeutic apps, career coaching tools, HR systems, and even spiritual guidance platforms. In some healthcare environments, AI is being used to draft communications and interpret lab data before a doctor even sees it. These systems are present in decision-making loops, and their presence is being normalized. This is how it begins. First, protect the conversation. Then, protect the system. What starts as a conversation about privacy quickly evolves into a framework centered on rights, autonomy, and standing. We've seen this play out before. In U.S. law, corporations were gradually granted legal personhood, not because they were considered people, but because they acted as consistent legal entities that required protection and responsibility under the law. Over time, personhood became a useful legal fiction. Something similar may now be unfolding with AI—not because it is sentient, but because it interacts with humans in ways that mimic protected relationships. The law adapts to behavior, not just biology. The Legal System Isn't Ready For What ChatGPT Is Proposing There is no global consensus on how to regulate AI memory, consent, or interaction logs. The EU's AI Act introduces transparency mandates, but memory rights are still undefined. In the U.S., state-level data laws conflict, and no federal policy yet addresses what it means to interact with a memory‑enabled AI. (See my recent Forbes piece on why AI regulation is effectively dead—and what businesses need to do instead.) The physical location of a server is not just a technical detail. It's a legal trigger. A conversation stored on a server in California is subject to U.S. law. If it's routed through Frankfurt, it becomes subject to GDPR. When AI systems retain memory, context, and inferred consent, the server location effectively defines sovereignty over the interaction. That has implications for litigation, subpoenas, discovery, and privacy. 'I almost wish they'd go ahead and grant these AI systems legal personhood, as if they were therapists or clergy,' says technology attorney John Kheit. 'Because if they are, then all this passive data collection starts to look a lot like an illegal wiretap, which would thereby give humans privacy rights/protections when interacting with AI. It would also, then, require AI providers to disclose 'other parties to the conversation', i.e., that the provider is a mining party reading the data, and if advertisers are getting at the private conversations.' Infrastructure choices are now geopolitical. They determine how AI systems behave under pressure and what recourse a user has when something goes wrong. And yet, underneath all of this is a deeper motive: monetization. But they won't be the only ones asking questions. Every conversation becomes a four-party exchange: the user, the model, the platform's internal optimization engine, and the advertiser paying for access. It's entirely plausible for a prompt about the Pittsburgh Steelers to return a response that subtly inserts 'Buy Coke' mid-paragraph. Not because it's relevant—but because it's profitable. Recent research shows users are significantly worse at detecting unlabeled advertising when it's embedded inside AI-generated content. Worse, these ads are initially rated as more trustworthy until users discover they are, in fact, ads. At that point, they're also rated as more manipulative. 'In experiential marketing, trust is everything,' says Jeff Boedges, Founder of Soho Experiential. 'You can't fake a relationship, and you can't exploit it without consequence. If AI systems are going to remember us, recommend things to us, or even influence us, we'd better know exactly what they remember and why. Otherwise, it's not personalization. It's manipulation.' Now consider what happens when advertisers gain access to psychographic modeling: 'Which users are most emotionally vulnerable to this type of message?' becomes a viable, queryable prompt. And AI systems don't need to hand over spreadsheets to be valuable. With retrieval-augmented generation (RAG) and reinforcement learning from human feedback (RLHF), the model can shape language in real time based on prior sentiment, clickstream data, and fine-tuned advertiser objectives. This isn't hypothetical—it's how modern adtech already works. At that point, the chatbot isn't a chatbot. It's a simulation environment for influence. It is trained to build trust, then designed to monetize it. Your behavioral patterns become the product. Your emotional response becomes the target for optimization. The business model is clear: black-boxed behavioral insight at scale, delivered through helpful design, hidden from oversight, and nearly impossible to detect. We are entering a phase where machines will be granted protections without personhood, and influence without responsibility. If a user confesses to a crime during a legally privileged AI session, is the platform compelled to report it or remain silent? And who makes that decision? These are not edge cases. They are coming quickly. And they are coming at scale. Why ChatGPT Must Remain A Model—and Why Humans Must Regain Consent As generative AI systems evolve into persistent, adaptive participants in daily life, it becomes more important than ever to reassert a boundary: models must remain models. They cannot assume the legal, ethical, or sovereign status of a person quietly. And the humans generating the data that train these systems must retain explicit rights over their contributions. What we need is a standardized, enforceable system of data contracting, one that allows individuals to knowingly, transparently, and voluntarily contribute data for a limited, mutually agreed-upon window of use. This contract must be clear on scope, duration, value exchange, and termination. And it must treat data ownership as immutable, even during active use. That means: When a contract ends, or if a company violates its terms, the individual's data must, by law, be erased from the model, its training set, and any derivative products. 'Right to be forgotten' must mean what it says. But to be credible, this system must work both ways: This isn't just about ethics. It's about enforceable, mutual accountability. The user experience must be seamless and scalable. The legal backend must be secure. And the result should be a new economic compact—where humans know when they're participating in AI development, and models are kept in their place. ChatGPT Is Changing the Risk Surface. Here's How to Respond. The shift toward AI systems as quasi-participants—not just tools—will reshape legal exposure, data governance, product liability, and customer trust. Whether you're building AI, integrating it into your workflows, or using it to interface with customers, here are five things you should be doing immediately: ChatGPT May Get Privilege. You Should Get the Right to Be Forgotten. This moment isn't just about what AI can do. It's about what your business is letting it do, what it remembers, and who gets access to that memory. Ignore that, and you're not just risking privacy violations, you're risking long-term brand trust and regulatory blowback. At the very least, we need a legal framework that defines how AI memory is governed. Not as a priest, not as a doctor, and not as a partner, but perhaps as a witness. Something that stores information and can be examined when context demands it, with clear boundaries on access, deletion, and use. The public conversation remains focused on privacy. But the fundamental shift is about control. And unless the legal and regulatory frameworks evolve rapidly, the terms of engagement will be set, not by policy or users, but by whoever owns the box. Which is why, in the age of AI, the right to be forgotten may become the most valuable human right we have. Not just because your data could be used against you—but because your identity itself can now be captured, modeled, and monetized in ways that persist beyond your control. Your patterns, preferences, emotional triggers, and psychological fingerprints don't disappear when the session ends. They live on inside a system that never forgets, never sleeps, and never stops optimizing. Without the ability to revoke access to your data, you don't just lose privacy. You lose leverage. You lose the ability to opt out of prediction. You lose control over how you're remembered, represented, and replicated. The right to be forgotten isn't about hiding. It's about sovereignty. And in a world where AI systems like ChatGPT will increasingly shape our choices, our identities, and our outcomes, the ability to walk away may be the last form of freedom that still belongs to you.
