For about 10 years, I have had a habit of creating a new, separate Google account for every new project I start, and then adding my personal account as a team member/collaborator. This way, the potential blast radius is (hopefully) limited.
Signal does not send any sensitive information in push notifications sent via APNs [0]. This story concerns the local OS cache of push notifications, which are triggered after E2E decryption has occurred.
Right. So I send a push notification with the "silent" flag and encrypted content; the app receives it, decrypts the text, and displays the notification locally. Google/Apple has only ciphertext in their FBI/CIA/NSA-accessible databases.
I'm confused. You mean the iOS system notification would display the decrypted message in plaintext? Or do you mean the iOS system notification would display the encrypted message (i.e. it would be unreadable)?
So in that case, the system has access to the plaintext, therefore the Alphabet boys have access to it as well. Unless, of course, you believe Apple isn't cooperating with them.
Am I missing something here? Maybe I'm missing a subtle detail.
A system like the one in "my phone's operating system". Do you assume that "Alphabet boys" have access to all parts of all Android file systems of all the phones ever produced?
I think the confusion here is that Signal does in fact encrypt the notification in transit [1]. The FBI had access to the user's unlocked iPhone and went through the notification history on the device. The issue the user faced is that even though they deleted the signal app they were unaware that iOS (and Android by default) retain a database of past notifications even after they're dismissed from the notification pane.
[1] Well actually they just send a blank notification, the signal app then reaches out to the signal server for the actual encrypted message content when it receives the empty notification.
I'm sorry but I'm having a really hard time understanding what you're saying. The first sentence I cannot understand at all. As for the second sentence, I think you might be confused about my usage of the term "Alphabet boys", which is slang for the intelligence agencies: https://youtu.be/lLf84LPzlVc?t=61 it seems like you thought I was referring to Google's parent company.
If you are not ready to trust a vibe-coded app with all your digital life, I recommend Filestash[1], easy to install self-hosted frontend for virtually any type of storage. Written in Go, it can be enhanced with plugins. Uses local SQLite database.
I am using it with Hetzner Storage Box[2], which is insane value for money at 11 euro per 5 terabytes per month.
I just listened to the top 3 songs of this project out of curiosity, and it feels like the same song. Same rhythmic pattern, same harmonies, same instruments.
However, I also listened to several other artists on the chart[1]. They all, bar a couple, are so low effort that they may also be generated by neural networks, FWIW.
But we, as humans, were literally "been there, done that". Nothing new is happening. We are just picking up the ball where we dropped it 50 years ago. The ship is somehow newer and even has a toilet. The said toilet receives most news coverage.
I haven’t, but I’ve used Opus in Antigravity and it performs pretty much the same? It’s hard to tell minute differences.
Do you think Claude Code is what makes their models operate better?
And by the same token, then what would give Gemini a fair run? Because the Gemini chat app, Stitch, and the CLI are all things I’ve used and the model can’t help itself from a) saying it’s done when it isn’t; b) going off-rails; c) ignoring strict instructions after a while.
reply