By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: July 26, 2025

Saturday, 26 July 2025

SafeBase by Drata ★

My thanks to Drata for sponsoring this week at DF to promote SafeBase. SafeBase eliminates the friction of inbound security reviews. It helps you automate inbound requests, use AI to answer questionnaires, and share your security posture proactively — all through a centralized Trust Center.

To Trust ICEBlock’s Anonymity, You Have to Trust Apple ★

Dominic Preston, writing at The Verge, regarding Android fans’ bristling at ICEBlock developer Joshua Aaron’s claims that an Android (or web) version of ICEBlock couldn’t provide the same level of privacy as the iOS version:

Aaron told The Verge ICEBlock is built around a single database in iCloud. When a user taps on the map to report ICE sightings, the location data is added to that database, and users within five miles are automatically sent a push notification alerting them. Push notifications require developers to have some way of designating which devices receive them, and while Aaron declined to say precisely how the notifications function, he said alerts are sent through Apple’s system, not ICEBlock’s, letting him avoid keeping his own database of users or their devices. “We utilized iCloud in kind of a creative way,” Aaron said. [...]

But you might have spotted the problem: ICEBlock isn’t collecting device data on iOS, but only because similar data is stored with Apple instead.

Apple maintains a database of which devices and accounts have installed a given app, and Carlos Anso from GrapheneOS told me that it likely also tracks device registrations for push notifications. For either ICEBlock’s iOS app or a hypothetical Android app, law enforcement could demand information directly from the company, cutting ICEBlock out of the loop. Aaron told me that he has “no idea what Apple would store,” and it “has nothing to do with ICEBlock.”

Bruce Schneier linked to this story saying “the ICEBlock tool has vulnerabilities”, but I don’t think that’s a fair description. As far as we know, ICEBlock is as private as possible while still enabling push notifications, and a hypothetical Android version couldn’t be as private. But that privacy does depend on trust in Apple.

Also worth a note: Aaron’s wife, Carolyn Feinstein, was an auditor at the Department of Justice but was fired last month because of her husband’s app.

New York Times’ Style Guide Substitutions for ‘The President Violated the Constitution’ ★

Carlos Greaves, writing for McSweeney’s:

“The president remained steadfast in his novel interpretation of constitutional law.”

“Faced with the choice between clinging to the letter of the law and marching to the beat of his own legal drum, the president chose the latter.”

‘Obsoless’ – Ken Pillonel’s Small-Batch Cases Bring USB-C Charging to Lightning iPhones ★

Back in 2021 a young engineering student named Ken Pillonel modified his own iPhone X to replace the Lightning port with USB-C, which became a small viral sensation. He’s back at it, with a far more ambitious project: iPhone cases with USB-C ports for the last five or so years of models with Lightning ports. He’s produced three batches of cases so far, but is currently sold out.

Even if you’re not interested in buying one of these cases, Pillonel’s video documenting how he brought the concept to fruition is quite clever and fun.

Intel Needs a Big Customer for Foundry Business to Survive ★

Max A. Cherney and Stephen Nellis, reporting for Reuters:

Those customers for the company’s so-called 14A manufacturing process are crucial to the success of the technology — so much so that if it fails to secure a big one, it could shut down its cutting-edge manufacturing business altogether, according to Intel’s quarterly filing on Thursday.

The possibility that Intel could drop out of the cutting-edge manufacturing business would be a historic shift for a company that has described itself as a steward of Moore’s Law — an observation by Intel co-founder Gordon Moore about the fast rate of development of the chip industry that held true for decades. Intel is the only U.S. chipmaker capable of making advanced computing chips.

Intel has struggled for years due to management missteps, missing out on the AI race and losing market share to its longtime rival AMD.

The beginning of the end for Intel was long before the AI race or the market share they’ve lost to AMD. It was missing out on mobile. From a 2013 profile of then-CEO Paul Otellini, by Alexis Madrigal for The Atlantic:

But, oh, what could have been! Even Otellini betrayed a profound sense of disappointment over a decision he made about a then-unreleased product that became the iPhone. Shortly after winning Apple’s Mac business, he decided against doing what it took to be the chip in Apple’s paradigm-shifting product.

“We ended up not winning it or passing on it, depending on how you want to view it. And the world would have been a lot different if we’d done it,” Otellini told me in a two-hour conversation during his last month at Intel. “The thing you have to remember is that this was before the iPhone was introduced and no one knew what the iPhone would do... At the end of the day, there was a chip that they were interested in that they wanted to pay a certain price for and not a nickel more and that price was below our forecasted cost. I couldn’t see it. It wasn’t one of these things you can make up on volume. And in hindsight, the forecasted cost was wrong and the volume was 100× what anyone thought.”

That was it, the beginning of the end. It’s not just that mobile computing, as defined by the iPhone, became the largest market, by far, for chips, but that the needs of mobile devices defined the future of leading edge chipmaking across all industries: performance-per-watt, not merely sheer performance. As mobile grew, so went the economies of scale, which resulted in Apple Silicon eventually beating x86 chips not just in performance-per-watt but also in single-core performance.

goo.gl, Google’s Link Shortener, Will Stop Working Next Month ★

Emma Roth, The Verge:

Google will officially deprecate links generated with its URL shortening tool next month. On August 25th, 2025, all links in the https://goo.gl/* format will no longer work and return a 404 error message.

Google shut down its URL shortener in 2019, citing “changes we’ve seen in how people find content on the internet.” Links created with the tool continued to work since then, but Google announced last year that it would begin deprecating them as traffic to the shortened URLs declined. “In fact more than 99% of them had no activity in the last month,” Google said in its July 2024 blog post.

The heyday for link shorteners was the era when Twitter (a) was still Twitter, (b) had a 140-character post limit, and (c) counted characters such that each character of a URL counted toward the 140-character limit. None of those things are true anymore. But, still. Cool URLs don’t change.

I’m sure it is true that 99 percent of goo.gl links had no activity in the past month. But I’m just as sure that it would cost next to nothing for Google to keep goo.gl up and running in perpetuity. I mean, 99 percent of all URLs probably had no activity in the last month. 99 percent of all books ever written weren’t read in the last month either, I bet — but that’s no excuse for libraries to throw them in the trash.

It’s fine that Google stopped allowing for the creating of new links a while back, but there’s no reason they should ever stop redirecting existing links. The whole reason anyone might have used goo.gl instead of something like bit.ly is misplaced trust in Google. I trust Google with almost nothing long-term. Mark my words, they’re going to do this with Gmail accounts eventually.

Update: Google has come to its senses and will keep these redirections working.

4chan Clowns Find Open Database of Images From Viral Women’s Dating Safety App ‘Tea’ ★

Emanuel Maiberg and Joseph Cox, reporting for 404 Media:

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media. In a statement to 404 Media, Tea confirmed the breach also impacted some direct messages but said that the data is from two years ago.

Tea, which claims to have more than 1.6 million users, reached the top of the App Store charts this week and has tens of thousands of reviews there. The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.

Tea jumped to the top spot in the App Store (it’s still at #4 as I type this, trailing only ChatGPT, Netflix, and Amazon Prime Video) and has been getting a lot of coverage this week. A wide open, publicly accessible database of users’ driver’s licenses and self portraits is, to say the least, pretty egregious.

I’m not accusing Tea in particular of being vibe-coded, but I do wonder if this sort of thing is going to become commonplace as more apps and services come online after being developed in slapdash AI-assisted manners.