I am strongly politically aligned with the intention behind ICEBlock, but the app itself has always struck me as the work of someone who is either dangerously underinformed about the practical implications of computer security when pissing off federal paramilitary groups or who is absolutely insane. There might be a way to make something like ICEBlock that isn’t an unintentional honeypot, but the fact that this was on the fucking App Store didn’t give me a lot of hope it was built that way.

At some point, the fact that this is on Apache 2.Old.Vulnerable is an interesting detail, but I honestly don’t know how you’d make this app secure against the actual threat model here no matter what version of anything you’re running. Dude’s way out past where patching against CVEs is sufficient.