Social Media
What Is This App?
It’s a React Native app built with Expo (SDK 54), running on the Hermes JavaScript engine. The backend is WordPress with a custom REST API. The app was built by an entity called “forty-five-press” according to the Expo config.
The app uses standard Android TrustManager for SSL with no custom certificate pinning. If you’re on a network with a compromised CA (corporate proxies, public wifi with MITM, etc.), traffic between the app and its backends can be intercepted and read.
That doesn’t seem right. You would still need the compromised CA cert to be installed on your device. This isn’t going to be a problem when connecting to a public Wifi.
The rest of the article is bonkers, though. Classic corporate data-grab app, and then some.
Ten years ago when businesses really needed to offer wifi (train for example) they thought “hey we would like to have something in return!”. I got offered a new ca a couple of times in the captive portal.
Yeah, not best practice but not unheard of.
I fell down a wild rabbit hole.
- Dev Forty Five LLC was created 2 weeks ago and lists Ty Nielson as the registered agent
- Ty Nielson is listed and at some point was described on LinkedIn as the Head of Engineering at Gemini (not the Google product) with location in St George, UT. Gemini lists an office in Ogden, UT on linkedin.
- His employment history says he started as a software engineer, but he may not be the head of engineering. I’m unsure if he lives in Utah at all. He did ask how to do authentication in a React Native app properly in stack overflow 7 months ago. Not a great sign.
- Gemini is a product of Blue Rocket, inc. and the primary address for both companies is listed as a thinkspace in Redmond, WA.
- Blue Rocket Inc. also has an office in Ogden Utah and one in West Palm Beach, Florida according to its linkedin - but withdrew their business registration in FL years ago
- A previous (?) head of product for Gemini and/or Blue Rocket is/was Ryan Petty, who was part of a Federal Commission on School Safety roundtable at the White House with Trump, and DeSantis made him the Chair of the Florida State Board of Education
- Jason Kap owns Blue Rocket inc. and was put on the board of Claritev last year, which is now a defendant in an antitrust lawsuit for conspiring with major health insurers to fix prices. The DoJ is currently siding against Claritev
- Jason Kap used to work at Microsoft, MS is also in Redmond WA.
- Kap may live or still have properties in Redmond WA, Belmont MA, Ogden Utah, and possibly others - through shell companies technically owned by his family, such as Player 85 LLC, for which he is an authorised agent
- Kap may have been an LDS bishop in Redmond during a case where the LDS leadership was accused of covering up child molestation by a former Microsoft employee, Buckland Darrell, who was sentenced again a few weeks ago
- According to floodlit there were victims in both Hartman Park Ward, Redmond and Sammamish Valley Washington.
- The registered agent listed for Blue Rocket and Gemini in WA is Kap’s wife, with a Redmond WA address matching the charity “Sammamish Trails Youth”.
I don’t think I’ll continue on. There’s clearly a lot going on here and it is not looking good. Edit: I lied. But this is the end for me:
- Ryan Petty is currently the Chief Product Officer at XSponse
- Xsponse “is a comprehensive AI security ecosystem committed to enhancing detection, alerting, and mass notification.” It lists a Florida virtual office as it address but it’s registered in Delaware via Corporation Service Company.
- Corporation Service Company, specialises in being a DE address for companies to claim DE tax residency, and as separate services will act as an ICANN registrar, manage and deploy TLDs and do monitoring and enforcement as “brand protection”. Amongst many other things they do.
Not good.
Which begs the question of if the Trump admin will give up the app and allow it to be archived, considering it’s using the gov.whitehouse.app app id or if they’ll keep it and pretend to be the White House (in which case will Apple and Google step in and pull it from App Stores).
Just updated the post. If Petty and Xsponse are involved, and they use CSC, I don’t think they care about the appid issue because it’s possible they control the entire internet infrastructure stack anyway. But that’s only an if.
The user tracking is dodgy, yes but i can see it happening in any business where developers are clueless yes men.
As for pay wall countermesures I can see how some person in Trump org not being happy about the links in the app being pay walled and asked the dev to remove the popups which they did without question.
developers are clueless yes men
The app is made by an entity called “forty-five-press” and the version number is 47.0.1.
Just 3 down from this post in my feed.
It’s good information about how bad the app really is. People should not dismiss the information because of the crappy website complaints.
It seems like it’s only crappy on mobile, no isues on desktop here.
same, worked fine in Firefox on linux, with no-script and uBlock
Omg, another person who’s crazy enough to run noscript still, I thought I was the only one.
I run no script on both Firefox desktop and mobile. I’d much rather have to approve things to run, than have them run by default.
What’s wrong with no-script? I’ve been running it for years. It’s a lifesaver.
If one has it set to default-deny Javascript, a lot of websites don’t work, because many web developers don’t develop websites that work without Javascript today.
Historically, websites did a better job of falling back.
There’s dozens of us. Works great on mobile with NoScript, although the source code snippets don’t load. Since the article describes what they do anyway it’s still readable without them, and the excellent performance is worth leaving JS blocked.
I’m on my Pixel 9a and had zero problems with scrolling.
It works perfectly on mobile (Pixel 7) for me.
It’s really hard not to dismiss when having a seizure for just trying to read it.
I really wanted to read.
What happened? Apparently my crappy browser handled something for me.
It’s laggy as hell on my mobile phone. And it’s not a bad/cheap model.
The site is basically whitevtext on black background and some colored code snips.
It should scroll smooth on 1980’s Casio watch.
It’s displaying from me through my piefed app. Only weird bit was the trippy fold up of the title as you scrolled down but that happens once
Yeah. As soon as the transparent title hit the top, it started to stutter. Like 2 fps.
I use Fennec on A54 (8Gb). It just does not seem right to be so laggy/stuttery as the content is merely text. How bad can the code rendering the content be?
I have never accomplished such a site.
And it really can’t be due to device and browser. Many others on different setup have stated the same.
Visually similar site should run on moldy potato.
Weird. I have a “cheap” device on the legacy list, and apart from mild latency and general ugliness, I had no issues.
Here you go, since we don’t want to trigger any seizures! https://sh.itjust.works/post/57582014
I’m on an S24 with Firefox. Wonder what’s causing the issues, it loads just fine and scrolls fine on my end.
Anyone have any idea who the devs are? According to the owner tag in the code, it’s: https://devfortyfive.com/ but there’s no information on the people behind it.
Some guy in Utah, apparently. The company was registered on the 18th of March.
Via Utah Division of Corporations and Commercial Code Business Registration search which did not allow a direct link to individual results.
So according to that, the company’s address (both physical and mailing) is 3739 E Sandstone Way, Washington, UT, 84780-1952.
(from https://maps.app.goo.gl/q48YJf3XndfY5Ges8)
…yeah, honestly that’s about what I expected.Lmao what even is that stupid-ass useless lawn.
It’s a rental. I’m wondering if it’s not basically a front. The guy listed is a
22 year old(edit: age is maybe not the same guy) “head of engineering” for a company owned/run by Blue Rocket Incorporated, which seems to typically be a parent company to a lot of places.
So…to be clear, this was formed just prior to the release of the app, and almost certainly the app was being developed by this person/group before then.
Sure would be good to know what public funds were used to pay for this app (I assume too much), and whether there was a bidding process (I assume there wasn’t), and whether this person is someone the decision-maker already had some relationship/connection to (I assume that was the case).
Because regardless of the public value of a tracking & propaganda window favoring one party (none), it would be completely shocking, just totally unheard of, if this was a corrupt overpayment and misuse of public funds to pay for substandard work to personal and political connections.
I mean, we didn’t just see this happen with Noem or anything.
Or maybe it was vibe coded in one day
Judging by the fact that tabs in the app go to webpages… seems like not much was probably spent in developing it.
Most transparent administration! /s
Yeah, having the real people behind it hidden is basically the norm for Trump admin.
Probably an openclaw server attached to Don Jr’s bank account.
I can’t say anything about the content of this blog. It was horribly laggy to scroll on mobile device. And by horribly laggy, I mean like aunt’s 1986 vacation slide show on a projector while having dry cookies and tasteless off brand earl grey.
I’m sorry if it sounds rude but I had to bring this on out in the open. What even runs under the hood on that blog…
I had no issues, and I am on a cheap boomer phone that installs games without permission every so often.
It’s a bit funny that it’s completely at odds with how they describe their goals (emphasis mine):
I am thereallo, a web developer who makes things look pretty and work smoothly >w< been building stuff since 2020, mostly frontend but i can do fullstack too! i use react, next.js, and tailwind css because they just work, and motion for animations that don’t feel plastic. i prototype in figma, steal components from shadcn/ui when i’m lazy, and deploy to vercel or cloudflare depending on the vibe~ i used to reverse engineer games (genshin leaks era lol) but now i just make websites that don’t suck. i know typescript, python, go, and dabbled in rust and lua. my goal is making ui that feels human such as smooth feedback, clear buttons, keyboard accessible, no confusing bs. mobile first always! outside coding i listen to vocaloid and play project sekai, which definitely influences my color choices uwu. oh and i care way too much about bundle sizes and performance. currently learning native ios/android development. hmu on discord or github if u wanna chat! ♡
I didn’t have any problem on my Android phone
It wasn’t horribly laggy on my Pixel but it definitely was less performant than a page like this should be.
Holy shit, i thought i was gonna have a seizure first time i scrolled
Even if the effect didn’t lag, there’s almost no added benefit to it. The title is cut off, and the description is even worse.
If the author wanted to, they could have done something like this with no scripts, minimum effort, and probably zero lag.
(If OP’s website chugged for you, I’m curious whether this demo is seamlessly smooth. It is for me.)
Strangely enough, for me both blog post an demo didn’t lag, but the transparent sticky title did look bad
Smooth as cub’s fur.
Like its locked to 10fps
Worked fine for me, but I block ads and trackers on my home network so that probably helped.
runs perfectly fine on my laptop with firefox
Yea for me too, it appears to be something we the title header following your scroll. It’s super smooth just until it tries to pin it to the top.
Reader mode works until I realised that they did explain the pictures, so just referenced text I didn’t see.
Not a performance problem.My guess is, they (poorly) emulate native scrolling via JSon mobile. Probably for some progress feature or something.JS disabled, scrolling works. Though it was only slightly laggy for me.
Unfortunately all of the code blocks are loaded after-the-fact with JS for some asinine reason (highlighting I’d understand… but why the actual text?), so disabling JS also disables all the code snippets on the page.
That’s why dynamic loading sucks.
Definitely a performance problem, no HW acceleration on PC produces the same insanely stuttery scroll.
ELI5?
Likely nothing illegal. Quite a bit of bad dev habits. Some concerning security fuck ups, including pulling in JavaScript from a server they don’t control. Injecting JavaScript to subvert cookie/gdpr/login/etc popups on third party sites.
Just generally bad things to do, especially in a government provided app.
Btw, this site has no business doing (laggy) scrolling via JS on a fucking blog.
No JavaScript for you.AI vibe coded slop.
Pretty much exactly what I expected.
