Apple claims to invest billions upon billions in R&D and you say they can’t develop a private way to ping the users. But the reality is that it’s just intentional failings on Apple part, so that the can continue to falsely claim regulations hurt privacy and security. If you read the full article and not just the headline, you would know that Apple doesn’t even bother to check the site origin or validate JWTs. That is not a mistake someone with years of experience would make, it’s intentional moves to make it less secure.