Websites Can Identify If You're Using iPhone's New 'Lockdown' Mode (vice.com) 55
Lockdown Mode disables a series of features that can be used to hack iPhone users. But the lack of these features also makes it easier to figure out who is using Lockdown Mode. From a report: Once Apple launches the new iPhone and iPad operating system early next month, users will be able to turn on a new privacy mode that the company calls "extreme." It's made for journalists, activists, politicians, human rights defenders, and anyone else who may be worried about getting targeted by sophisticated hackers, perhaps working for governments armed with spyware made by companies such as NSO Group. Apple calls it "Lockdown Mode" and it works by disabling some regular iPhone features that have been exploited to hack users in the past. But if users turn on Lockdown Mode, they will be easy to fingerprint and identify, according to a developer who created a proof of concept website that detects whether you have Lockdown Mode enabled or not.
John Ozbay, the CEO of privacy focused company Cryptee, and a privacy activist, told Motherboard that any website or online ad can detect whether some regular features are missing, such as loading custom fonts, one of the features that Lockdown Mode disables. "Let's say you're in China, and you're using Lockdown Mode. Now, any website that you visit could effectively detect you are using Lockdown Mode, they have your IP address as well. So they will actually be able to identify that the user with this IP address is using Lockdown Mode," Ozbay said in a call. "It's a tradeoff between security and privacy. [Apple] chose security."
John Ozbay, the CEO of privacy focused company Cryptee, and a privacy activist, told Motherboard that any website or online ad can detect whether some regular features are missing, such as loading custom fonts, one of the features that Lockdown Mode disables. "Let's say you're in China, and you're using Lockdown Mode. Now, any website that you visit could effectively detect you are using Lockdown Mode, they have your IP address as well. So they will actually be able to identify that the user with this IP address is using Lockdown Mode," Ozbay said in a call. "It's a tradeoff between security and privacy. [Apple] chose security."
Sure enough (Score:5, Insightful)
If I hit your door with my foot I get the information that it isn't a cheap cardboard door, because my foot hurts and the door still stands.
It's the nature of the thing.
Re: (Score:3, Interesting)
it is still a flag on you if you are in a hostile environment. not the end of the world, but not good.
this is like encryption. in a world populated by privacy-unaware users (in short, our world) using encryption immediately makes you stand out to some mass profiler.
the solution is as simple as it is impossible: all iphone users need to enable lockdown mode.
apple could contribute a huge, gigantic grain of sand by making lockdown mode the default. though i doubt that apple is really concerned enough about pro
Re: (Score:2)
all iphone users need to enable lockdown mode
Reading that another way: All iPhone users need to shut off the neato features that we wrote to allow various sites to deliver bells and whistles to your phones. Which is why you bought the Apple brand in the first place.
Bad car analogy: I can stop most thieves from stealing my car by purchasing one without an engine.
Re: (Score:2)
Bad car analogy: I can stop most thieves from stealing my car by purchasing one without an engine.
Better car analogy: I can stop most thieves from stealing my car by purchasing one with a manual transmission.
You can still operate the car, but it's not as convenient or as easy as some people prefer.
Re: (Score:2)
All I need to do is buy a perfectly functional piece of shit and park it next to your car.
Even if someone steals my car, I still get rid of a piece of shit car.
Re: (Score:2)
"All I need to do is buy a perfectly functional piece of shit and park it next to your car.
Even if someone steals my car, I still get rid of a piece of shit car."
So you'd advocating buying a decoy Android phone?
Re: (Score:3)
But privacy-unaware users use encryption all the time. Encryption doesn't "flag" a user, because it's becoming a widespread default. I did not type the "https" in the URL at the top of this page; it just got there somehow.
Once this lockdown mode gets played with, and people start to get a sense of whether the stuff it breaks was useful or useless
Re: (Score:2)
But privacy-unaware users use encryption all the time.
where it is transparent/automatic. that's exactly the scenario surveillance would love to avoid! but i'm pretty sure everyone using (e.g.) signal today is on a special list. not suspect, but it's a relevant data point. on the other end, start writing ascii armored email and you'll suddenly have a lot of new friends. then send a birthday greeting from say beirut to paris and tell me how it went :-D
Re: (Score:3)
Google has put a lot of effort into making Chrome's incognito mode undetectable, and it appears to have worked.
It works by not simply blocking things like Apple's lockdown mode does. It accepts them and even stores them temporarily, but carefully sandboxed and deleted as soon as possible.
Broken browsers leaking information (Score:3, Informative)
Re: (Score:3)
The feature availability allows for alternate paths when the feature is not available. That's necessary for the site to work...
But sending that info to the backend is something the website is doing.
It's also their servers that get your IP address so they know how to route responses. Providing that detail is necessary for hosting a website, but storing and using those details is something their application is doing.
Re: (Score:2)
That's necessary for the site to work...
Is it? I would say in some exceptions, probably, but in most cases it's about tracking the user.
Re: (Score:3)
Not true, for example the jQuery javascript library has always supported testing for features and, when missing, will provide shims. This kind of thing has been around for a long time and helps to ensure that a site will be able to operate regardless of the browser it is running on and what features are available.
Tracking in the manner offered in TFA is one use for feature tests, but it is not the norm and far less than legitimate feature testing.
Re: (Score:2)
You're saying "yer rong" but none of what you say actually succeeds at contradicting the person you're replying to.
Maybe you should work on your listening skills before arguing with everything?
Re:Broken browsers leaking information (Score:5, Insightful)
Browsers have been anti-consumer malware framework technology for the past decade at least. Web standards development has nothing to do with adding features and functionality that end users want, and everything to do with adding features and functionality that advertisers, marketers, trackers, and crackers demand.
The whole concept of servers interrogating browsers for details about their hardware and software configuration and user preferences is opaque and non-obvious to end users, and kept that way quite intentionally.
There's absolutely no good technical reason that a remote server should need to know what the endianness of my CPU is, what 3d acceleration libraries I have installed, or what fonts exist on my computer, in order to correctly render some standardized markup. The nature of the modern web is a train wreck of bad design decisions foisted on the public by coders working for marketing companies.
Re: (Score:2)
in order to correctly render some standardized markup
"standardized markup".
Some graphical web designer trying to justify a six figure income to pay of a $75,000 student loan just had a nervous breakdown reading that.
Re: (Score:1)
IMHO, they are designed to do that. Think Google maintains chrome for free, or Firefox is free? Nope. It is easy to fingerprint PCs using battery percentages, resolution, canvas stuff, browser plugin list, etc.
The only real way to fix that is to fire up a VM that uses a VPN service, surf for a bit, dump the VM, and fire up another one, and use a different resolution of display each time.
What will Apple do if ... (Score:2)
China prohibits selling 'lockdown mode' phones in China or demands a way to override lockdown mode on all iPhones in China?
Re: (Score:3)
China prohibits selling 'lockdown mode' phones in China or demands a way to override lockdown mode on all iPhones in China?
Apple will do as China says or they will stop selling iPhones in China. I assume this must have been a rhetorical question.
Re: (Score:2)
Re: (Score:1)
I'm sure China will get a backdoor, or it automatically disabled, just like the Web proxying feature is over there. Ironically, other than the government, they have a lot of privacy laws in place.
Re: (Score:2)
Apple would likely choose not to allow lockdown mode to be enabled on iPhones sold in China rather than implementing a way around it. Easier to do and doesn't compromise security for phones sold in markets where lockdown mode isn't a problem.
In other news... (Score:3)
The user chooses, not Apple (Score:5, Insightful)
"It's a tradeoff between security and privacy. [Apple] chose security."
Apple did not choose security over privacy, they gave the option to their user.
Re: The user chooses, not Apple (Score:1)
Re: (Score:2)
Re: (Score:2)
It doesn't even have an affect on privacy. Websites will fingerprint you when Apple's feature is turned on, and they will also fingerprint you when Apple's feature is turned off.
Simulation (Score:2)
The solution to this is to not completely disable the APIs but rather make it seem like they are working as intended and perform known, safe substitutions. "Load custom font" should route the request to a local web server on the device that responds slowly and returns a standard font on the device that is known to be safe. Done right, the result would be anywhere from extremely difficult to impossible to detect.
However, I'd rather Apple work on getting Safari to be standards-compliant and have feature par
Re: (Score:2)
This is the best way. There used to be an app for Android ages ago, called XPrivacy. It would allow one to provide some nosy app that demanded access to contacts, music, location, and so on, everything it ever wants... but all the info would be fake. The camera info would be static or a black screen, the mic would be white noise, contacts would be random stuff made up, and so on.
I don't think we will see much other than cat and mouse games with web browsers. If you use panopticlick from the EFF, you wil
Re: (Score:3)
This is the best way. There used to be an app for Android ages ago, called XPrivacy. It would allow one to provide some nosy app that demanded access to contacts, music, location, and so on, everything it ever wants... but all the info would be fake...
The current iteration of this is XPrivacyLua, it requires a rooted phone, LSposed and such. It's not perfect but it mostly works. The free version just returns blank or obviously fake data, the paid version lets you customize on a per-app basis what's returned. You can also see a log of which pieces of data apps are requesting.
Re: Simulation (Score:2)
Re: Simulation (Score:2)
Spoofing (Score:5, Insightful)
So why can’t Apple spoof those features?
Site: “Here’s a custom font; load it.” /dev/null)”
iPhone: “OK. (cat $font >
I’d think they could just reply with random trash for the most part and pass these pseudo-checks. Send real garbage to completely poison the well if you can.
Cat and mouse game continues
Re:Spoofing (Score:5, Insightful)
They could do that, which will work initially, but then it becomes a cat-and-mouse game. The website could then adapt to say "Ok, now measure the width of the string 'foobarbaz' in this font.", and there's no way Apple would actually spoof the correct response there without actually parsing the font.
Re: (Score:2)
China would tell them to stop.
Enabled by default (Score:2)
Re: (Score:1)
Re: (Score:2)
Shit in the golden pot (Score:2)
I would love to see browsers/extentions that return false telemetry data to fill the marketeers pot o' golden information with worthless bullshit. Kind of like back in the day of e-mail spam where CDs were being sold with "50 mIlLiOn eMaIl aDrEsSeZ!!1" that were padded with crap like aaa@bbb.ccc and such, and Usenet posters used garbage fake e-mail adresses so the bots would harvest those instead of valid adresses.
I would love to see the telemetry 'industry' get loaded down in the same way.
If the mode becomes popular, who cares? (Score:3)
It's appealing if you are a public figure or a person who values their security because someone hacking into your phone can cost you your job... IP Addresses are not a measure of location. A VPN easily changes that. My network traffic can come to you from Russia or China or Madrid or Boston with a push of a button and a little money on an online service. Also, everyone already has IP addresses. Assuming that so few people will use this security feature that those who do will be targets for IP address questioning is likely false.
I don't buy the argument that you sacrifice privacy for security. If enough people in China start using this mode, then it sends a signal to the website operators that delivering those features securely is more important to their users than the full functionality of their website.
I view this like incognito or guest mode web browsing when not wanting to leave breadcrumbs on my computer. If I'm visiting financial information or helping someone login to something, I'm going to do it in incognito or guest mode to not leave cookies / search history / PII past the end of the browser session.
Turn Identification into Noise. (Score:2)
Perhaps a way we humans can respond to this "problem" of someone suddenly talking in a library (Lockdown mode causing you to become identifiable within the silent-and-boring landscape), is for more people to start talking. Identifiable information becomes noise when randomness is added. So, add some.
Create an app that puts your phone in Lockdown mode and perhaps visits a few random sites for a period of time during your off-hours. Help contribute to a global signature.
Hell, I'll bet we could use the bet
Name and shame (Score:2)
Apple should, via some suitable third party, organise a name-and-shame of any websites that don't like the new iPhone's lockdown mode. Indeed, any android phone should be warned of such sites, as indeed should any PC/Mac/Linux user. The only sites that benefit from what lockdown denies are the kind of sites you want to steer clear of.
Re: (Score:2)
So? (Score:2)
Re: (Score:2)
The lockdown mode should be the default (Score:2)
And any additional features should be enabled on demand.
If everyone used lockdown, FaceTime would break (Score:3)
From "How to turn on/off Lockdown Mode in iOS 16, who it’s for, and how it works" by Michael Potuck [9to5mac.com]:
Lack of JIT causes web browsing to use more CPU instructions and thus more current from the battery.
If everybody used lockdown mode, then nobody would be able to c
Re: (Score:2)
Lack of JIT causes web browsing to use more CPU instructions and thus more current from the battery.
Apple also has a warning about a website using lots of power. So you would know to stop using that website. Problem solved.
Re: (Score:2)
Solving the problem of battery drain while using a website leads to a secondary problem, which is the sometimes serious inconvenience of doing without the services that the website provides.
Re: (Score:2)
Solving the problem of battery drain while using a website leads to a secondary problem, which is the sometimes serious inconvenience of doing without the services that the website provides.
Honestly, if a website is using lots of CPU power I would be strongly inclined not to use that website. I would assume the site is malicious or defective. So doing without the site would not be a secondary problem.
Re: (Score:2)
I have in mind the website of the government, your bank, your employer, your suppliers, or the platform through which you reach your audience.
Re: (Score:2)
I have in mind the website of the government, your bank, your employer, your suppliers, or the platform through which you reach your audience.
I do not install plugin and I turn of various browser "features". Yet the internet still seems quite usable and with no warnings from Apple about CPU usage.
I have had on occasion to add a site to the cookies white list.
What's the problem? (Score:1)
There is no trade-off between security and privacy. This is just some SillyCon Valley huckster trying to get his name and face out there so he can pump and dump his latest scam.