Apple's secure Lockdown Mode may reduce web browsing anonymity
Apple's new Lockdown Mode significantly increases the security of your iPhone, but the way it works could actually decrease your device's privacy while browsing online.
Lockdown Mode
Lockdown Mode is an extreme security setting meant for high-risk groups -- like journalists and political figures -- who may find themselves targeted by nation-states or other malicious actors. It works by disabling a number of system functions, like blocking message attachments and web technologies.
However, Lockdown Mode's feature restriction could make it easy for websites to figure out if someone is using the high-security setting, John Ozbay, CEO of privacy firm Cryptee, told Motherboard.
That's because websites can detect if some regular features -- such as custom fonts -- are missing on a device. This is called fingerprinting, and it relies on collecting information about a user's browser, device, and other metrics
When you take into account that websites can tie your iPhone's Lockdown Status to your IP address, it becomes clear that the high-risk security mode could be a privacy risk itself.
In other words, it's trading anonymity online with higher security. As Ozbay explained to AppleInsider, "Lockdown Mode makes you safer, but also makes you easier to identify in a crowd."
To prove his point, Ozbay and the Cryptee team put together a proof of concept that can detect whether a user is in Lockdown Mode. According to Ozbay, the code took about "five minutes" to write.
The fact that websites can detect when a device is in Lockdown Mode is not a bug but a result of how the system is designed to make iPhones more secure. There's no way to mitigate the privacy drawbacks.
"Apple is doing a good job, but I wanted to raise awareness of a tradeoff that happens with Lockdown Mode," Ozbay told AppleInsider. "Think about it this way, if you were to set up tall barbed wire around your house, add cameras, hire guards, dogs, etc., it would keep you 'safe' but attract attention, and you could be identified."
Similar privacy - or security-focused platforms, like as the Tor browser, have similar issues. For example, while Tor goes to great lengths to reduce website fingerprinting, users of the anonymous browser typically end up standing out because their browsers are the only ones with a set of specific settings.
Ozbay reportedly reached out to Apple and spoke with an engineer. That Apple staffer explained that the feature intentionally disables web fonts to reduce the online attack surface. Because of the threat model that Lockdown Mode addresses, they said that it wouldn't make sense to make an exception for custom fonts.
Ryan Stortz, an independent security researcher, says that if enough people turn on Lockdown Mode, they'll blend in and it will be harder for websites to detect an interesting target.
Read on AppleInsider
Lockdown Mode
Lockdown Mode is an extreme security setting meant for high-risk groups -- like journalists and political figures -- who may find themselves targeted by nation-states or other malicious actors. It works by disabling a number of system functions, like blocking message attachments and web technologies.
However, Lockdown Mode's feature restriction could make it easy for websites to figure out if someone is using the high-security setting, John Ozbay, CEO of privacy firm Cryptee, told Motherboard.
That's because websites can detect if some regular features -- such as custom fonts -- are missing on a device. This is called fingerprinting, and it relies on collecting information about a user's browser, device, and other metrics
When you take into account that websites can tie your iPhone's Lockdown Status to your IP address, it becomes clear that the high-risk security mode could be a privacy risk itself.
In other words, it's trading anonymity online with higher security. As Ozbay explained to AppleInsider, "Lockdown Mode makes you safer, but also makes you easier to identify in a crowd."
To prove his point, Ozbay and the Cryptee team put together a proof of concept that can detect whether a user is in Lockdown Mode. According to Ozbay, the code took about "five minutes" to write.
The fact that websites can detect when a device is in Lockdown Mode is not a bug but a result of how the system is designed to make iPhones more secure. There's no way to mitigate the privacy drawbacks.
"Apple is doing a good job, but I wanted to raise awareness of a tradeoff that happens with Lockdown Mode," Ozbay told AppleInsider. "Think about it this way, if you were to set up tall barbed wire around your house, add cameras, hire guards, dogs, etc., it would keep you 'safe' but attract attention, and you could be identified."
Similar privacy - or security-focused platforms, like as the Tor browser, have similar issues. For example, while Tor goes to great lengths to reduce website fingerprinting, users of the anonymous browser typically end up standing out because their browsers are the only ones with a set of specific settings.
Ozbay reportedly reached out to Apple and spoke with an engineer. That Apple staffer explained that the feature intentionally disables web fonts to reduce the online attack surface. Because of the threat model that Lockdown Mode addresses, they said that it wouldn't make sense to make an exception for custom fonts.
Ryan Stortz, an independent security researcher, says that if enough people turn on Lockdown Mode, they'll blend in and it will be harder for websites to detect an interesting target.
Read on AppleInsider
Comments
How though? How can a website detect your lockdown status? It isn’t able to detect operating system level settings the way a native app might, the same way it can’t know what files are on your hard drive. It just gets what the browser exposes through languages like JavaScript.
The article doesn’t fully explain this. Curious to learn more.
Evil governments (eg, China) have several options at their disposal:
- they can make it illegal for Apple to include Lockdown mode as part of iOS in their country;
- they can pass a law making it illegal for users who somehow obtain Lockdown mode from turning it on;
- they can do random spot checks on citizens of their country. (Remember, there are no fourth amendment rights in evil countries.) If you are caught with Lockdown mode turned on, you (and/or your family) go to jail;
- they can do IP-location tracking (except when Private Relay is being used) to find people who are using Lockdown mode and send them to jail.
If the fourth bullet above is being hindered by Apple Private Relay, then any evil government could use the same steps above against Private Relay. I would point out that Apple Private Relay is ALREADY not available in China, which essentially means that China has already performed step #1 above on Apple Private Relay.You see, evil governments are already doing at least one of the steps above:
"Regulatory reasons"? Try "lack of human rights" instead. But I can't blame Apple for this human rights issue.
Actually, China hasn't officially banned all VPNs, but they do ban most VPN products, and the government sometimes threatens to ban all of them. I think the reason they don't ban all of them is because then they would have to ban the ones that give them a back door to your phone.
If you are a tourist entering China, they can (and do) look at your phone and insist that you delete your VPN apps. Sometimes they install spyware.
When a person answers the telephone with "Hello?" they are giving away all kinds of information that the caller, who is often a robo-dialer, can use against you. That one word gives away your age, your sex, your language, and more. Even your accent might be able to geo-locate you within 100 miles. In England, they can currently geo-locate you (using your accent) within 20 miles (before BBC TV was widespread, the geo-location distance from your voice was 5 miles.) They can record all the information they can infer from your response, and sell that information to other companies. These companies aren't even subject to UK law because they aren't based in the UK.
These days, javascript code running on a website can easily tell your height (because the curvature of the arc when you move your mouse a long distance gives away the length of your wrist or forearm, depending on how you move your mouse.) And your height has a correlation to your sex. So they can tell your sex from your mouse's motion. The correlation isn't 100% accurate, of course, but it's good enough to improve the effectiveness of ad choices. All the inferences they make from innocent-looking data are deep trade secrets. Like the phone example above, these companies can be foreign-located, and therefore unrestricted in obtaining and recording personal data from you like your religion, race, handicapped status, health, prescriptions, gender orientation, etc.
Web browsers also say "Hello" in their interaction with websites. If you want to see some of the things they offer to the web server, may I suggest visiting this site: (I have never seen this website prior to one minute ago. I don't know much about it.) These are some of the things that Apple probably blocks.
https://privacy.net/analyzer/ <--
That's like saying that a burglar shouldn't be able to tell if your front door is locked. Any effective security measure will inherently give away the fact that you're using it.