Secure Lockdown Mode from Apple may compromise web browsing impartiality


Apple’s new Lockdown Mode dramatically improves iPhone security, but because of how it operates, it may compromise your device’s web surfing privacy.

For high-risk organizations, such as journalists and politicians, who might find themselves the target of nation-states or other nefarious actors, Lockdown Mode is an extreme security option. It operates by restricting some system features, such as web technology and communication attachments.

According to John Ozbay, CEO of the privacy company Cryptee, Lockdown Mode’s feature restrictions may make it simple for websites to determine whether a user is utilizing the high-security setting.

That’s because websites can tell if a device lacks several common capabilities, including custom fonts. This process, known as fingerprinting, depends on gathering data regarding a user’s browser, device, and other characteristics.

Also Read: Apple Releases Safari Technology Preview 152 With Performance Upgrades and Bug Repairs

The high-risk security mode could be a privacy concern in and of itself when you consider that websites can link the lockdown state of your iPhone to your IP address.

Ozbay and the Cryptee team developed a proof of concept that can determine whether a user is in lockdown mode to support their argument. Ozbay claimed that it took him “five minutes” to write the code.

Websites’ ability to recognize when a device is in lockdown mode is not the consequence of a glitch, but rather how the system is set up to make iPhones more secure. The negative effects on privacy cannot be eliminated.

Security and privacy are traded off, according to Ozbay, speaking to Motherboard. Apple “opted for security.”

Also Read: Apple will reveal the new iPhone 14 at a far-off occasion

Issues exist with similar privacy-or security-focused platforms, such as the Tor browser. Ozbay notes that despite Tor’s efforts to minimize website fingerprinting, users of the service frequently stand out because their browsers are the only ones with a particular set of settings.

It has been claimed that Ozbay contacted Apple and spoke with an engineer. According to the Apple employee, the function purposefully blocks web fonts to lessen the surface of internet attacks. It wouldn’t make sense, they claimed, to establish an exception for bespoke fonts given the danger model that Lockdown Mode addresses.

Independent security researcher Ryan Stortz told Motherboard that if enough users choose Lockdown Mode, they will blend in and make it more difficult for websites to identify an intriguing target.

Also Read: Apple iOS 15.6.1 release removes the ability to decline to iOS 15.6 after iOS 15.6 was signed by Apple


Please enter your comment!
Please enter your name here