| ▲ | regecks 5 hours ago |
| Damn. The "iPhone last setup or erased on ..." is really nasty. What can a user really do about that? I feel like this should be fudged somehow by the OS. |
|
| ▲ | dylan604 an hour ago | parent | next [-] |
| Maybe I'm being really thick, but why is this information that the OS would make available to apps? |
|
| ▲ | Gigachad 4 hours ago | parent | prev | next [-] |
| Seems like in general the iPhone was not designed to avoid fingerprinting from installed apps. Only protection would be avoid installing apps and use the web browser when possible. |
| |
| ▲ | camkego an hour ago | parent | next [-] | | This. This is why everyone who wants to fingerprint and collect tons of data on end users pushes them hard on installing an app. The amount of valuable data is 10x what’s available in the browser | |
| ▲ | saturn8601 2 hours ago | parent | prev | next [-] | | Cut your selection of apps and find/build privacy respecting alternatives for the remainder. Im trying to do this. Music is now locally hosted, Youtube is sorta kinda coming along. I've been working on reversing some of my more basic iOS apps to extract the data/endpoints they use and write my own apps. Fable really helped with this and Opus just does not cut the mustard. I hope it comes back. :/ | |
| ▲ | p-e-w 4 hours ago | parent | prev | next [-] | | The intended “protection” is the ToS, which requires apps to disclose what they are tracking and whether they perform cross-premise tracking. | | |
| ▲ | paytonjjones 3 hours ago | parent | next [-] | | Often it's not the app itself doing tracking or cross-premise tracking, but data is passed to installed third party SDKs that do. | |
| ▲ | Barbing 3 hours ago | parent | prev [-] | | Ah, that’s funny. Too bad those privacy nutrition labels are only honor system. They give that one completely up to businesses, then, to devs. They also thought they should let an app maker prohibit screen recording, which might promote development since it protects revenue of e.g. subtitling apps as one example. But end result is you even end up with a black screen when recording the iPhone Mirroring app from a Mac. Apple owes us a better balance here. iCloud Private Relay for all apps (why only Safari?! and Mail and HTTP) as a start, and plugging some of the privacy holes Loupe exposes. They don’t want us abusing free trials I suppose. |
| |
| ▲ | cute_boi 3 hours ago | parent | prev [-] | | These days many things don't work on browser. Even reddit is very difficult as we get constant nagging. | | |
|
|
| ▲ | matthewfcarlson 5 hours ago | parent | prev [-] |
| Is the threat model tracking across multiple apps to correlate what you're doing? In that case, a single app wouldn't show you the fudging. |
| |
| ▲ | ramses0 5 hours ago | parent [-] | | ```Based on a binomial/Poisson distribution and a baseline of 21 million U.S. device sales per release, a fingerprint relying on "seconds since setup" fails to uniquely identify individuals. In the high-density Early Adopter phase, you will share your exact setup second with an average of 1.01 other people (a total matching pool of ~2 people). Six months into the cycle, you will still share that second with an average of 0.68 other people.``` In the U.S., device setup time (to the second) very conservatively gets you clubbed into a single group of 100 individuals as an "advanced persistent threat" tracker. Even compressing activations to "80/20 during business hours" the math kindof maxes out at a pool of ~5 people, and assuming worst case "20x" of that still means you're still pretty darned identifiable. If you get ~6-8 more bits of entropy (eg: Device Type + Capacity is easily 2-3 bits, and Time Zone is probably another 2-3 bits) you're cooked! | | |
| ▲ | cute_boi 3 hours ago | parent [-] | | Just using IP address, device storage, device name, and similar signals, we can identify a user. It isn’t difficult to correlate these data points. Apps like Facebook also force developers to use their SDKs for even small features. |
|
|
