Not to criticize good lists like these (go Apple!) but goddamn it we invented computers precisely to automate tasks like this.

Why isn’t each of these a button in the iPhone UI?
Ok so let’s try these checklists out and see what it’s like to lock a phone down. I assume I’m concerned about someone else accessing my iCloud account as well as apps being evil.

Here’s step 1.
Ok this works pretty well, but it gives me the following confusing exception.
(Obviously the problem here is that I need to turn off Find My iPhone.) But that’s obvious to me as someone who deals with iPhone crap a lot. Not sure it’d be obvious to everyone.

Anyway let’s stick to the checklist. Step 2 is about re-enabling some apps which I’ll skip.
Step 3 says we can stop sharing locations with specific people. Ok yeah, I want to do that.

But here’s the thing: I already turned off the big “Location Services” button in step 1. So is this new step *in addition*, or is it an *alternative* to step 3?
My first hint is on the top menu of “Location Services”. Even though I switched off the big master button, there’s a sub-menu called “Share My Location” that says I’m still sharing my location! So let’s go in there.
Inside the “Share my Location” tab is actually a page called “Find My”, which is weird. It has two options, one of which is to “Share My Location” and the other is “Find My”. They’re different, I guess. The instructions tell me to turn off both.
Instead of a master button for all of this I see this insane screen which frankly scares me. Are these separate options I need to turn off individually or is one a master button?
Fooling around a little, it appears that the bottom two are independent and the top one is the master switch that turns the others off. Why isn’t there a visual indication of this?

Anyway, these come with various degrees of scary warnings.
(I can’t blame Apple for asking for a password to disable Find My. I know they do that for anti-theft reasons. That’s a reasonable balance but it’s still a little bit intimidating.)
Ok now we get to Step 4. Frankly I don’t even know if I need to do this. Didn’t I turn off location sharing in Step 3?

Is this an alternative or do I *also* need to do this to make sure I’m really not sharing my location?
I really need to be sure I’ve turned off my location, so I’m doing step 4 even though I now have to switch out of Settings and use an app.

Inside that app there’s a list of people. Despite my best efforts to anonymize them you can safely infer they’re my family.
Clicking through any of them shows me this menu. It gives me the option to stop sharing my location with them.

So it appears I am still sharing my location — even though I turned this off in Step 3! (At least this is the obvious inference.)
(I’ve got to be honest that if one of these people wishes me harm, it would *not* make me feel very good to find out that I’m still “sharing my location” with them after step 3, even if this is a UI misunderstanding.)
The only indication I get that my master switch (from Step 3) is being respected occurs when I try to *re-enable* location sharing with an individual. I get this hot little dialog box.
I am never going to be able to undo any of this.
Ok, nearly there. All that remains is Step 5, which is fortunately unnecessary because I disabled Location Services in Step 1 (although the text doesn’t indicate this, so frankly it’s still confusing.)

To do step 5 I have to re-enable Location Services, which I’ll do.
That gives me this insane list of every app on my phone (AKA every app I’ve downloaded since July 2008) sorted alphabetically, and showing me their location permissions.

My this is a big list. It would be nice to have the option to sort this list differently.
The actual information I want from this list is “which apps are spying on my location”. Finding this out is like trying to spot a stranded hiker from a helicopter. I propose a button called “Sort by Location Access” that puts the nosier apps at the top. But whatever.
Ok I’m sorry for this long thread so let me sum up.

I have a PhD in CS with a focus in crypto/privacy (probably cuts against me, frankly) and I bought one of the first iPhones to roll off the assembly line. I am the closest thing to an “expert”. And I still found this confusing.
I also want to address something a person told me recently: don’t criticize security people who are doing good things just because they didn’t get it perfect. So I want to say that Apple’s privacy *and* this checklist is relatively awesome.

But it could be improved.
How should it be improved:

Better master settings: switches that turn it all off.

No conflicting redundancy: if there are two switches, show me if one is the “master breaker” or if either switch being “on” can hurt me.

Better feedback: if things are off, say so clearly.
I don’t get the feeling Apple puts these privacy settings through the same testing and review that they would give, say, their “new phone activation” workflow or the App Store. There are little rough edges that indicate this.
As an example (mentioned above): the menu item labeled “Share My Location” takes me to a screen labeled “Find My”. Which in turn takes me to the *real* “Find My iPhone” screen. Maybe this is on purpose! But it feels sloppy, like a loose screw in a brand new iPhone.
Overall I get the feeling that the Apple privacy settings “accreted” into their current form, rather than being designed. This is why we need 6-item checklists.

Maybe it’s time to forget the entire thing and start from scratch. //
Ah, a great point here. When it’s important to have settings that “just turn everything off” Apple really knows how to do this.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthew Green

Matthew Green Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthew_d_green

20 Feb
The new MacOS malware sounds unpleasant. arstechnica.com/information-te…
2013: It’s probably the NSA.

2021: It’s probably cryptocurrency thieves.
Also gagghgg I hate this. I mean: good. But gagh.
Read 6 tweets
4 Feb
How it started: How it’s going:
This is probably old enough that it doesn’t ring a lot of bells for people, so here: blog.cryptographyengineering.com/2017/12/19/the…
I was trying to be really low-key on this one, so let me make it really blunt. There is every reason to believe the NSA tried to subvert commercial cryptography in the 2000s, and now one of the architects of that work runs applied crypto at Amazon.
Read 7 tweets
29 Jan
I couldn’t tweet a better description than the headline for this piece: After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case. cyberscoop.com/nsa-juniper-ba…
For those who haven’t heard this story, the context here is back in 2015 hackers broke into the source code repository of Juniper’s NetScreen firewalls and introduced serious vulnerabilities. 1/
Everyone has heard of the SolarWinds supply chain attack, but almost nobody outside our little community remembers Juniper. We don’t even know who the ultimate victim was. And there’s a reason for that. 2/
Read 12 tweets
12 Jan
If you were planning on joining Signal and didn’t want it to look too shifty, this is the week.
Not gonna lie, when my neighbors showed up on Signal a year ago I just assumed they were spies.
Read 6 tweets
23 Dec 20
My students @maxzks and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were “breaking phone encryption”. 1/
This was prompted by a claim from someone knowledgeable, who claimed that forensics companies no longer had the ability to break the Apple Secure Enclave Processor, which would make it very hard to crack the password of a locked, recent iPhone. 2/
We wrote an enormous report about what we found, which we’ll release after the holidays. The TL;DR is kind of depressing:

Authorities don’t need to break phone encryption in most cases, because modern phone encryption sort of sucks. 3/
Read 26 tweets
20 Dec 20
Stories like this remind me that people in the Infosec community routinely make and sell exploits to these nations. citizenlab.ca/2020/12/the-gr…
I’m honestly curious how conscientious security researchers justify selling these tools, knowing how likely it is that they’ll be used for applications like this one.
One of the interesting things about this story is how difficult it must be to instrument iOS devices to catch these 0-click exploits in action. Partly because Apple makes it difficult. Image
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!