Mozilla suggests resetting the IDFA once per month...but that seems pretty trivial to workaround? If an app you used previously starts up and sees that your IDFA changed, it's easy for that app to know that the old IDFA and the new IDFA refer to the same user!
This tracking is all possible because iOS gives every app on the device the same IDFA (advertising identifier [1]). They can then correlate all your activity and target you for ads.
I'd love if Apple just killed this feature, but barring that, why not change iOS so that it scopes these identifiers at the per-app level. Different apps on the same device see different IDFAs, but an app can still use an IDFA to target you for ads. Apple already has similar per-vendor scoping with identifierForVendor. [2]
Unfortunately the majority of more or less useful or popular apps are also linked against various analytics/attribution platforms, often many of them at once. Mixpanel, Amplitude, AppsFlyer, Branch to name a few, plus Facebook and/or Google. In fact having any of the Google's or Facebook's SDKs means tracking, e.g. Maps, Login etc.
Somehow these platforms have no problem with identifying users across their client apps even without the IDFA. Maybe it's not 100% precise, but as far as I can tell these companies keep so much information about us away from our eyes, that even the big guys (G, FB) would be jealous.
Analytics is one big dark corner of the mobile business whose significance is not fully appreciated (yet).
Right, how often does our external IP change on our home WiFi network or work WiFi network? There are so many other things that can be used to fingerprint. This is part of the reason encrypted DNS and other efforts have some merit. The cell providers have data and know exactly where you are via triangulation.
Has anyone been using Cloudflare's Warp VPN? I wonder if this is the best approach. Paying a private company to act as a one hop TOR to minimize fingerprinting. If the cell networks just see all CF traffic, they may know where I am but not who I'm connecting too. I get that this means I must trust CF but I trust them more than ATT/Verizon anyway. I just want some open source from CF on the mobile side that shows that the private keys are kept in the device's SecureEnclave and not anywhere on disk.
> Maybe it's not 100% precise, but as far as I can tell these companies keep so much information about us away from our eyes, that even the big guys (G, FB) would be jealous.
I think the push to apps was to get persistent tracking while offering the user the olive branch of new apis/better battery life/etc. The browser is a prophylactic against apps and their uncontrolled behaviors.
There is in fact just such an identifier, it's called IDFV. ID For Vendor. It's shared between all apps from the same vendor, so your Facebook and Instagram apps know they're on the same device.
Apple used to be quite strict that you had to actually have advertising in the app to ask for the IDFA permission. That seems to have disappeared.
There used to be a global ID that was free to use, then they switched to the vendor ID. The IDFA never had anything to do with the vendor ID and has way more checks. To me the vendor ID isn't that big of a problem.
You don't need an IDFA to track someone in the same app. You can generate your own UUID to use.
The value of the IDFA comes from coordinating user behavior across apps.
Targeting ads is one use case, but it is also used in conversion tracking, which is very valuable to advertisers. They can know if ads in one app resulted in people buying things in another app.
The point is that the app can just record the old IDFA, and when the IDFA changes whoever is doing the comparison between two apps knows that the old and new IDFA are one and the same.
A likely-good-enough fix would be for Apple to first make extremely clear that this is not allowed, then catch one ad framework/library provider violating the rule and ban every single app/publisher using it to ensure the rule is actually taken seriously.
since iOS 7 Apple always returns "02:00:00:00:00:00" for the WLAN MAC address for this very reason.
Besides the IDFA Apples seem to have tried hard to get rid of the obvious ways for different apps to link activity between their users. Of course if you login or provide an email it becomes easy...and there's plenty of trickier less reliable ways like looking at IP address
To disable: Settings > Privacy > Advertising > Limit Ad Tracking
You can also disable Location-Based Ads: Settings > Privacy > Location Services > System Services (at the bottom) > Location-Based Apple Ads
Apple's ad tracking help doc: https://support.apple.com/en-us/HT205223 (Apparently they derive your gender based on your first name or the salutation on your iTunes account)
Remember to check that setting after each update, it often gets disabled after an update. I've pointed this out to Apple multiple times and its often fixed for a few releases until their fix regresses and the bug returns.
Anyone disillusioned by the thought that Apple values privacy would be well served by reading iOS, The Future Of macOS, Freedom, Security And Privacy In An Increasingly Hostile Global Environment - https://gist.github.com/iosecure/357e724811fe04167332ef54e73...
There is so much more to privacy than is made apparent to the user as a few OS knobs to "limit" ad tracking.
Saved this writeup for future reference, thanks. Agreed that privacy needs more analysis than trusting a few rather opaque OS knobs.
I am a little skeptical about some of the claims in that gist, though. One example is when they claim that APNS pushes require app access to a globally unique iOS activation identifier. That seems false. According to Apple’s dev docs at least, those tokens are device-and-app specific and have to be re-requested at app start time since they can be regenerated for a variety of reasons: https://developer.apple.com/library/archive/documentation/Ne...
Seems to have nothing to do with an activation UUID from a quick glance.
I appreciate a lot of the reference material in there, but this seeming mistake of conflating 2 different UUIDs makes me a little skeptical of some of the conclusions.
Edit for correction: I think I misread this part of the gist. They never directly say that the activation UUID is given directly to the app developer, just that Apple can track your social networking app pseudonym over APNS, "and possibly the social networking service" will be able to, as well.
This to me implied that the social networking service had the activation UUID, but the author never directly said that. If the notification has your pseudonym in it and Apple's storing that when a notification goes to APNS, it does seem like Apple would be able to tie that to your device if they're peeking inside the notification payload. The solution to this would be for the app developer to not include sensitive info in notifications or for the user to disable push notifications, but an E2E encrypted trustless notification solution provided by Apple would be much nicer.
> On iOS, there is no full-disk or full-volume encryption, only varying levels of file-based encryption, partially dependent on third-party developer choices, such that what is, and isn’t, encrypted (with encryption tied to the user passphrase) is not always clear to the end-user.
I'm not sure about this, either; all recent iOS devices have a DMA AES engine that performs encryption on anything that travels between storage and memory.
Seems to be at least a few things wrong there. It’s completely false that iOS doesn’t have full-device encryption, for example.
Edit: I’m going to revise this and say that having read the whole thing there is very little of substance other than “Apple has a ton of metadata about your devices” at all, and the author doesn’t do a good job of quantifying the impact of that information exposure. On top of that, they cite iOS being closed source as a reason for its purported insecurity. Honestly the part about not having FDE is enough to make me question their competence more broadly.
> Phone users can currently disable the IDFA, but have to do so manually; Android users aren’t even given this option
This actually false. You can change your Ad ID on Android. I just looked (and checked)If you go to Settings > Privacy > Ads you can see this IDFA. At the top (it looks like a header and not an option, so I will not fully fault Mozilla because this is a dark pattern) it says "Reset advertising ID". If you press it you can see the grey "Your advertising ID" (at the bottom) change.
Additionally, there's the option "Opt out of Ads Personalization". It has the text "Instruct apps not to use your advertising ID to build profiles or show you personalized ads." I would love if someone here could clarify this for me. Is this a suggestion to apps or is this a strict and enforceable thing? As in "Hey app, you should ignore this ID that I'm handing to you" vs "Hey app, you don't get to have this ID. Sorry." Does anyone know which it is? The language suggests to me that it is the former.
I interpreted Mozilla's claim that Android users cannot disable the advertising identifier, but can reset it. The sentence talks about periodic resetting. I might be wrong in the intention of the author(s), but that is my interpretation.
I definitely read it differently. But I can see your interpretation. Though it gets to my question about what the opt out means. Does this mean that apps don't see it? Or does it just ask that apps don't use it. Because those are two very different things. I was hoping someone on HN would know.
My Android 8 Pixel 2 XL has no privacy option in the settings. Upgrading would unfortunately come at the cost of losing root and AdAway (for the moment). I wonder which is more beneficial to have.
Well I'm also using a Pixel 2. So the good news is that this exists if you upgrade. I didn't realize root was not available on 10 (this is the first phone I haven't rooted and so I haven't been keeping up)
Root isn't available on on a Pixel 2 on Android 10? I also haven't upgraded yet but was going to, though that's a deal breaker for me. That said my light googling hasn't turned up verification of this yet.
Root does work just fine on Android 10 on the OnePlus 7 Pro (which is the best phone I've ever owned).
I have this option on my Android 9 phone, and I can remember that this option has been there for a long time. Even older Android version have this option too.
This is actually really interesting to me. That versions would be so different. I assumed you tried the other paths that other users noted? What phone are you using? Android version?
Finding the settings mentioned in the article is the sole dark pattern I can think of in iOS — when you find them it’s like finding a secret level in Super Mario Land.
The Advertising and Analytics options are only visible below the fold, if one scrolls down the privacy page. The fold itself is disguised as the bottom of the page to put you off scrolling.
Unlike everything else, they do not have icons and only come after a paragraph of text almost perfectly large enough to fill out the vertical height where the tracking options would be.
I think that depends on your device size. On my iPhone SE, the bottom-most row without scrolling is HomeKit, and that is only partially shown. A single scrolling swipe easily takes me to the end of the screen where the "Advertising" section lies.
On my 6S, the last item is "Research," and while it's pretty much fully on the screen, the margin below it is cut off enough that at least to me, it's obvious that there's scrolling to do.
IMO the much bigger dark pattern is how insanely difficult it is to find subscriptions and cancel them. Even when the location is fresh in your head it’s difficult to find.
I find that location to be easily findable, there are even two logical paths to the subscriptions page (One through Settings, one through the AppStore).
In iOS, the trick is that you have to tap your name at the top of the settings. If you read every entry in the list you won’t find anything that seems relevant, and indeed, you just need to know to tap the very top of the settings list. Moreover, searching in settings for “subscriptions” returns no result, despite that being the name of the subentry.
I applied filters and took a screenshot of the screenshot to reduce image fidelity in case it contained any [covertly embedded]* identifying information [in the form of watermarks or hidden pixels].
In case people aren't aware, such a thing _is_ possible. Companies have used steganography techniques in the past to secretly embed identifiers into movies and other visual content. It's been used to track down the movie leakers, for example.
Another example; most printers covertly embed an identifier in their prints.
I have a vague memory of a pre-release video game doing it? Or maybe it was just debugging information that they were embedding. shrug
Personally I don't believe Apple is doing what you describe (though maybe they might do it to a prototype iPhone). But it's certainly your right to hold that belief and take measurements to protect yourself. Shame you're getting downvoted for explaining yourself.
> Another example; most printers covertly embed an identifier in their prints.
This frustrates me a lot with my current printer. The yellow dots which "covertly" identifies my prints are way too visible in the print. So every time I look carefully at something I print I am reminded of how I am being watched.
That’s an impressive level of opsec, but I have to think it would be a huge story if Apple were adding printer-dot-style tracking watermarks to screenshots, and that someone would have found it by now.
I'm sorry, but that's some tin foil hat level paranoia with no basis in reality. What's your threat model here? That Apple wants to deanonymize HN posters by tying them to their screenshots? Considering that they own the operating system, they could skip all the complicated and detectable stenography-in-screenshots and smuggle your mobilesafari (or webkit, which all apps are forced to use) browsing history and cookies along with the analytics data they regularly upload (which is way harder to detect). Failing that, they could also use their iOS backdoor and check every screeenshot that was taken a few hours before this post, and see which one matches. I don't imagine there are too many people taking screenshots of their privacy settings on a daily basis. Correlate that with paranoia tendencies (shouldn't be too hard to determine consider they own the operating system), and they trace it back to you with a high degree of certainty.
Something that actually protects your privacy (and doesn't make you stick out like a sore thumb) is getting the screenshot from an image search and posting from a regularly rotated HN account, all the while using tor.
That’s fine, it’s not a big deal, though I was specifically asked.
The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as being from gorgoiler’s phone?
But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.
Another reason could be: if you systematically scrub everything, then a third party wouldn't be able to use the fact that you scrubbed something as a hint that the thing had valuable information in it.
e.g.: if you use an encrypted chat app ONLY after a murder occurred, then this would be suspicious. If you always use encrypted chat apps, then there's no information hint being given about your possible involvement with the murder.
>The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as from gorgoiler?
A lot, actually. But why Apple would take the engineering resources to implement this, and risk all the reputation damage? If they're doing it for the money, how would they monetize it? If they're being coerced by the government, what's the government's motivations? In both cases, is smuggling bits in screenshots really the most plausible way to do it? Surely there must be some better way stenography in screenshots?
>But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.
On the flip side, if you do unusual obfuscation of your uploaded image (eg. heavy post processing), that in itself is an identifying characteristic. You're going to be that guy who uploads his screenshots in greyscale, with heavy compression and blurring. https://xkcd.com/1105/
So now everyone who sees an iPhone screenshot treated in such a way knows it's you, as there are probably not a lot of people who are paranoid about tracking pixels in their iOS settings menu.
What are trying to protect against? A screenshot of a screenshot with a filter applied to it isn’t going to help you if your name shows up somewhere in it.
Imagine that whenever you took a screenshot the text “TAKEN ON AUSTINJP’S IPHONE” were written across the page.
A “watermark” is simply a version of that designed to be invisible or imperceptible to the human eye, for example by embedding information in the least significant bits of the pixel colors.
“Digital Watermark Steganography” is a good search term for further investigation. As is the case with many security topics, there is an ongoing arms race between technology used to hide information, and technology used to detect information hiding.
At the end of the day if you truly wanted to share a screenshot of the iOS settings UI and remain anonymous, you should probably consider just drawing it with crayons. Except then someone will come along and process the crayon marks to recover your fingerprints etc. etc.
>A “watermark” is simply a version of that designed to be invisible or imperceptible to the human eye, for example by embedding information in the least significant bits of the pixel colors.
In this case however, it's hard to imagine how you'd do this without being detected. If you loaded the screenshot into mspaint and used the paint bucket tool, any color differences will become apparent. You could limit your modification to the edges, but detail there is going to get wiped by jpeg compression (if any).
Write a tool that replaces the least significant bit of each pixel with a random value. Compress the result with 80% quality. Compress the result with 79% quality. Make sure to strip exif info, and all other metadata. Enjoy the result.
It blows my mind, and makes me nervous about my own future, that old people do this kind of thing.
Are they actually incapable of learning the right way to do things? Is neuroplasticity playing a role here? Do they not care that their images look terrible when zoomed in on? I guess they grew up in an era when photos frequently had time and date stamps, and if their eyesight is going... I guess that explains both points.
What's the "right way" to do things anyway? I know quite well how to tap the share icon, then wait for the drawer to appear, then scroll down a bit, then tap the save icon, then wait for the next drawer to appear, then tap "To photos" or whatever.
Or I can just hit two physical buttons on my phone and grab the image in the form of a screenshot. Because I don't care about the image fidelity, I usually just want to share the thing on Discord or Slack or wherever.
Don't be so arrogant as to assume that people doing things differently than you must be too stupid or old or blind to do it "the right way".
If you are going to become an app developer, you shot stop blaming users for not learning your made up UI language, and start making your app work in their language.
I thought some apps and iOS had already responded to this workflow by doing smart things when users try to create screenshots. If they haven't yet, they should. There's no need in the common case for "screenshot" and "share main image" to have different UI entry points. Just pop up a menu asking the user that they want when they push the button.
Pretty sure many apps don't even allow you to save pictures at all. Maybe Facebook is one of them, not sure. That + the button to save pictures not being at the same place on all apps makes screenshots easier and reliable. They simply work.
If you swipe down, type "advertising", the very first Settings link takes you to "Reset Advertising Identifier...". It is the same for swiping down from the home screen or in the Settings app. I don't think I'd call that a dark pattern.
Searching requires that you know what you’re searching for. So, 1) I doubt most people use the settings search in general and 2) I doubt most people know there are settings related specifically to advertising to search for.
I have no idea but I would guess that it’s something quite banal.
They could, for example, sign a deal with an ad network that gives them beneficial rates on the condition that Apple show there is less than 1% churn in device IDFAs per month. Hiding the IDFA reset button would help with that.
It could also quite easily be some PM’s H2 goal to move the needle on IDFA retention. If they provably impact IDFA resets and they get an exceeds expectations rating in that performance review cycle! Bonus stock options all round! Tech companies are weird like that.
I’ve commented before accusing Apple of using growth and engagement tactics with iOS’s Mail.app, presumably to improve mean-time-before-replying-to-grandma metrics, so color me conspiracy theorist / jaded about Silicon Valley performance metrics.
Hilariously, this tracking id is the replacement of device id. To give the user more privacy. But Mozilla has an axe to grind. Baking up the wrong tree
> How about slowing down the OS when the device gets older to “save battery life”?
This is false, it was to avoid situations where the battery couldn’t provide enough current and would likely cut out causing the phone to switch off. It seems the intentions were reasonable to keep older phones usable for longer and they fairly quickly rolled out a large discount on the cost of battery replacement when the public outrage started.
I strongly disagree. The intention may have been to avoid abrupt power downs but their implementation also made sure people upgraded their devices rather than buy a new battery because most people would never be able to imagine that a device could be slow because of a bad battery. This, IMO, was a dark pattern. A sudden power down would be clear indicator that something is wrong with the device while a gradual slow down of the device would seem like that the device is just getting older and needs to be upgraded to a newer one.
I would assume that like most Android phones and (2000s) windows laptops the phone is just old because of age and I need to buy a new one to get faster one.
> And you got phone which just switches off randomly.
I would assume that something is wrong with the phone and would get it looked into at-least once to know what the issue is. Apple would (presumably[1]) tell me its just the battery which needs to change nothing else and I would do just that.
[1] I have read articles where it is mentioned that even geniuses were unaware of the throttling feature.
There a bunch more things Apple could do to improve privacy they haven't done (yet?)
They could require for example that unless you're specifically making a browser (Firefox, Chrome, Brave) that your in app webview have a whitelist of domains it's allowed to contact. That would force apps to launch Safari (or better the user's choice of browser) for external links. As it is nearly every app that supports external links launches an internal webview in which they can track 100% of the activity (urls, net requests, login credentials, etc...)
They could require apps that are not specifically a camera app or audio creation app not get access to the camera or mic and have to ask the OS take pictures/video and select pictures via the OS photos app. That way less apps would be able to record things in secret or upload any/all your photos without permission.
They could disallow scanning wifi SSIDs except for network tools. Scanning SSIDs is used to figuring out a user's location with with GPS off. In iOS 13 they did add bluetooth permissions so apps can be denied scanning bluetooth to do the same but AFAIK they have not done the same for SSIDs. Not sure what that would require but would love it if they'd work on it
They could disallow using the network at a low-level except for network tools. As it is, AFAIK, any app can use the network however it likes including scanning home networks for devices with vulnerabilities. I'm sure there are implications for things like Chromecast and other IoT like devices but I'm sure there could be more privacy oriented solutions.
> As it is nearly every app that supports external links launches an internal webview in which they can track 100% of the activity (urls, net requests, login credentials, etc.
My understanding is that UIWebView (or WKWebView) allows the host app to do basically anything with the web view but since iOS 9 there's also SFSafariViewController that doesn't quite allow apps as much access. Many apps whose main purpose is not web browsing (like Twitter) use the latter.
> They could require apps that are not specifically a camera app or audio creation app not get access to the camera or mic and have to ask the OS take pictures/video and select pictures via the OS photos app.
This API (UIImagePickerController) also already exists since the very beginning but it is the app makers that think using a custom UI for photo taking or photo picking is more suitable. I personally refuse to grant apps access to my photo library except a small number of apps. (For apps like Messenger that could totally make do using the system-provided photo picker but does not, I initiate the sharing from Photos instead.)
I agree with this, but we already have this problem for full-fledged browers: each page can usually make requests to any/all 3rd party domains (for any reason). Often I see even javascript from raw cloudfront domains, how the hell should I trust this? (visible via umatrix plugin)
I think default behavior has to be block all 3rd party domains from all sites, but it's a ways away.
OK, so, probably an ignorant question, but here I go anyway:
What, exactly, does "turning off IDFA" do? Does it send just a dummy IDFA? Or does it give you nothing at all? Why is rotating it periodically better? (I'm assuming rotation is better because that is what Mozilla is apparently recommending.)
"When Limit Ad Tracking is enabled on iOS 10 or later, the Advertising Identifier is replaced with a non-unique value of all zeros to prevent the serving of targeted ads. It is automatically reset to a new random identifier if you disable Limit Ad Tracking."
> I'm assuming rotation is better because that is what Mozilla is apparently recommending.
I'm (cynically) assuming something different. Was "monthly" chosen by accident, or is that just enough time for advertisers to connect/correlate activity from two different IDFAs?
Mozilla has big-dollar deals with the ad industry (namely, Google). Perhaps they want to appear pro-privacy while really throwing a softball?
Oh yes the fun thing about iOS is that the browser is super private so Google & Co have a problem but the apps themselves are also rife with trackers and there is almost no limit to what they do and barely any way to block it. I mean they only banned screenshots being taken of actual users' screens, which basically means anything that's less worse than that still goes.
As a consumer I would love a good scandal that would force them to tighten up on in-app trackers as well. But it might hurt my employers.
The problem is that Apple has always claimed ios provides more privacy (& security) than android, but that's irrelevant if you don't make sure your users are capable of finding the settings. Apple has always marketed to people who are (at least perceived to be) largely tech illiterate (while claiming you have to be extremely tech savvy to use android which is a lie), so if they view their users that way they should make sure those settings are easy to find.
Android phones pump tons of location info and usage info direct to one of the biggest advertising companies in the world. On top of that, a fair number of Android phones ship with third party spyware and outright malware which cannot be uninstalled.
The iPhone is a lot better for privacy by default. It's just not as good as it should be, and I do agree it's not as good as their claims suggest.
There’s also the difference between privacy and anonymity.
Apple has tools in place for privacy, but none for anonymity. For example, requiring a full name and physical address to sign up for the App Store (Microsoft, despite all it’s telemetry, let’s you install apps from their store without an account).
I’ve heard suggestions to give Apple a fake name/address, but what if they start verifying like Facebook by requiring government issued ID?
Worst is new iCloud accounts now require a phone number for verification.
Ideally the settings would be configured in such a way that people wouldn’t have to dig through them to have it like they wanted it: it’d be set that way by default. iOS’s usually much better than Android is at this.
I believe they store some data in your iCloud account. Uber used to do this too. The only way to get rid of it is to sign out and then again explicitly ask to delete account data on this device, then uninstall and reinstall to use the service without signing in.
No... only iCloud and my Mail account (strato.de).
I just noticed something else though: when i drag down from the home screen and enter "google" in the search bar, the result list displays a "Settings" item named "Google Home" with the gray ios-settings icon next to it. If i click it to open it, the settings app opens but it doesn't show me anything specific, just the main setting screen.
Note that Google Home is not installed on any of my devices (i removed them a long time ago after ditching the Chromecast).
I saw a video on Youtube yesterday that dug into this ad campaign a bit: https://www.youtube.com/watch?v=82N5SiOvStI&t=791s.
I like the guy - he's a bit long-winded at times but I don't think he was incorrect about any of his points.
How much of this, if any, applies when using the Facebook or IG mobile websites or PWAs? IG's PWA seems to be the same as the mobile website, except that it launches in fullscreen, with no browser address bar. When using those on Chrome, I have not received one of those dialog popups saying "m.facebook.com wants to know your location".
It would be really nice if we could modify our OSes (remove the stupid IDFA completely, or send garbage) This is coming to laptops and other computers soon though, sadly.
iOS already has an option to just give out zeroes as the IDFA. Mozilla wants to change the default behavior for all the users who don't realize they can already do this.
Too many incentives are wrong for Google. They are fundamentally an advertising company that has built their fortune monitoring users. They aren't going to build an operating system that actively works against their best interests.
On that topic...if you're really security conscious you can set allowHostPairing to False. This requires a supervised device, but then your phone will only pair a computer that has the supervising certificate, and if none exists, then all pairing is disabled. This might help defend against GrayKey like attacks.
If only someone had created a viable alternative to both Google and Apple's phones. Maybe they could base it on the browser? Web technologies are getting pretty good these days. One of the popular browsers that are an alternative to safari and google chrome... Like some sort of browser-OS.
Every platform that has tried that for the last decade has failed - Palm, Firefox, RIM, and Microsoft have all had development platforms “based on web technologies”.
This was a bit tongue-in-cheek -- I was referencing FirefoxOS, and insinuating that mozilla should have stuck to their guns (and maybe changed their batshit market strategy of racing other android vendors to the bottom-most market segment) and kept FirefoxOS in their portfolio.
If a phone OS isn't a strategic bet, I don't know what is. All the people spending money on the librem would have happily bought FFOS phones, if they made proper high spec ones (I still have one of the highest spec FFOS phones ever made and it wasn't that impressive).
The comment was tongue in cheek -- mozilla had already done everything I suggested (the effort was called FirefoxOS), but they mismanaged and abandoned it. The renewed focus on Firefox the browser (if that had anything to do with it) was good, but some of the other stuff they started pushing like WebVR is/was pretty short-sighted in my opinion.
If mozilla wanted to set themselves up as the open alternative to apple/google, keeping a phone in the portfolio is/was pretty important. Maybe the cost was just too unsustainable but from what I can see it was mismanaged more than impossible to make profitable.
That article has some inaccuracies, particularly around brute forcing iPhones in DFU mode which is nowhere near as practical as they make it sound on newer models with Secure Enclaves.
Apple is all about heavy handed locking down the experience for the user's benefit as judged by Apple. Why do they even allow apps that exfiltrate data and serve ads? Just require all ads go through Apple's system, and ban apps that do anything remotely shady.
While that's one possible solution, the problem of creating one-stop shopping for any potential adversary (state actor, non-state actor, stalker, insider threat, etc.) might give pause to reconsider.
This tracking is all possible because iOS gives every app on the device the same IDFA (advertising identifier [1]). They can then correlate all your activity and target you for ads.
I'd love if Apple just killed this feature, but barring that, why not change iOS so that it scopes these identifiers at the per-app level. Different apps on the same device see different IDFAs, but an app can still use an IDFA to target you for ads. Apple already has similar per-vendor scoping with identifierForVendor. [2]
[1]: https://developer.apple.com/documentation/adsupport/asidenti...
[2]: https://developer.apple.com/documentation/uikit/uidevice/162...