The “passive / permission / advanced” grouping is a nice way to teach this. Most privacy explanations focus on scary outcomes. Showing what is visible with no prompt makes the model easier to understand.
Damn. The "iPhone last setup or erased on ..." is really nasty. What can a user really do about that? I feel like this should be fudged somehow by the OS.
Seems like in general the iPhone was not designed to avoid fingerprinting from installed apps. Only protection would be avoid installing apps and use the web browser when possible.
The intended “protection” is the ToS, which requires apps to disclose what they are tracking and whether they perform cross-premise tracking.
Ah, that’s funny. Too bad those privacy nutrition labels are only honor system.
They give that one completely up to businesses, then, to devs. They also thought they should let an app maker prohibit screen recording, which might promote development since it protects revenue of e.g. subtitling apps as one example. But end result is you even end up with a black screen when recording the iPhone Mirroring app from a Mac.
Apple owes us a better balance here. iCloud Private Relay for all apps (why only Safari?! and Mail and HTTP) as a start, and plugging some of the privacy holes Loupe exposes. They don’t want us abusing free trials I suppose.
Often it's not the app itself doing tracking or cross-premise tracking, but data is passed to installed third party SDKs that do.
These days many things don't work on browser. Even reddit is very difficult as we get constant nagging.
That’s usually a warning the service is malware that wants you to install an app for deeper tracking.
old.reddit.com
Is the threat model tracking across multiple apps to correlate what you're doing? In that case, a single app wouldn't show you the fudging.
```Based on a binomial/Poisson distribution and a baseline of 21 million U.S. device sales per release, a fingerprint relying on "seconds since setup" fails to uniquely identify individuals. In the high-density Early Adopter phase, you will share your exact setup second with an average of 1.01 other people (a total matching pool of ~2 people). Six months into the cycle, you will still share that second with an average of 0.68 other people.```
In the U.S., device setup time (to the second) very conservatively gets you clubbed into a single group of 100 individuals as an "advanced persistent threat" tracker. Even compressing activations to "80/20 during business hours" the math kindof maxes out at a pool of ~5 people, and assuming worst case "20x" of that still means you're still pretty darned identifiable.
If you get ~6-8 more bits of entropy (eg: Device Type + Capacity is easily 2-3 bits, and Time Zone is probably another 2-3 bits) you're cooked!
Just using IP address, device storage, device name, and similar signals, we can identify a user. It isn’t difficult to correlate these data points. Apps like Facebook also force developers to use their SDKs for even small features.
Volume creation date is pretty egregious. I don't see any reason that and Pasteboard changeCount should be so granular.
The "Installed Apps Probe" leak also surprised me. It is better than the current state of Android, though.
Pasteboard counter exists to help apps to not ask again about the same item in the buffer.
And nothing stops from using reset it every day.
Would you elaborate on both points?
Any way to reset it as an end user? (Not enough awareness of the issue for search engines to find much.)
Yea, it's infuriating that most of the HN crowd thinks the apps are better then web. Apps can spy on you way more than web. It's the reason every website says "please download the app". If it was better for them to spy on you via the website they wouldn't ask you to download the app.
This is why I avoid installing apps and don’t have a lot of them.
...wouldn't it be better to have a pocket computer you own?
Phones are quite useful.
Would love this for MacOS as well.
Fortunately, if you read the README (and decide to go past the “this was mostly built by AI” part,
> Loupe also builds for macOS. The Mac version is mostly complete, but a few things still need work before it's polished.
> and decide to go past the “this was mostly built by AI” part
I got that feeling just seeing the title use "native" as a synonym of "not a website".
What “apps” do you use on a mac?
Probably a ton since macOS apps are literally distributed as .app bundles.
Though there is a difference what store apps and non-store apps can do. I think is about store apps which are “sandboxed” and have to use public api to request then access information which non-store apps can access without.
Google Chrome, VS Code, among others
Well “they” can technically “read” anything your user can.
Apps installed via the MAS have sandboxing applied to them, so this isn't really true.
Yes but chrome is not from MAS. I have none MAS apps installed because they are simply not available via MAS.
Apps like TikTok can know which username we logged in with, even if we uninstall and reinstall the app. This is egregious, as many companies like Facebook have SDKs embedded in many apps, allowing them to accurately interconnect user activity.
Apple should be ashamed that they aren't putting effort to randomize these fingerprints....
It's likely to be trolled by the WPA folks, who will insist that WPAs are just as insecure as native apps, so there's no difference ...
But very cool.
You mean PWA?
Yes. Got my ps and ws mixed up. I was just reading about the Mt. Rushmore project (I was curious whether or not it was a WPA project -it wasn’t, officially).
The “passive / permission / advanced” grouping is a nice way to teach this. Most privacy explanations focus on scary outcomes. Showing what is visible with no prompt makes the model easier to understand.
Damn. The "iPhone last setup or erased on ..." is really nasty. What can a user really do about that? I feel like this should be fudged somehow by the OS.
Seems like in general the iPhone was not designed to avoid fingerprinting from installed apps. Only protection would be avoid installing apps and use the web browser when possible.
The intended “protection” is the ToS, which requires apps to disclose what they are tracking and whether they perform cross-premise tracking.
Ah, that’s funny. Too bad those privacy nutrition labels are only honor system.
They give that one completely up to businesses, then, to devs. They also thought they should let an app maker prohibit screen recording, which might promote development since it protects revenue of e.g. subtitling apps as one example. But end result is you even end up with a black screen when recording the iPhone Mirroring app from a Mac.
Apple owes us a better balance here. iCloud Private Relay for all apps (why only Safari?! and Mail and HTTP) as a start, and plugging some of the privacy holes Loupe exposes. They don’t want us abusing free trials I suppose.
Often it's not the app itself doing tracking or cross-premise tracking, but data is passed to installed third party SDKs that do.
These days many things don't work on browser. Even reddit is very difficult as we get constant nagging.
That’s usually a warning the service is malware that wants you to install an app for deeper tracking.
old.reddit.com
Is the threat model tracking across multiple apps to correlate what you're doing? In that case, a single app wouldn't show you the fudging.
```Based on a binomial/Poisson distribution and a baseline of 21 million U.S. device sales per release, a fingerprint relying on "seconds since setup" fails to uniquely identify individuals. In the high-density Early Adopter phase, you will share your exact setup second with an average of 1.01 other people (a total matching pool of ~2 people). Six months into the cycle, you will still share that second with an average of 0.68 other people.```
In the U.S., device setup time (to the second) very conservatively gets you clubbed into a single group of 100 individuals as an "advanced persistent threat" tracker. Even compressing activations to "80/20 during business hours" the math kindof maxes out at a pool of ~5 people, and assuming worst case "20x" of that still means you're still pretty darned identifiable.
If you get ~6-8 more bits of entropy (eg: Device Type + Capacity is easily 2-3 bits, and Time Zone is probably another 2-3 bits) you're cooked!
Just using IP address, device storage, device name, and similar signals, we can identify a user. It isn’t difficult to correlate these data points. Apps like Facebook also force developers to use their SDKs for even small features.
Volume creation date is pretty egregious. I don't see any reason that and Pasteboard changeCount should be so granular.
The "Installed Apps Probe" leak also surprised me. It is better than the current state of Android, though.
Pasteboard counter exists to help apps to not ask again about the same item in the buffer.
And nothing stops from using reset it every day.
Would you elaborate on both points?
Any way to reset it as an end user? (Not enough awareness of the issue for search engines to find much.)
Sweet, been wanting this a while. Just mentioned last month and here it is! https://news.ycombinator.com/item?id=48187972
Yea, it's infuriating that most of the HN crowd thinks the apps are better then web. Apps can spy on you way more than web. It's the reason every website says "please download the app". If it was better for them to spy on you via the website they wouldn't ask you to download the app.
This is why I avoid installing apps and don’t have a lot of them.
...wouldn't it be better to have a pocket computer you own?
Phones are quite useful.
Would love this for MacOS as well.
Fortunately, if you read the README (and decide to go past the “this was mostly built by AI” part,
> Loupe also builds for macOS. The Mac version is mostly complete, but a few things still need work before it's polished.
> and decide to go past the “this was mostly built by AI” part
I got that feeling just seeing the title use "native" as a synonym of "not a website".
What “apps” do you use on a mac?
Probably a ton since macOS apps are literally distributed as .app bundles.
Though there is a difference what store apps and non-store apps can do. I think is about store apps which are “sandboxed” and have to use public api to request then access information which non-store apps can access without.
Google Chrome, VS Code, among others
Well “they” can technically “read” anything your user can.
Apps installed via the MAS have sandboxing applied to them, so this isn't really true.
Yes but chrome is not from MAS. I have none MAS apps installed because they are simply not available via MAS.
Apps like TikTok can know which username we logged in with, even if we uninstall and reinstall the app. This is egregious, as many companies like Facebook have SDKs embedded in many apps, allowing them to accurately interconnect user activity.
Apple should be ashamed that they aren't putting effort to randomize these fingerprints....
It's likely to be trolled by the WPA folks, who will insist that WPAs are just as insecure as native apps, so there's no difference ...
But very cool.
You mean PWA?
Yes. Got my ps and ws mixed up. I was just reading about the Mt. Rushmore project (I was curious whether or not it was a WPA project -it wasn’t, officially).