Notable highlights for me:<p>> Lockdown Mode is available in iOS 16 and coming soon in iPadOS 16 and macOS Ventura.<p>> Web browsing - Certain complex web technologies are blocked, which might cause some websites to load more slowly or not operate correctly. In addition, web fonts might not be displayed, and images might be replaced with a missing image icon.<p>The first sentence I believe is referring to disabling JIT (just in time compilation of Javascript), which is dangerous as it allocates W+X pages which are often used by the final stage of an exploit. Apple did an amazing job already of hardening iOS by severely restricting which applications can use JIT (and this is their justification for why non-Safari browser engines are not allowed on iOS) and even enabling per-thread memory page permissions. Many more details are in this fantastic post from Google's project Zero: <a href="https://googleprojectzero.blogspot.com/2020/09/jitsploitation-three.html" rel="nofollow">https://googleprojectzero.blogspot.com/2020/09/jitsploitatio...</a><p>Overall it's very interesting to see Apple invest so significantly in something that will benefit relatively few users -- not that I'm complaining!
> Lockdown Mode is not a configurable option for Mobile Device Management by system administrators<p>This is the best news. Otherwise, you can bet your IT department would be throwing that switch on for everyone.
Still waiting for Apple to allow restricting network access (both cellular and WiFi) for specific apps on all devices, not just those sold in China: <a href="https://apple.stackexchange.com/a/312430/51806" rel="nofollow">https://apple.stackexchange.com/a/312430/51806</a> .
This further cements my opinion that Apple is just leaps ahead of anyone else wrt security and privacy these days. They should be applauded for this.<p>I look forward to when this comes to iPad. An iPad with a Bluetooth keyboard is an excellent option over a traditional laptop for a high-risk target, and this’ll make it even better.
I wonder why all of these settings are grouped together into a "mode" rather than giving users control over each of them individually.<p>What if I want to block USB devices, but I want to be able to use shared photo albums?
I find it interesting that Lockdown Mode doesn't (yet) enable multiple lock screen authentication methods. Requiring Face ID AND a pass code could be useful. (There are rumors that Apple will add Touch ID back to their phones in the future. I'm not sure they'd keep Face ID on a phone with Touch ID but combining those two methods AND requiring a pass code would seem to be the most secure.)<p>I'd also like to see some method for quickly wiping the phone or severely disabling it. A friend mentioned that a new scheme for thieves is to ask you for your unlocked phone at gunpoint and then use a cash app to transfer money to one of their accounts. Some way to very quickly (and covertly) wipe your phone would help defend against that attack. (Related: <a href="https://www.startribune.com/warrant-grifters-targeting-cash-apps-suspected-in-over-100-cell-phones-thefts-downtown-minneapolis/600202085/" rel="nofollow">https://www.startribune.com/warrant-grifters-targeting-cash-...</a>)
My only worry with this is that Lockdown Mode will be a reason to let the “default” mode be less secure. I understand some security features can cause major inconveniences, and so Apple needs to weigh security against convenience as part of their design process. I just hope they keep striking a good balance there, and won’t use Lockdown Mode as an easy way out of those design questions.
> FaceTime - Incoming FaceTime calls are blocked unless you have previously called that person or contact.
Apple Services - Incoming invitations for Apple Services, such as invitations to manage a home in the Home app, are blocked unless you have previously invited that person.<p>Well I would like to have these two enabled in regular situation.
Unless I'm missing something, I think I plan to just run this all the time. I see very few downsides, personally.<p>> web fonts might not be displayed<p>Great, I almost always prefer system default fonts.<p>> Incoming FaceTime calls are blocked<p>Perfect, I don't use it, it is always some scammer.<p>> Incoming invitations for Apple Services<p>Perfect, I don't care.<p>> Shared albums are removed from the Photos app<p>I don't use this stuff, I don't care.<p>> To connect your device to a USB accessory or another computer, the device needs to be unlocked.<p>This seems like it should have always been the default.<p>> Configuration profiles can’t be installed<p>Perfect, nobody should be trying to manage my phone.
> Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature.<p>The list of restrictions doesn't seem to inhibiting - for those who have used it, what are the points that stand out? Is this something designed for habitual use or under specific situations?
I think lockdown mode prevented me from copying text on my iPad and pasting it on the iPhone in WhatsApp, but let me paste it in Apple Notes.<p>I'm not sure though, it might have been a bug, it might have been a user error, but I wonder if inter-device copy and paste is limited, too. I haven't read anything about it, though.<p>Otherwise I've noticed nothing, except a popup when starting apps for the first time after activating lockdown mode, that lockdown mode is active for the app.<p>To me, lockdown mode is a no-brainer. But I don't use very JS-intensive web sites, and never use Apple messages.
I have been running Lockdown Mode for several weeks. It is very rare that my iPhone can not access a web page correctly, etc. iMessage behaves a little differently but I am used to it.
I try it and the experience is good. Barely noticeable. Maybe the sites load a bit slower, and occasionally fonts on some websites don’t render correctly. Otherwise it’s something that many people could just keep turned on.<p>Private relay and locked down mode are two of the recent good features in iPhone.<p>I am wondering how much is it effective against NSO-style spyware? Like, are they going to still come up with exploits and zero days hacking locked down iPhones, maybe adding 25% to their fees?<p>Is there a similar mode in desk and server Linux?
Any startup employees working directly on technology trade secrets or otherwise non-public intellectual property should enable iOS16 lockdown mode.<p>Thanks to years of invasive online targeting, bulk data breaches and mobile phone network structural insecurity, it has never been cheaper to screen for higher-than-average-value targets with digital assets that can be exfiltrated.<p>Since targeting costs have fallen, it is profitable to target employees below the C-suite, e.g. those in strategic or development roles who routinely need to access sensitive information and digital assets. This applies to enterprise, mobile and WFH environments, e.g. leveraging mobile phone foothold to reach other devices like a home router.
I was very happy to see this feature announced! I turned it on immediately and so far it has had little negative impact on my life.<p>Some apps like Gmail will warn you that Lockdown mode is activated and that it will impact your experience but I have not encountered any drawbacks beyond iMessage links not opening the browser. This is easily worked around by copying them.<p>I hope this also blocks incoming calendar invites. Apple has as a feature the automatic addition of calendar invites... spammers soon noticed this and send out calendar invites with their favorite links that can clutter it up.
The audience for this is broader than journalists and human rights activists.<p>Executives, politicians, government figures, engineers and scientists with access to intellectual property, lawyers, … will all benefit from this mode.<p>Think of nations stealing trade secrets and technological know-how from each other. Or how much money you could make hacking iPhone of an employee or CEO of a company that might provide inside information.
I am not sure if Lockdown Mode is a lot of help if it can easily be detected by websites:<p><a href="https://www.vice.com/en/article/epzpb4/websites-can-identify-if-youre-using-iphones-new-lockdown-mode" rel="nofollow">https://www.vice.com/en/article/epzpb4/websites-can-identify...</a>
I don't really see why this matters when Apple also installs backdoors into their phones and grants nation states the exploits to attack dissidents for any person or group that would need a feature like this, apple is the last company I'd trust to protect me from an authoritarian regime.
Obviously these types of features are welcome, even though they are apply to an incredibly small group of people. I cant help but feel the 'personal security' push from Apple and its marketing is rather self serving.<p>Apple is under more legal pressure than ever for its apparent 'anti-competitive' practices. They have on many occasions pushed the line of user privacy and security to defend their business. Features like this benefit a small group of people, but help Apple enormously in defending itself from litigation.<p>Edit: Downvote? Why are companies given the benefit of the doubt as if they were human and caring when they are clearly not! Large listed tech companies like Apple will ALWAYS act in their own interest first. User privacy is the advantage Apple has over its competitors who rely on free services and advertising. It is in their OWN INTEREST to pursue this path which in turn impacts others ability to compete. Must we continue to be so grossly naive?
Lockdown Mode is an optional, it is a extreme protection that's designed for the very few individuals who, because of who they are or what they do, Lockdown might be personally targeted by some of the most sophisticated digital threats.
Lockdown Mode should be the default, and people should actively enable it. There's nothing anyone would want, except maybe shared albums. Those are from people you trust not to upload any images that exploit something.
Why can’t I have the option to turn off my GPS? That seems so important and easy.<p>Question: If I turn off cell, like with airplane mode, is it truly, completely off, with no cell tower pings and such?
A big shortcoming - 3rd party apps.<p>Many hacks these days exploit Whatsapp incoming message processing, etc.<p>Every app with push notification support increases your attack surface.
Will lockdown mode stop your phone from scanning your photos and sending them to Apple/FBI?<p><a href="https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf" rel="nofollow">https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...</a>
Wow, with this and the iPhone 14's camera, they are massively ahead of all other companies. It makes me happy that I bought their products and helped create this.
Does anyone think that Lockdown Mode was allowed to roll out without the American security state feeling comfortable that they're able to defeat it by pressing a button?
The ability to exclude apps or websites from the lockdown seems at the face of it to reintroduce attack surface that lockdown mode is meant to prevent.<p>Countdown to some 0day no-click exploit that adds an app or service or site to the exclusion list and then proceeds with a further attack?
Important to understand is that "provisioned access" as given to the US government is not considered to be a cyber attack, and lockdown mode will not help you there.<p>Also, it appears you cannot use configuration profiles in lockdown mode, meaning you may not be able to use DNS over TLS or HTTPS.
These things are godo and bad.<p>It is nice to make the effort, and it might be dome good.
and allow a lot of people to feel l33t<p>It is bad if people at proper risk think they are safe once it is enabled.
(and those, to me, appear to be the people this is marketed for)