‘Websites can easily detect Lockdown mode in iOS 16’

Privacy activist John Ozbay says it’s easy for websites to track when Lockdown mode is active in iOS 16. The inability to load custom fonts would be a clear indicator to websites that the mode is enabled.

There are many ways that websites and online advertisements can detect that Lockdown mode is active in iOS 16, iPadOS 16 and macOS 13, but one of the most glaring ways is the inability to use custom fonts. to load a website. To support his position, Ozbay a proof-of-concept website developed that checks for mode. If a user of Lockdown mode surfs there, it will become visible.

According to Ozbay this is not a vulnerability or bug. “It is a compromise that is made. For some it is acceptable, but for others this form of fingerprinting can carry a clear risk,” says the man on Twitter. It refers to the IP address that websites collect from visitors, in combination with the information they disclose that the Lockdown mode is active.

At the beginning of July, Apple presented the Lockdown mode for iOS 16, iPadOS 16 and macOS 13, the operating systems that will be released this fall. This mode restricts certain functions of the Apple devices, reducing the possibility for attacks. Lockdown mode will be found in the Privacy & Security section of the Settings menu.

Lockdown Mode Restrictions
app Limits
Safari ‘Certain’ advanced web techniques such as JIT compilation of JavaScript are blocked
Facetime Incoming calls from unknown numbers are blocked
photos Incoming invitations to shared folders are blocked
Management New configuration profiles and MDM enrollments are impossible (current ones are preserved)
Messages Attachments except photos are blocked. Link previews don’t work either