Hannah Natanson, a reporter for the Washington Post, had her home raided by the FBI. The article goes into detail, but I want to highlight a few helpful reminders. In the United States, biometrics...
Hannah Natanson, a reporter for the Washington Post, had her home raided by the FBI. The article goes into detail, but I want to highlight a few helpful reminders.
In the United States, biometrics are not protected by the Fourth Amendment. You can be compelled and "assisted" to apply your biometrics to a device. You cannot be compelled to give up your password.
On a Mac, you can go to Settings > Touch ID & Passcode and turn off "Use Touch ID to unlock your Mac".
The keyboard shortcut to quickly lock your Mac is Ctrl + Cmd + Q.
On iPhone, you can temporarily disable biometrics by 1) squeezing the side button and a volume button for a few seconds or 2) pressing the side button five times. You should feel haptics as confirmation.
Encrypt your Mac with FileVault to protect it from being copied.
Syncing chats from WhatsApp and Signal to the desktop increases your attack surface.
As the article mentions, Lockdown Mode is "optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats." I don't know you; maybe you need it, maybe you don't. But the tips above are practical and well worth your consideration.
This raises a question I hadn't considered. Did the warrant cover the Post owned laptop? Like I assume so in some capacity, but does it need explicit mention? Or is it like... idk, drugs where it...
This raises a question I hadn't considered. Did the warrant cover the Post owned laptop? Like I assume so in some capacity, but does it need explicit mention? Or is it like... idk, drugs where it doesn't matter who "owns" them if they're in your possession?
The courts have ruled that a search warrant does not need to explicitly mention each and every item to be searched or seized. From Lawyers.com: The same webpage notes that "courts have recognized...
The courts have ruled that a search warrant does not need to explicitly mention each and every item to be searched or seized.
For a search of a house, for example, it’s typically enough to identify the address. And even broad descriptions of the kinds of evidence officers can seize will often suffice. The U.S. Supreme Court once approved warrants that called for specified items “together with other fruits, instrumentalities and evidence of crime at this (time) unknown.” (Andresen v. Maryland, 427 U.S. 463 (1976).)
The same webpage notes that "courts have recognized so many exceptions to the warrant requirement that some argue the exceptions have all but swallowed the rule."
Ah yeah I meant the emphasize the Post-owned aspect more than it being a specific device but clearly didn't, though I think this still covers my curiosity thank you :)
Ah yeah I meant the emphasize the Post-owned aspect more than it being a specific device but clearly didn't, though I think this still covers my curiosity thank you :)
Does anyone here have experience with using Lockdown Mode? I’ve been trying to find clearer documentation on what exactly Lockdown Mode changes and what the impact might be if I were to toggle it...
Does anyone here have experience with using Lockdown Mode? I’ve been trying to find clearer documentation on what exactly Lockdown Mode changes and what the impact might be if I were to toggle it on and off frequently. I want to understand it better, but I don’t have a spare device to experiment with, and I’m hesitant to risk messing with my daily driver right now.
For instance, does Lockdown Mode disable biometric authentication, particularly for unlocking the device? I haven’t been able to find a definitive yes or no answer to that.
I’m planning a trip to China later this year and I want to know if Lockdown Mode is sufficient to protect my device and personal data. If it isn’t, I’m considering leaving my main phone at home and bringing a burner phone with only the bare essentials instead.
Edit: to all the replies mentioning how disabling biometrics would not truly help with my concerns about leaving the country, you’re absolutely right and I think the way I phrased my questions was pretty poor. Here are my two questions more clearly outlined:
What all does Lockdown Mode do?
I’m planning a trip to China and have been reading about personal device safety. I’ve learned that some businesses provide their employees with loaner devices for such trips, which are then destroyed upon return. My main concern isn’t being stopped and forced to unlock my phone, as I understand that if that happens, my device is compromised, and I would need to wipe it or get a new one upon returning home. Instead, I’m worried about a remote infection that could access my accounts and personal information without my knowledge. Would enabling Lockdown Mode be sufficient to prevent this? I understand that if someone is determined enough, there may be no foolproof solution, but I’m simply taking reasonable precautions as someone who they have no reason target and doesn’t work for the government or a defense contractor or anything like that.
Given you will be in another country, they can just deny you entry and/or arrest you if they want access to your devices. I'd personally base my decision on what to bring on how you'd respond to that.
I’m planning a trip to China later this year and I want to know if Lockdown Mode is sufficient to protect my device and personal data. If it isn’t, I’m considering leaving my main phone at home and bringing a burner phone with only the bare essentials instead.
Given you will be in another country, they can just deny you entry and/or arrest you if they want access to your devices. I'd personally base my decision on what to bring on how you'd respond to that.
Honestly I think it's kinda self-important to assume they care enough about most of us to even do that. They'll probably just turn you away at the border for refusing to cooperate.
Honestly I think it's kinda self-important to assume they care enough about most of us to even do that. They'll probably just turn you away at the border for refusing to cooperate.
I would be interested to hear from someone who has used Lockdown Mode on a regular basis, also. I tested it on my iPhone for you. Lockdown Mode does not turn off biometric authentication. However,...
I would be interested to hear from someone who has used Lockdown Mode on a regular basis, also.
I tested it on my iPhone for you. Lockdown Mode does not turn off biometric authentication. However, you can do so in Settings > Face ID & Passcode by turning off Use Face ID for iPhone unlock. This option is available whether you use Lockdown Mode or not.
It's also worth considering an alphanumeric passcode. I think they're a pain if you have biometrics disabled, but they're a great way to strengthen the security of your phone (especially when a quick button combination disables biometrics).
Edit: As mentioned, pretty much any country reserves the right to deny entry to a non-citizen that refuses to provide a password. Disabling biometrics won't get around that. Citizens of a country may have more rights when re-entering, but are more likely to be delayed for exercising those rights.
Thanks for giving it a try! Crazy to me that turning it on doesn’t disable biometrics, I would think that’s the least it would do given the name and purpose of the mode. I also edited my original...
Thanks for giving it a try! Crazy to me that turning it on doesn’t disable biometrics, I would think that’s the least it would do given the name and purpose of the mode. I also edited my original comment to address what everyone was saying about biometrics.
There's no way to give you a definitive answer. As Apple's own documentation discusses, lockdown mode "helps protect devices against extremely rare and highly sophisticated cyber attacks." It does...
Instead, I’m worried about a remote infection that could access my accounts and personal information without my knowledge. Would enabling Lockdown Mode be sufficient to prevent this?
There's no way to give you a definitive answer. As Apple's own documentation discusses, lockdown mode "helps protect devices against extremely rare and highly sophisticated cyber attacks." It does this by, basically, removing some of the common attack surfaces used in those attacks. One of the earlier varieties of Pegasus relied on placing Whatsapp calls to the target device, so lockdown mode e.g. blocks incoming FaceTime connections from numbers you haven't recently contacted yourself.
No digital security is perfect, though. By definition, anyone possessing a zero-day exploit is ahead of security developers. If you have information you need to protect and reason to believe you'll be targeted by a sophisticated cyber attack, I would not rely on lockdown mode (though obviously it might help). If you are just trying to protect personal information and the PRC police services have no reason to care about you, that's a different story.
I wouldn’t take your personal phone to China. Get a burner and take that. I give the same advice to people trying to visit the united states, get a cheap burner that you wouldn’t miss if they...
I wouldn’t take your personal phone to China. Get a burner and take that.
I give the same advice to people trying to visit the united states, get a cheap burner that you wouldn’t miss if they decide to just take it from you. In fact, don’t bring anything into the us that you would fight for if its taken from you.
Hannah Natanson, a reporter for the Washington Post, had her home raided by the FBI. The article goes into detail, but I want to highlight a few helpful reminders.
As the article mentions, Lockdown Mode is "optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats." I don't know you; maybe you need it, maybe you don't. But the tips above are practical and well worth your consideration.
This raises a question I hadn't considered. Did the warrant cover the Post owned laptop? Like I assume so in some capacity, but does it need explicit mention? Or is it like... idk, drugs where it doesn't matter who "owns" them if they're in your possession?
The courts have ruled that a search warrant does not need to explicitly mention each and every item to be searched or seized.
From Lawyers.com:
The same webpage notes that "courts have recognized so many exceptions to the warrant requirement that some argue the exceptions have all but swallowed the rule."
Ah yeah I meant the emphasize the Post-owned aspect more than it being a specific device but clearly didn't, though I think this still covers my curiosity thank you :)
Does anyone here have experience with using Lockdown Mode? I’ve been trying to find clearer documentation on what exactly Lockdown Mode changes and what the impact might be if I were to toggle it on and off frequently. I want to understand it better, but I don’t have a spare device to experiment with, and I’m hesitant to risk messing with my daily driver right now.
For instance, does Lockdown Mode disable biometric authentication, particularly for unlocking the device? I haven’t been able to find a definitive yes or no answer to that.
I’m planning a trip to China later this year and I want to know if Lockdown Mode is sufficient to protect my device and personal data. If it isn’t, I’m considering leaving my main phone at home and bringing a burner phone with only the bare essentials instead.
Edit: to all the replies mentioning how disabling biometrics would not truly help with my concerns about leaving the country, you’re absolutely right and I think the way I phrased my questions was pretty poor. Here are my two questions more clearly outlined:
What all does Lockdown Mode do?
I’m planning a trip to China and have been reading about personal device safety. I’ve learned that some businesses provide their employees with loaner devices for such trips, which are then destroyed upon return. My main concern isn’t being stopped and forced to unlock my phone, as I understand that if that happens, my device is compromised, and I would need to wipe it or get a new one upon returning home. Instead, I’m worried about a remote infection that could access my accounts and personal information without my knowledge. Would enabling Lockdown Mode be sufficient to prevent this? I understand that if someone is determined enough, there may be no foolproof solution, but I’m simply taking reasonable precautions as someone who they have no reason target and doesn’t work for the government or a defense contractor or anything like that.
Given you will be in another country, they can just deny you entry and/or arrest you if they want access to your devices. I'd personally base my decision on what to bring on how you'd respond to that.
I don’t really see why it would matter in that case. They can always use the wrench method.
Honestly I think it's kinda self-important to assume they care enough about most of us to even do that. They'll probably just turn you away at the border for refusing to cooperate.
“Rubber-hose cryptography”
I would be interested to hear from someone who has used Lockdown Mode on a regular basis, also.
I tested it on my iPhone for you. Lockdown Mode does not turn off biometric authentication. However, you can do so in Settings > Face ID & Passcode by turning off Use Face ID for iPhone unlock. This option is available whether you use Lockdown Mode or not.
It's also worth considering an alphanumeric passcode. I think they're a pain if you have biometrics disabled, but they're a great way to strengthen the security of your phone (especially when a quick button combination disables biometrics).
Edit: As mentioned, pretty much any country reserves the right to deny entry to a non-citizen that refuses to provide a password. Disabling biometrics won't get around that. Citizens of a country may have more rights when re-entering, but are more likely to be delayed for exercising those rights.
Thanks for giving it a try! Crazy to me that turning it on doesn’t disable biometrics, I would think that’s the least it would do given the name and purpose of the mode. I also edited my original comment to address what everyone was saying about biometrics.
There's no way to give you a definitive answer. As Apple's own documentation discusses, lockdown mode "helps protect devices against extremely rare and highly sophisticated cyber attacks." It does this by, basically, removing some of the common attack surfaces used in those attacks. One of the earlier varieties of Pegasus relied on placing Whatsapp calls to the target device, so lockdown mode e.g. blocks incoming FaceTime connections from numbers you haven't recently contacted yourself.
No digital security is perfect, though. By definition, anyone possessing a zero-day exploit is ahead of security developers. If you have information you need to protect and reason to believe you'll be targeted by a sophisticated cyber attack, I would not rely on lockdown mode (though obviously it might help). If you are just trying to protect personal information and the PRC police services have no reason to care about you, that's a different story.
I wouldn’t take your personal phone to China. Get a burner and take that.
I give the same advice to people trying to visit the united states, get a cheap burner that you wouldn’t miss if they decide to just take it from you. In fact, don’t bring anything into the us that you would fight for if its taken from you.