Checklist 234: Privacy, Security, and WWDC with August Trometer

Apple held its Worldwide Developers Conference this week, and the 2021 WWDC was packed with security and privacy announcements. We’ll cover the highlights on this edition of The Checklist.

Privacy and Security at the WWDC Keynote

As per usual, Apple kicked off WWDC with a multi-speaker keynote event. This year, there was a heavy focus on security and privacy issues, which set the tone for everything else that was announced. We sat down with longtime friend of The Checklist and professional developer August Trometer to discuss some of the new features:

Private Relay

Private Relay is a feature for iCloud+ customers that will encrypt Safari traffic when they browse the web. Here’s how it works. Apple sends your network traffic to one of its own servers, strips out your IP address and replaces it with a general “regional” IP address, and then forwards that traffic to a second, non-Apple server. The second server then sends everything on to its final destination. The effect of this is twofold. First, your ISP won’t know what sites you’re visiting. But secondly, no single entity (neither Apple nor the infrastructure provider that runs the second server) will know both your identity and what you’re doing online.

August says that this is somewhat like a VPN, in that it helps to anonymize your web activity and encrypt your data. Private Relay isn’t a full VPN, though. It doesn’t encrypt all network traffic leaving your computer, just anything that’s going through Safari. In some respects, it is more akin to a proxy service like Tor or Apple and Cloudflare’s ODoH protocol.

While it does sound like a nice privacy feature, it won’t be available to everyone. Apple says that users in China and other countries with heavily regulated Internet will not get the feature. Domestically, Private Relay should roll out sometime this year. But here too, there is a concern. August wonders if Private Relay will give the authorities yet another justification to demand a secret “back door” into Apple’s platforms, as they have in the past.

Hide My Mail

Hide My Mail is a feature that will let users create unlimited “burner” email addresses using iCloud. Here’s how it works. If you don’t want someone to have your real email address, you can use Hide My Mail to generate a unique, random iCloud email address instead. The address just looks something like “blue126_cat@icloud.com”, but it forwards directly to your inbox. Again, you can create and give out as many of these as you want, and just delete one if you ever want someone to stop contacting you.

August says that this will help users who are wary of giving out their real email address, but that it’s likely easier and safer than creating individual burner accounts for this purpose:

We’ve probably all created an extra Hotmail or Gmail account just to sign up for something we weren’t sure of, so that spam or junk mail will go there instead of to our inbox. This allows you to do that as well, likely with just one click in Mail. Plus it’s not indexed like Gmail is. So it’s not only easier to use — it’s safer too!

This is an obvious privacy win, but having the ability to easily create separate unique email addresses when signing up for a new site or service could also help to prevent security threats like credential stuffing attacks.

Preventing Pixel Tracking

Apple also says that it’s taking steps to prevent tracking pixels in emails from invading our privacy. Tracking pixels are little (usually 1-pixel x 1-pixel) bits of data that come hidden in emails. They’re typically all-but-invisible images that are loaded from outside of the actual message. This lets the sender know when you’ve opened their email, and can reveal information about your location or web activity based on your IP address.

Starting soon, Apple Mail will mask your IP address so that trackers can’t collect data about you. Apple Mail is based on WebKit, so Mail will likely accomplish this by building on a Safari feature called Intelligent Tracking Prevention. Safari blocks trackers by analyzing cookies, image sources, and other data to filter out known and likely trackers.

App Privacy Reports

In iOS 15, the App Privacy Reports feature will let you see how an app is using the permissions you’ve given it.

You’ll recall that in iOS 14, Apple introduced a raft of features designed to give users a say in what data they’re sharing with apps, including some fairly granular controls around location and photo sharing. And as we’ve discussed on recent editions of The Checklist, Apple has also introduced Privacy Labels in the App Store to let you know how developers plan to use your data.

The App Privacy Reports feature will, essentially, let you check up on your apps. You’ll be able to see which apps have requested access to your data and your sensors, and how many times that’s happened in the past week. You’ll also see data on network activity by app.

As August says:

Knowledge is power, and this little feature gives you a lot of power! If you spot an app doing something you don’t like, suddenly, you know about it … and you can take action to remove it.

Siri Stays Home

Siri is getting an overhaul this fall. The personal assistant will be doing a lot more on your device, instead of sending data to Apple’s servers for processing.

In addition, you’ll be able to use Siri without an Internet connection for basic tasks like launching apps, setting alarms, and so on.

This is definitely a win for privacy … especially for users who don’t like the idea that their device is listening to them all the time!

Secure Paste

Apple has also introduced a new feature called Secure Paste. Here’s the upshot: When you copy from one app and paste into another, the app that you’re pasting into won’t actually see what you’re pasting until you paste it.

This was touted as a privacy feature at WWDC, but it wasn’t immediately clear to everyone why this relates to privacy. August helped shed some light on the situation for us:

For the longest time, developers have had access to the clipboard, even if the data wasn’t meant for them. This opened up opportunities for cool features, but it also opened up the possibility of misbehavior.

In other words, an unscrupulous developer could potentially use their clipboard access to peek at data that they really have no business accessing. This is exactly what was at issue during the furor over TikTok’s clipboard activity last year. Secure Paste fixes that, which is a nice little win for user privacy. We won’t see a full roll-out for a while, though, since app developers have to implement it by themselves.

Share Current Location

One last feature worth mentioning is Share Current Location. For quite a while, Apple has been trying to give users more control over their location data, and in particular, the ability to limit how much they’re sharing with apps.

Share Current Location takes this to the next level. The feature allows iOS users to give an app their current location — but only once, not for the entire current session in the app.

This is yet another example of how Apple is prioritizing user privacy in an age of mobile computing: a stance which is both principled and good for business! As August puts it:

Apple rightly realizes that as devices become smaller and more powerful, all of your information will be connected to that device. No one wants to have it leaked, and Apple has become the watchdog that governments should have been. They’re doing right by their customers, which, in turn, will sell a lot of devices.

That brings us to the end of another Checklist. To listen to past episodes, or read the full show notes, visit our archives. If you have a question about security and privacy, let us know so that we can answer it on a future edition of the podcast!