I find it so frustrating that Lockdown Mode is so all-or-nothing.
I want some of the lockdown stuff (No facetime and message attachments from strangers, no link previews, no device connections), but like half of the other ones I don't want.
Why can't I just toggle an iMessage setting for "no link preview, no attachments", or a general setting for "no automatic device connection to untrusted computers while locked"? Why can't I turn off "random dickpicks from strangers on iMessage" without also turning off my browser's javascript JIT and a bunch of other random crap?
Sure, leave the "Lockdown mode" toggle so people who just want "give me all the security" can get it, but split out individual options too.
Just to go through the features I don't want:
* Lockdown Mode disables javascript JIT in the browser - I want fast javascript, I use some websites and apps that cannot function without it, and non-JIT js drains battery more
* Shared photo albums - I'm okay viewing shared photo albums from friends, but lockdown mode prevents you from even viewing them
* Configuration profiles - I need this to install custom fonts
Apple's refusal to split out more granular options here hurts my security.
I’m with you on the shared photo albums. I’d been using lockdown mode for quite a while before I discovered this limitation, though. For me, this is one I’d like to be able to selectively enable (like the per-website/app settings). In my case, it was a one-off need, so I disabled lockdown mode, shared photos, then enabled it again.
The other feature I miss is screen time requests. This one is kinda weird - I’m sure there’s a reason they’re blocked, but it’s a message from Apple (or, directly from a trusted family member? I’m not 100% sure how they work). I still _recieve_ the notification, but it’s not actionable.
While I share with your frustration, though, I do understand why Apple might want to have it as “all-or-nothing”. If they allow users to enable even one “dangerous” setting, that ultimately compromises the entire security model. An attacker doesn’t care which way they can compromise your device. If there’s _one_ way in, that’s all they need.
Ultimately, for me the biggest PiTA with lockdown mode is not knowing if it’s to blame for a problem I’m having. I couldn’t tell you how many times I’ve disabled and re-enabled it just to test something that should work, or if it’s the reason a feature/setting is not showing up. To be fair, most of the time it’s not the issue, but sometimes I just need to rule it out.
The profiles language may be confusing -- what you can't do is change them while in Lockdown mode.
Family albums work with lockdown mode. You can also disable web restrictions per app and website.
Agreed. If I know my threat model, I don’t need unnecessary restrictions.
>* Lockdown Mode disables javascript JIT in the browser - I want fast javascript, I use some websites and apps that cannot function without it, and non-JIT js drains battery more
This feature has the benefit of teaching users (correctly) that browsing the internet on a phone has always been a terrible idea.
I'll bite. Why is it so terrible? I'm browsing this site right now on my phone and don't see the horror.
No keyboard, no mouse, tiny screen. Every single action you'd like to take is slower and more cumbersome. Want to selection a portion of a URL? Well, get ready for an adventure. Tap the URL bar once, then -- oops, now it thinks you want to copy. You can't tap the individual sections. Try to move the little "copy bars" but oops, the press didn't register because they're tiny. Spend about a minute randomly pressing the URL bar until you can actually get the behavior your want. Or, try to switch tabs. It's not hard per se, but it's an order off magnitude slower than ctrl+tab. Or search within a page. Can you just hit ctrl+g and start typing and then press ctrl+g again? No, no, you need to enter a menu, enter a submenu, then wait for the onscreen keyboard to show up, then glide your finger over that with a few corrections, then move your finger down the the tiny next button.
It's all objectively terrible, and it accomplishes nothing except allowing the user to use the internet right then and there.
Phone networks by design track you more precisely than possible over a conventional internet connection to facilitate the automatic connection to the nearest available network. Also, for similar reasons it requires the phone network to know that it is your phone
The phone network already needs to know where your phone is to be able to route incoming calls.
Also, I don't get how the situation with your home internet connection changes much. Your ISP knows exactly where you are because your house doesn't move.
Right, but for most people you can reasonably be expected to be in your house so it isn't that big of a security risk
You don't need to connect to the internet for that. It has nothing to do with web browsing at all.
Installed apps can track you even more, so what you're arguing for is presumably not "don't use websites on your phone", but rather "do not use your phone, just use your desktop computer".
Which sure, not using your phone is more secure, but good luck convincing users that they shouldn't use any apps or websites on the go.
I think that ship has sailed.