[gorgoiler]

Finding the settings mentioned in the article is the sole dark pattern I can think of in iOS — when you find them it’s like finding a secret level in Super Mario Land.

They are under Settings...Privacy...Advertising

https://imgur.com/a/EOvUzCS

The Advertising and Analytics options are only visible below the fold, if one scrolls down the privacy page. The fold itself is disguised as the bottom of the page to put you off scrolling.

Unlike everything else, they do not have icons and only come after a paragraph of text almost perfectly large enough to fill out the vertical height where the tracking options would be.

[ummonk]

I think that depends on your device size. On my iPhone SE, the bottom-most row without scrolling is HomeKit, and that is only partially shown. A single scrolling swipe easily takes me to the end of the screen where the "Advertising" section lies.

[zaroth]

Not just that, but the number of items in the list has grown overall. For example ‘File & Folders’ option is new in 13.

[Gaelan]

On my 6S, the last item is "Research," and while it's pretty much fully on the screen, the margin below it is cut off enough that at least to me, it's obvious that there's scrolling to do.

[baddox]

IMO the much bigger dark pattern is how insanely difficult it is to find subscriptions and cancel them. Even when the location is fresh in your head it’s difficult to find.

[pacifika]

http://appsubscriptions.com/

[cstuder]

I find that location to be easily findable, there are even two logical paths to the subscriptions page (One through Settings, one through the AppStore).

Where would you put it?

[baddox]

In iOS, the trick is that you have to tap your name at the top of the settings. If you read every entry in the list you won’t find anything that seems relevant, and indeed, you just need to know to tap the very top of the settings list. Moreover, searching in settings for “subscriptions” returns no result, despite that being the name of the subentry.

[ummonk]

Yeah, that's the real dark pattern. I would never have guessed where to look for it without having to get instructions from the internet.

[saagarjha]

Did you…print out a screenshot of your phone?!

[gorgoiler]

I applied filters and took a screenshot of the screenshot to reduce image fidelity in case it contained any [covertly embedded]* identifying information [in the form of watermarks or hidden pixels].

*added for clarity.

[fpgaminer]

In case people aren't aware, such a thing _is_ possible. Companies have used steganography techniques in the past to secretly embed identifiers into movies and other visual content. It's been used to track down the movie leakers, for example.

Another example; most printers covertly embed an identifier in their prints.

I have a vague memory of a pre-release video game doing it? Or maybe it was just debugging information that they were embedding. shrug

Personally I don't believe Apple is doing what you describe (though maybe they might do it to a prototype iPhone). But it's certainly your right to hold that belief and take measurements to protect yourself. Shame you're getting downvoted for explaining yourself.

EDIT: Fixed a typo; thank you.

[TurkishPoptart]

Sorry to nit-pick, but isn't the concept of hiding messages in images steganography, rather than stenography? studying for Security+

[saagarjha]

Yes.

[jaclaz]

>Another example; most printers covertly embed an identifier in their prints.

To be picky only colour printers, at least officially (though there are theories about similar ID for B/W laser printers):

https://en.wikipedia.org/wiki/Machine_Identification_Code

[black_knight]

> Another example; most printers covertly embed an identifier in their prints.

This frustrates me a lot with my current printer. The yellow dots which "covertly" identifies my prints are way too visible in the print. So every time I look carefully at something I print I am reminded of how I am being watched.

[baroffoos]

Microsoft embedded an ID in one of the animations on the xbox 360 dashboard which could identify the person who leaked video of a beta game.

[Gaelan]

Worth noting that, IIRC, this was never included in production/release builds of the dashboard.

[mortenjorck]

That’s an impressive level of opsec, but I have to think it would be a huge story if Apple were adding printer-dot-style tracking watermarks to screenshots, and that someone would have found it by now.

[gruez]

I'm sorry, but that's some tin foil hat level paranoia with no basis in reality. What's your threat model here? That Apple wants to deanonymize HN posters by tying them to their screenshots? Considering that they own the operating system, they could skip all the complicated and detectable stenography-in-screenshots and smuggle your mobilesafari (or webkit, which all apps are forced to use) browsing history and cookies along with the analytics data they regularly upload (which is way harder to detect). Failing that, they could also use their iOS backdoor and check every screeenshot that was taken a few hours before this post, and see which one matches. I don't imagine there are too many people taking screenshots of their privacy settings on a daily basis. Correlate that with paranoia tendencies (shouldn't be too hard to determine consider they own the operating system), and they trace it back to you with a high degree of certainty.

Something that actually protects your privacy (and doesn't make you stick out like a sore thumb) is getting the screenshot from an image search and posting from a regularly rotated HN account, all the while using tor.

[gorgoiler]

That’s fine, it’s not a big deal, though I was specifically asked.

The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as being from gorgoiler’s phone?

But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.

[AYBABTME]

Another reason could be: if you systematically scrub everything, then a third party wouldn't be able to use the fact that you scrubbed something as a hint that the thing had valuable information in it.

e.g.: if you use an encrypted chat app ONLY after a murder occurred, then this would be suspicious. If you always use encrypted chat apps, then there's no information hint being given about your possible involvement with the murder.

[gruez]

>The main thing I would worry about is actually not Apple; instead (1) what information might Apple hide in plaintext in the image that a third party could extract?; and (2) what identifiers might there be that a third party could use to correlate multiple images as from gorgoiler?

A lot, actually. But why Apple would take the engineering resources to implement this, and risk all the reputation damage? If they're doing it for the money, how would they monetize it? If they're being coerced by the government, what's the government's motivations? In both cases, is smuggling bits in screenshots really the most plausible way to do it? Surely there must be some better way stenography in screenshots?

>But honestly it just feels odd to upload a screenshot without doing something to scrub it. I find it helpful to practice good security even when, as you point out, the probability of it being necessary is very low.

On the flip side, if you do unusual obfuscation of your uploaded image (eg. heavy post processing), that in itself is an identifying characteristic. You're going to be that guy who uploads his screenshots in greyscale, with heavy compression and blurring. https://xkcd.com/1105/

[dewey]

So now everyone who sees an iPhone screenshot treated in such a way knows it's you, as there are probably not a lot of people who are paranoid about tracking pixels in their iOS settings menu.

[saagarjha]

What are trying to protect against? A screenshot of a screenshot with a filter applied to it isn’t going to help you if your name shows up somewhere in it.

[gorgoiler]

Tracking watermarks / pixels.

[austinjp]

Genuine question: what is a tracking watermark, in the context you're discussing?

[gorgoiler]

Imagine that whenever you took a screenshot the text “TAKEN ON AUSTINJP’S IPHONE” were written across the page.

A “watermark” is simply a version of that designed to be invisible or imperceptible to the human eye, for example by embedding information in the least significant bits of the pixel colors.

“Digital Watermark Steganography” is a good search term for further investigation. As is the case with many security topics, there is an ongoing arms race between technology used to hide information, and technology used to detect information hiding.

At the end of the day if you truly wanted to share a screenshot of the iOS settings UI and remain anonymous, you should probably consider just drawing it with crayons. Except then someone will come along and process the crayon marks to recover your fingerprints etc. etc.

[saagarjha]

Steganographically concealing information in images that allow people to track the source.

[kissickas]

I get the filters, but why the second screenshot? Aren't you just adding more hypothetical tracking pixels with that step?

[gorgoiler]

So that the final screenshot is from outside the app being screenshotted, and as a bonus you get another round of JPEG obfuscation.

[saagarjha]

Screenshots are PNGs.

[ddalex]

Write a tool that replaces the least significant bit of each pixel with a random value. Compress the result with 80% quality. Compress the result with 79% quality. Make sure to strip exif info, and all other metadata. Enjoy the result.

[taneq]

Ha! Now we know the brand of his printer and the retail outlet where he bought it!

[kpU8efre7r]

To save a photo someone sends her, my girlfriend's mother takes a screenshot. A lot of her printed photos have battery or other information on them.

[blkhp19]

It blows my mind, and makes me nervous about my own future, that old people do this kind of thing.

Are they actually incapable of learning the right way to do things? Is neuroplasticity playing a role here? Do they not care that their images look terrible when zoomed in on? I guess they grew up in an era when photos frequently had time and date stamps, and if their eyesight is going... I guess that explains both points.

[taneq]

"Old people"? Half the reposted Twitter memes on imgur have a cellphone title bar in them.

[CathedralBorrow]

What's the "right way" to do things anyway? I know quite well how to tap the share icon, then wait for the drawer to appear, then scroll down a bit, then tap the save icon, then wait for the next drawer to appear, then tap "To photos" or whatever.

Or I can just hit two physical buttons on my phone and grab the image in the form of a screenshot. Because I don't care about the image fidelity, I usually just want to share the thing on Discord or Slack or wherever.

Don't be so arrogant as to assume that people doing things differently than you must be too stupid or old or blind to do it "the right way".

[lonelappde]

If you are going to become an app developer, you shot stop blaming users for not learning your made up UI language, and start making your app work in their language.

I thought some apps and iOS had already responded to this workflow by doing smart things when users try to create screenshots. If they haven't yet, they should. There's no need in the common case for "screenshot" and "share main image" to have different UI entry points. Just pop up a menu asking the user that they want when they push the button.

[taneq]

What do you mean, three-finger-anticlockwise-spiral-while-shaking-the-phone-horizontally isn't intuitive?

[SmellyGeekBoy]

You "start making your app work in their language" by hijacking default OS functionality?

No.

[uwydr]

Pretty sure many apps don't even allow you to save pictures at all. Maybe Facebook is one of them, not sure. That + the button to save pictures not being at the same place on all apps makes screenshots easier and reliable. They simply work.

[eddieh]

If you swipe down, type "advertising", the very first Settings link takes you to "Reset Advertising Identifier...". It is the same for swiping down from the home screen or in the Settings app. I don't think I'd call that a dark pattern.

[nvrspyx]

Searching requires that you know what you’re searching for. So, 1) I doubt most people use the settings search in general and 2) I doubt most people know there are settings related specifically to advertising to search for.

[saagarjha]

Also search in Settings is generally hit-or-miss.

[jonplackett]

Do you really think it's a dark pattern? What does Apple have to gain?

[gorgoiler]

I have no idea but I would guess that it’s something quite banal.

They could, for example, sign a deal with an ad network that gives them beneficial rates on the condition that Apple show there is less than 1% churn in device IDFAs per month. Hiding the IDFA reset button would help with that.

It could also quite easily be some PM’s H2 goal to move the needle on IDFA retention. If they provably impact IDFA resets and they get an exceeds expectations rating in that performance review cycle! Bonus stock options all round! Tech companies are weird like that.

I’ve commented before accusing Apple of using growth and engagement tactics with iOS’s Mail.app, presumably to improve mean-time-before-replying-to-grandma metrics, so color me conspiracy theorist / jaded about Silicon Valley performance metrics.

[jefftk]

Apple benefits from a robust app market, and many apps are ad supported. This rolls up into more demand for iPhones.

[manderley]

Why do they have this as the default setting if they have nothing to gain from it?

[toxik]

Hilariously, this tracking id is the replacement of device id. To give the user more privacy. But Mozilla has an axe to grind. Baking up the wrong tree

[HeWhoLurksLate]

It's still not the correct tree, either.

[ThrowAway54769]

That would be an excellent question to ask Apple.

[pacifika]

First link if you search settings for advertising