[mrex]

I wasn't suggesting proxying anything, just that the browser should attempt to correct errors that it introduces into page rendering when it spoofs feedback to the server.

And again, is it a realistic threat model to imagine that a high volume website, trusted enough to be browsed regularly by Lockdown-paranoid users, will be hacked in such a way as to deliver a fingerprinting attack to browsers, and only that?

I appreciate the sense of superiority that you have, but try to follow along.

[O__________O]

If I had a sense of superiority, why would I even be taking the time to attempt to understand what you’re saying, makes no sense.

The device has the features turned off because they are know to be hard to harden against attacks or worse, have known vulnerabilities. To spoof them being on, a proxy that isolates requests to the functionality that’s off on the device would have to be sent to another device, but accurately responds as if it was on, including specific designed counter-measuring from an attacker to confirm the end user had real-time control over the proxied system. Just makes no sense to have such a complex system and in majority of situations would require another device that would be vulnerable to attack and always near the target and secured device.

>> And again, is it a realistic threat model to imagine that a high volume website, trusted enough to be browsed regularly by Lockdown-paranoid users, will be hacked in such a way as to deliver a fingerprinting attack to browsers, and only that?

Simple answer is yes. Also, it doesn’t have to be a high volume website, just one the target trusts enough to visit.

[mrex]

>Just makes no sense to have such a complex system

It's not that complex, it really can be reduced to what the browser already does: attempts to render web pages best for the display, without full hinting from the server-side.

In the end, what I'm getting at is that browsers should start viewing any page in an untrusted mode, and this mode should dramatically limit available fingerprint features to the most minimal subset that provides an acceptable user experience.

[O__________O]

No. Whole point of disabling long list of functionality mentioned in the article is so that — no - code is executed via that functionality on the device at all. You are suggesting something that go against whole point of turning it off. Browser already operates in “untrusted” mode. Apple’s iPhone systems and hardware are not designed to be separated. Even if the hardware was duplicated and completely isolated, the secure hardware would be in close physical proximity to non-secure hardware and as a result would be vulnerable to side-channels leaks and/or attacks.

You also are ignoring that a challenge-response counter-measures by the attacker would require direct and real-time action from the targeted users; CAPTCHA is a type of real-time challenge-response combined with private information would confirm that the target user is actively using the device being targeted.

If you think you understand something I don’t that’s fine, but I clearly neither understand what you’re trying to communicate, nor agree with what little I believe I do and have repeatedly attempted to explain why and you have repeatedly ignored my points. If I have ignore a material point made by you, please explicitly point it out.

[mrex]

>Browser already operates in “untrusted” mode.

My guy, there's a difference between legitimate confusion and this sort of aggressively refusing to get the point.

Clearly I'm not referring to sandboxing or app privileges, I'm referring to how your browser assumes any site that's able to send it some Javascript should automatically expect that Javascript to run, or WebGL, or WebAssembly, or whatever monstrosity.

Fundamentally the web was built with the assumption that any resource loaded was an intentional act by a user, or by a process directly authorized by a user.

Over time, the internet has drifted to a one-protocol town, and that assumption by the designers of the protocol is breaking down as the protocol becomes everything to everyone. Trust boundaries and user controls are NOT evolving in time with the protocol capabilities, and worse, protocol development has largely become a fox guarding the henhouse as the main browser developers ultimately responsible for defining the de facto protocol suite, Google and Microsoft, each vie for advertiser dollars and market ubiquity by transforming web browsers into operating systems.

[O__________O]

No longer replying, if you use Apple products, based on your needs, consider looking for other options.

And no, lockdown mode should not enable or task users with authorizing file-by-file, line—by-line, etc blacklisted technologies; believe some of the off by default functionalities are able to be whitelist per domain, but might be wrong.

Also, you clearly and repeatedly stated you wanted to simulate running the code to “spoof” devices profile to evade fingerprinting — you, not I are the one intentionally causing issues in this thread, by repeatedly changing your stated intent.

Good luck, stay safe.