[dhdhdudhsg]

I’ll be using this but what a stupid exception imo. I work in a big building where anyone could walk in without id and simply defeat the protection. Hell, a disgruntled coworker contractor or customer could be in on it.

> When your iPhone is in a familiar location, these additional steps are not required, and you can use your device passcode like usual. Familiar locations typically include your home, work, and certain other locations where you regularly use your iPhone.

[shuckles]

I don’t think iPhone thieves are smart enough to connect a snatched phone’s owner’s identity to a location nor are they stupid enough to regularly go to a frequent location to unlock a stolen device. In practice, a change like this will help a lot. Most stolen phones get put into the Shenzhen parts supply chain, and it’s probably not economical for the middlemen to do bespoke work to unlock the device.

[dhdhdudhsg]

Oh how very wrong you are. This feature came in response to WSJ reporting about iPhone thieves, targeting affluent iPhone users so they could steal their iPhones and rapidly lock the owner out. All while accessing their bank accounts, credit cards etc.

[shuckles]

What does that have to do with my comment which was about whether those thieves are willing to locate the owner’s frequently visited addresses, visit them, and then repeat this process at scale.

[kemayo]

This is a pretty direct response to the WSJ's iPhone theft story from last year[1], which was focused on people managing to shoulder-surf your passcode while you're in a public place, steal your phone, then use your passcode to reset your Apple ID password (thus locking you out of being able to report the phone as stolen). It apparently relied on multiple people and a certain amount of social engineering -- one party managing to get the phone into a passcode-required state, another to see it entered, and a third to actually lift the phone.

The hope would thus be that although someone could walk into your workplace and steal your phone off your desk, they would be much less likely to have been able to watch you enter your passcode first.

[1]: https://www.wsj.com/articles/apple-iphone-security-theft-pas...

[dhdhdudhsg]

Yeah I saw that article too. It closes that one hole the wsj reported on but pretending there aren’t other credible threats is silly. a bad actor at work could observe the password and then steal the phone at a later date, and take it to the bathroom for instance. That’s just what I’ve come up with from there to of my head.

[TheNewsIsHere]

I agree in spirit with your stance, and it is a good solution to the shoulder surfing problem.

But generally I don’t think it’s plausible for a mass market device to counter every kind of threat, or every iteration of a more specific kind of threat.

In a workplace or home theft scenario, there are _presumably_ better ways of identifying a thief than at, say, a random bar.

My beef with this feature is that my Significant Locations haven’t been accurate for over a month, so my home location isn’t “trusted”.