twincities.fyi

Why lock down your iPhone?

If law enforcement have your phone, it is legal for them to unlock your phone using your fingerprint or your face. However, if your phone has a numerical password on it, it is illegal for them to compel you to tell them the code access your phone.

To me, this is absurd. Like, it should always be illegal to enter my home regardless if my door is locked. However, we live in a judicial system run by judges who don't understand technology.

What needs to be locked?

The most important thing is to take off your face or fingerprint for unlocking your phone. Personally, I don't even set it up when I get a new phone. That way, there's no danger of me accidentally turning it on.

This means that you will be using your code to unlock your phone. This can seem really inconvenient at first, but once you get the muscle memory down it will take one or two seconds.

I have a six digit code on my phone, because in the event law enforcement want to illegally try to crack the code it will take them longer than a 4 digit code.

Additional steps

I also take some additional steps: I turn off Control Center, Siri, and Wallet from the lock screen.

If Control Center is on, law enforcement can turn on Airplane Mode without unlocking your phone. If you are detained and you are sharing location or streaming video or recording and uploading audio, putting your phone in Airplane mode can stop those activities immediately, putting you in a more dangerous position.

I disable Siri so that no one can as to read messages or other private data from the lock screen. I don't know exactly the threat model here, but I certainly feel better without Siri on my lock screen.

Then Wallet is disabled because sometimes I buy too many oat milk lattes! Sue me!

An introduction to the Internet's phone book.

The Internet was built on older networks: namely, the phone network. In a phone network, you can call anyone who is connected so long as you have their phone number. Let's imagine a simple phone book:

If you call one of the numbers in this book, you get the person associated with that number. If you don't know someone's number, you can use this phone book to look the number up.

The Internet also has a phone book. It's called the Domain Name System, or DNS. In DNS, each website is associated with a number: its IP address. An IP address is like a website's phone number.

On the Internet, there are DNS servers that store lots of records like the ones in the table above. When you type in a web address into your browser, your computer makes a request to a DNS server to find the IP address of the website you'd like to visit. It finds the record, and you can connect to the website by making requests to its IP address.

DNS and privacy

This system of making a request to a DNS server presents a privacy problem. DNS requests are largely unencrypted, so that means the websites you lookup with the DNS server are public to interlopers such as your internet service provider, any system in transit between you and the DNS server, or anyone on your Wifi network (think a Wifi network at a coffee shop).

This means that any one of those parties can see what sites you go to and infer what you were doing. For example, if I was eavesdropping on DNS requests and I saw that a user was making a lot of DNS requests for sites on beekeeping, I could infer that they were getting into beekeeping (or already a beekeeper! Imagine!). When combined with location data such as where your network is physically located, these inferences can become very powerful.

What is a VPN?

A VPN stands for virtual private network. When you turn on a VPN, your computer connects to a private network and makes requests from that network instead of the network that you're connected to.

This means that your DNS traffic looks different. Anyone monitoring your traffic, such as an interloper on the coffee shop Wifi network or your internet service provider, does not see your DNS requests. Instead, your requests get routed first to the VPN and then to the larger Internet.

For example, let's say that your VPN provider allows you to select a VPN in Chicago. First, your device will establish a connection to this Chicago VPN. Once that connection is established, Internet traffic will appear to come from that address in Chicago rather than the Wifi that your device is connected to. This means that DNS requests are also sent from that VPN and are much harder to trace back to you.

Safety considerations

When using a VPN, you want to select a VPN provider you trust. If I wanted to get a lot of information about network traffic, I could create a virtual private network myself and advertise free VPN access. Then when users joined my VPN, I could save their device information and all their DNS requests, effectively duplicating the privacy problem they were trying to avoid by using a VPN. Be sure to only use VPNs from trusted providers like Proton or NordVPN.

Adding a VPN you your phone.

Engadget has a good guide on adding the VPN to your iPhone. I don't have an Android, but this support article seems to be what you'll need for that platform.