Does an iPhone track every website I visit in the browser?

hesitantapplegal

I've read some conflicting information about this and wanted to know if anyone has a definitive answer. Imagine someone who does not use iCloud uses firefox focus or brave browser on an iPhone, does Apple in this case have visibility into all browsing history?

The New Oil seems to believe that utilizing privacy respecting apps will prevent apple from collecting data from those apps, but I haven't seen a definitive answer in terms of the browser.

DeletedUser26

hesitantapplegal No, Safari history is E2EE in iCloud and you can turn off syncing if you want:
https://support.apple.com/en-us/102651

Graphene1

hesitantapplegal its extremely likely that Tim knows exactly what your doing on your iPhone. The telemetry baked into the OS could circumvent any measures you take (VPNs, open source app alternatives etc) and all will be tied to your Apple ID. Its closed source and is sending constant telemetry I would assume the worst unless proven otherwise.

DeletedUser69

DeletedUser26 thank you, can we get a proof of validity from trustworthy independent source?

treenutz68

DeletedUser26 Interesting. It sounds like OP doesn't use iCloud at all. Does that mean there should be no browser tracking by Apple?

DeletedUser69 Haha, probably not I'm assuming as its closed source ;)

DeletedUser69

To return back to OP, no JS, no cookies. And no cookies, (almost) no tracking. Unless the OS is compromised. When I compare iOS to GrapheneOS, it is a no brainer for me. Can you imagine Apple user browsing with no Javascript? It doesn't stop there. I, personally would not trust Apple with emptying my trash in a private way after removing SIM card, turning on airplane mode, and opting out of all telemetry. But this is just my personal view. Yours may be different, in that case, good luck.

hesitantapplegal

Graphene1

I keep thinking about that scene from the Snowden movie where the NSA agents were basically able to tap into anyone's phone. I mean, that was years ago, so I can only imagine what they're capable of now. I've been learning more about GrapheneOS and I'm really impressed with all the potential threats they've considered and mitigated. But it got me wondering, are there still some vulnerabilities that are beyond the operating system's control?

I've heard rumors about backdoors in networking devices, and it makes sense to me that if I were a nation-state level actor, I'd want to insert vulnerabilities at a deeper level, like in modems or SIM cards. I mean, think about it, a SIM card is basically a tiny computer, right? So, could it potentially collect data and send it off without the operating system even knowing? That's a pretty unsettling thought.

And I know iPhones are basically black boxes, so who knows what kind of data they're collecting and sending off? I mean, it's unlikely, but theoretically, as you said they could be logging every keystroke or taking screengrabs. And if that's possible on an iPhone, couldn't it also be happening on a GrapheneOS phone, even if the OS itself isn't compromised?

DeletedUser69

hesitantapplegal I believe we choose to trust GrapheneOS developers who build on top of AOSP which is open source. If anything of the sort was happening here, it would be known to the world by now. But with closed source like Apple or even Play Services devil knows what lurks under the surface. Sorry, this was not a very technical explanation.

treenutz68

hesitantapplegal

I don't think knowledgeable people like the GrapheneOS devs believe that an iPhone is grabbing your keystrokes or screen grabs. Generally speaking, iPhones are well regarded from a security and privacy perspective around here. I wish there was some definitive data that could prove what is logged by Apple.

I assume the Graphene devs have done analysis into the packets of data being sent off of a Graphene Pixel to see if there are strange things that suggest hardware/firmware are misbehaving, but perhaps that is not a correct assumption?

DeletedUser87

treenutz68 I wish there was some definitive data that could prove what is logged by Apple.

Well, that's the problem. It's as closed source as it gets and understanding what's going on is incredibly hard. Say there was a backdoor. Say it was enabled remotely just for specific users. Say it would detect MitM attempts to circumvent analysis. How would you even find out it existed? It could talk to one of the hundreds of domains iPhones talk to and would go unnoticed. That's why people are scared of FISA court orders and the extremely punishing NDAs these companies are under (and we can safely assume: they are). Speaking about this stuff will get you a nice wanted poster around the world (see Snowden), so I assume systems where the code can't be inspected by outsiders as compromised. Especially in the last few years mobile processors have gained insane capabilities, with powerful offline speech-to-text functions and neural processing on device. 10 years ago you would need whole server farms to do that. My personal take is: I don't know what it does, I don't trust it.

treenutz68

DeletedUser87

I'll link over to my reply in a different thread as it may be related to the point you are arguing:

https://discuss.grapheneos.org/d/17413-my-experience-after-one-week/12