Push Back on NameDrop Privacy Insinuations

The scare tactic hype over this is nuts. I’d given up telling people it wasn’t an issue, but now I’ll point them to your article. Many thanks.

I like that you were able to use this social media hype non-story to remind people about two excellent pieces worth reading that will actually help improve their security and privacy.

I just came here from reading Shira Ovide’s column in the Post. Since the writer had been engaged in an extensive anti-Apple campaign lately, it was good to see this unalloyed support for this particular Apple feature.

The fears expressed in the sampling of comments I read revolved around not understanding the technology but taking the word of the “authorities” that “bad actors” were about to drain information out of our pockets and purses without our knowledge, and therefore bad Apple!!

There is public hay to be made these days by getting out ahead of legitimate security concerns. Sadly, it’s easy to appear you’re ahead by fabricating some concerns.

With the recent revelations on tactics that police are using to spy on citizens without warrants by operating in the gray areas of current laws, it is a bit disingenous of them to be warning the public about security.

Also one to kill this FUD. Its on by default, which is a different issue I do have a problem with. But it won’t work unless you permit it. If someone is up near your iPhone, and you don’t know it, its not going to allow it. And if you see the notification, you should be skeptical that “why is this? and who is near my iphone?”. Right?
But Apple and other tech companies need to be tasked for this “Update turns features ON by default” policy. Let us, the user, determine if we want it on.

While I don’t view NameDrop as a menacing privacy or security risk, I don’t think Apple made a good decision turning it on by default without notifying users. The permission dialog box is going to confuse a lot of people when it appears for the first time, especially if it’s triggered by an unknown iPhone in a crowded place.

Similarly, I don’t think many people need to worry constantly about juice jacking. But it’s easy enough to take countermeasures to make the threat go away. When I travel I carry both a charger (obviously) and this cable:

Unfortunately, it looks like OWC no longer makes it. But I’m sure there are similar cables from other makers.

BTW, there is a long history of intelligence services doing surveillance on commercial aircraft. A classic example:

The phones really need to be nearly touching their NFC ends (the top of the phone). I’ve seen people report confusion, though, when they see the animation on their Apple Watch if they accidentally nearly bring their phone near the watch.

My question is, do you have to authenticate first?

If someone can walk up to your phone, tap their finger on your screen, and get your contact info, that’s bad. The minimum should be that you authenticate first via Face ID or whatever you have set up.

But I haven’t confirmed this yet because everyone I know is already in my Contacts, and I’m not sure if it handles those people differently…

This doesn’t say explicity, but it does say, “To cancel, move the two devices away from each other or lock your iPhone before the NameDrop transfer completes,” which suggests to me that the phone must be unlocked in order to initiate a transfer.

Thanks for that link. And my suspicion was that authentication would be required. And I think the entire answer to whether this is safe or not hinges on that detail that I haven’t seen any press discussing.

I may try this with someone to prove it out…

Verify features the issue in today’s email. It’s discussed here, which has a few details I hadn’t read elsewhere.

Okay, I ran some tests with a friend with an iPhone who is not in my Contacts. She seemed concerned, so I didn’t ask her to send her info. (In fact, she thought somehow I’d get her bank passwords! But I helped her pull up her “My Card” and literally all it had was her phone #, not even her name . Not exactly a power user) But we got most of the way through the test nonetheless.

TLDR: it’s secure.

Here’s the flow: When you put the devices together, and you have not disabled Name Drop, your phone will glow (as the "warmup "to Name Drop) regardless of whether it’s locked.

Receiving: If your phone is locked, you still appear to be ready to accept a name drop that the OTHER PERSON may choose to send you; I cannot confirm that it won’t prompt you to unlock at the point where they actually send you something (because like I said, I didn’t want to make her hit send). But receiving is not the security risk that people are complaining about. If someone wants to send you porno stuff as a contact, then that could be an issue, but no more an issue than some random person texting you today. Either way, it’s nothing like identity theft, the real issue. Perhaps another test will give me the final answer on this, but it’s not a significant concern.

Sending: This is the test that we need the answer to, since it presents an ID theft risk. If your phone is locked, you are never presented with anything on your screen inviting your contact to be sent to the other (possibly rogue) party. There is nothing to “tap”. And in one case (the test where her phone was set up to send), her phone presented the PIN screen to have it unlocked; that’s it.

So, sending any Name Drop info is secured behind the sender’s locked iPhone. Obviously, if your phone is unlocked, there’s a lot at risk in general. But if your phone is locked, your info is safe.

I don’t think there’s anything to see here. These are not the androids you’re looking for. Move along.

That’s good info to have. I’d just add that right now, it seems the major risk of NameDrop is somebody who is confused, distracted, impatient, or careless just hits “Yes” (or whatever the approval dialog says) in response to a transfer request.

Yea, but that means they tap “Yes” when there’s a person face to face with them holding another iPhone. Is this a friend? Then the risk is low. Is it a stranger? Then who would tap “Yes” or instead say “who tf are you?? Get away!”

And for most people, the risk is contact information, which isn’t particularly confidential in most cases. I’m sure there are exceptions, but not with people who you’re going to let within an inch of your iPhone and then agree to send it to them.

… and in the situation people are freaking out over, if a stranger tried to shove his phone in your face (or into your pants) in order to make contact, I think you would notice and probably get quite angry. You wouldn’t unlock the phone and tap a confirmation button.

This reminds me of the fears from years ago claiming that crooks can read all of your contactless credit cards from a long distance away using cheap and easy equipment. People had set up all kinds of proof-of-concept experiments to underscore the danger, but in all of the years since then, I can’t remember a single news article about someone whose cards were actually compromised via that mechanism. (If it actually worked, you can be sure that criminal syndicates would have set up scanning/theft devices in crowded parts of big cities. The fact that there have been no arrests or even reports of this tells me that it doesn’t actually work.)

I agree that most people in most situations wouldn’t approve an unwanted NameDrop request. But I think the longevity and prevalence of offline and online scams that rely on greed, lust, fear, and other powerful emotions–or just simple confusion–to get victims to do things they normally wouldn’t means that NameDrop can be risky, especially with its default setting to “on”.

Is that why all new wallets boast “RFID” protection? I never really made sense of that…

To me, NameDrop just seems like a new Apple variant on what we used to do with Palm Pilots and other devices: Proximity info sharing. From Apple’s perspective, this is intended to reduce a common pain point of social contact between two people that want to share each other’s contact info.

How does this event usually play out? From what I have observed, it often entails one person calling the other’s phone and then each person hand-enters the other’s info, or manually push their contact cards via text. NameDrop is an attempt to reduce the steps and tedium of this process.

Apple could have perhaps explained things a little more (something they have become increasingly deficient at, sadly), but that may not have prevented the social/news media going off into left field with this story.

One never knows what an individual may find annoying… or exciting.

I wonder what real problem this new NameDrop feature solves? We can already share contact info via AirDrop. It may take a few more taps than NameDrop as I understand it (have not used it), but AirDrop works well and requires active action for both parties to work, so no security/privacy issues to worry about. Or am I missing something?

With the caveat that I haven’t used NameDrop before, one difference is that you can choose the fields and information that you want to share with someone, which I don’t think that you can do with AirDrop. AirDrop with someone not in your contacts requires also turning on the less-secure “share with anyone”. Lastly, NameDrop is a lot more simple - you don’t have to share your Apple ID or phone number as part of the transaction. Just tap the phones.

I could picture this being extremely useful at professional conferences, after lectures, or at networking events, or even parties. A bunch of people meet who want to stay in touch. They pull out there phones and, like raising a toast, tap the others they want to stay connected to. Very streamlined.

AirDrop would share your entire Contact card, which may contain PII that you don’t necessarily want to share with a person you just met.

I remember doing this in 1998 at a party when most of my friends and I all bought Palm III PDAs. We were “beaming” the data via its IR transceiver, but it worked great and we all thought it was really cool.

I had a Palm too! It’s crazy how in some ways we took a technological step backwards for decades before catching up!

Heck, we got our first Apple pencil recently and I was remembering writing on my Newton…

I had a Sharp Wizard back in the 90s and remember IR printing to an HP LaserJet at the time - 6P maybe? It was a small non-network printer. I thought that was such cool technology that took a long time to come back.

Now I feel like I’ve hardwired my current printer but it still does AirPrint even when I don’t want it to.

Diane

I recall exchanging contact info from one iPhone to another was possible with a third-party app way back, shortly after writing apps was possible. The transfer was initiated by tapping the phones together so I assume the accelerometer was part of the process to avoid spontaneous, unwanted transfers.

I haven’t used it much, but if I remember correctly AirDrop allows you to select which fields you want to share.

Might NameDrop have some of the same risks as AirDrop?

Fascinating.

Curious about this too. But there are a couple reasons I have a hunch NameDrop is less vulnerable to this.

1. It’s near-field. So you’d have to be basically touching to leak that data
2. It’s peer to peer, not broadcast. So I don’t think you have to share who you are so that the other guy can check their address book for a match.

But I’m all ears to be told I’m wrong.