Loupe – A iOS app that raises awareness about what native apps can see
Loupe is an iOS app that exposes the vast amount of device data readily available to any third-party application, highlighting the components of a unique digital fingerprint. It demonstrates how seemingly innocuous data points, when combined, can track users without explicit consent or traditional identifiers. Hacker News users are fascinated by the concrete examples of privacy leaks and the deeper implications for cross-app tracking.
The Lowdown
Loupe is a privacy-focused iOS/iPadOS app designed to reveal the device fingerprinting surface that native applications can access. It reads real values from public iOS APIs, showing users exactly what information is quietly exposed by their device to third-party apps. The app aims to raise awareness about how these data points collectively form a unique identifier, enabling tracking across various applications and websites without needing personal identifiers like names or emails.
- Data Exposure: Displays raw values from public iOS APIs, categorizing them into "Passive" (no prompt needed), "Needs Permission" (requires iOS prompt), and "Advanced" (clever side-channel uses).
- Privacy-Focused Design: Ensures no data read by Loupe leaves the user's device unless explicitly exported, with no aggregation, hashing, uploading, syncing, or sharing.
- AI-Assisted Development: Notably, Loupe was built almost entirely using AI coding tools.
- Cross-Platform Potential: While primarily iOS, a macOS version is also under development.
- Support: It's free and open-source, with the developers promoting their privacy-first browser, Psylo, as a way to support their work.
By demystifying the data apps can see, Loupe empowers users to understand the subtle mechanisms of device fingerprinting, underscoring the constant tension between convenience and digital privacy in the mobile ecosystem.
The Gossip
Pervasive Privacy Pitfalls
Commenters expressed alarm over specific "passive" data points revealed by Loupe, such as the "iPhone last setup or erased on..." timestamp and "Volume creation date." They found these data points surprisingly granular and potentially unique identifiers, questioning their necessity for exposure and how users could mitigate these subtle privacy leaks, which contribute significantly to a robust device fingerprint.
Fingerprinting Finessing
The discussion delved into the technicalities and statistical efficacy of device fingerprinting. Commenters debated the "threat model" of correlating user activity across multiple apps and offered statistical analyses (e.g., using binomial/Poisson distributions) to illustrate how just a few bits of entropy from various system parameters can collectively identify a user, even within a large population of devices.
Mac App Musings
Users quickly expressed a desire for a macOS version of Loupe, with some noting that the README confirms its development. This sparked a side discussion about the nature of applications on macOS, specifically the differences in permissions and sandboxing between apps installed from the Mac App Store and those installed independently (like Chrome or VS Code), and what level of system information each type of app can access.