iOS and macOS should offer higher opt-in security
iOS is the most secure platform in the world, and macOS is more secure than Windows. Apple has shipped extremely high security without inconveniencing ordinary users who don’t understand technology and don’t care about security.
But not all security enhancements are ready for broad usage yet. They’ll cause too many websites and apps to break, often with inscrutable error messages that will flummox ordinary users. Security is often a tradeoff against convenience. You can’t make iOS or macOS more secure for all users without making them less usable.
But you can, for some users who opt in.
Apple should let users to opt in to higher security in Settings. For example, you could flip a switch to secure all network connections — HTTP URLs become HTTPS, DNS becomes DNS over HTTPS, and so on 1. If you enter something.com into Safari, it should try to load https://something.com and only if it fails, load http://something.com. When you send a mail in Apple’s Mail.app, it should send the mail encrypted and if that doesn’t work, ask whether to send it unencrypted. You could disable old codecs like MPEG-4 that are never the best choice today2 and can open your device up to security holes. There are a lot of knobs Apple can provide to power users.
Taking a step back, there are different levels of security:
Proceed silently: Don’t surface a potential security problem to the user. For example, iOS and macOS support TLS 1.2 connections, which are less secure than TLS 1.3. When you access a TLS 1.2 site, Safari does not inform of you this.
Inform: The next higher level of security informs you:
But you can ignore this information and use the site. It doesn’t come in your way with a dialog box or overlay that you have to dismiss to use the site.
Ask: The next level of security asks you what to do rather than merely informing you. An example is location access, which requires explicit approval.
Soft block: The next higher level of security is when it looks like it offers only a cancel option:
There is indeed a way to proceed, but it’s hidden behind Details. After you expand details, you have to read through the text to find the link to proceed:
This UI causes most users to cancel, while still preserving the option to proceed for people who are knowledgeable and patient enough. It’s a middle ground between Warning (which has a clear Proceed button) and Block (which doesn’t let you proceed at all).
Block: This is the most stringent level, with no option to proceed. To see this in action, visit this site in Chrome.
Apple uses various levels of security in various scenarios. For example, iOS and macOS proceed silently when they encounter a TLS 1.2 site. What I’m proposing in this blog post is that if you to Security > Advanced, you should be able to upgrade to the next level of security:
Since the default for TLS 1.2 is to proceed silently, the next level up is to inform, by showing NOT SECURE.
In this way, Apple should let upgrade each choice they made to the next level of security.
This lets people or organizations that are particularly sensitive about security (e.g., a company that runs a password manager, or a nuclear weapons research lab) choose a higher level of security which may not be appropriate for everyone. When they do, it puts pressure on other players in the ecosystem to up their security game, making the world more secure.
You could have an Advanced option that lets you toggle each of these separately.
If you want universal compatibility, use H264. If you want open-source, use VP9. If you want the best codec that’s widely deployed, use HEVC. If you want the best codec and you control all the devices involved, use AV1. But in no situation is MPEG-4 the right choice today.