DEV Community: 佐藤玲

How an AI Model Fooled Thousands: The Emily Hart 'MAGA' Influencer Deception Explained for Developers

佐藤玲 — Thu, 23 Apr 2026 16:17:35 +0000

How an AI Model Fooled Thousands: The Emily Hart 'MAGA' Influencer Deception Explained for Developers

She had the perfect face. Flawless skin, piercing blue eyes, a photogenic smile that radiated authenticity — and a political opinion for every news cycle. Emily Hart, a self-described conservative 'MAGA' influencer with tens of thousands of followers, looked every bit the part of a real social media personality.

There was just one problem: Emily Hart didn't exist.

The account, eventually traced back to a man operating out of India, represents one of the most technically sophisticated influence operations uncovered in recent years. For developers, data scientists, and AI practitioners, it's a case study that deserves a deep technical autopsy — because the tools used to build 'Emily' are the same tools sitting in your GitHub repos right now.

Who Was Emily Hart?

Emily Hart emerged as a prominent right-wing influencer persona across multiple social platforms. Her content leaned heavily into 'MAGA' talking points, cultural commentary, and shareable political memes. Her engagement metrics were impressive. Her follower count grew steadily. Brands were even reportedly approached for sponsored content opportunities.

When investigative researchers and digital forensics analysts began pulling at the threads, the entire fabrication unravelled. The model behind the Emily Hart persona was a synthetic construct — a GAN-generated (Generative Adversarial Network) face layered onto a carefully curated social media presence. The operation was traced back to an individual in India running multiple such accounts simultaneously.

This isn't a one-off. This is a template. And as a developer, you need to understand exactly how it works.

The Technical Stack Behind a Fake Influencer

Building a convincing synthetic influencer in 2024 requires a surprisingly accessible toolkit. Here's how operations like the Emily Hart persona are typically constructed:

1. Face Generation via GANs or Diffusion Models

The foundation of any AI model persona is the face. Tools like StyleGAN3 (by NVIDIA) or Stable Diffusion can generate photorealistic human faces that don't belong to any real person.

# Example: Generating a synthetic face using the 'diffusers' library
from diffusers import StableDiffusionPipeline
import torch

pipe = StableDiffusionPipeline.from_pretrained(
    "runwayml/stable-diffusion-v1-5",
    torch_dtype=torch.float16
)
pipe = pipe.to("cuda")

prompt = "professional headshot of a young woman, natural lighting, photorealistic"
image = pipe(prompt).images[0]
image.save("synthetic_persona.png")

The output is an image that passes a casual visual inspection with zero traces leading back to a real human being.

2. Consistent Identity Across Multiple Images

One face isn't enough. A believable influencer has hundreds of photos. Operators use IP-Adapter or LoRA fine-tuning to maintain consistent facial identity across varied scenarios — different backgrounds, outfits, lighting conditions, and expressions.

# Conceptual example of LoRA-based identity consistency
# Fine-tune a base model on 15-20 seed images of the synthetic face
# to generate consistent variations

from peft import LoraConfig, get_peft_model
from transformers import AutoModelForCausalLM

# LoRA configuration for consistent persona generation
lora_config = LoraConfig(
    r=16,
    lora_alpha=32,
    target_modules=["q_proj", "v_proj"],
    lora_dropout=0.05,
    bias="none"
)

This is how 'Emily Hart' could appear at a beach, at a rally, and in a selfie — and still look like the same person.

3. Content Generation via LLMs

The face is just the avatar. The voice — the political takes, the captions, the replies to followers — comes from large language models fine-tuned or prompted to maintain a consistent persona.

Operators typically craft a detailed system prompt that defines the persona's:

Political stance (in this case, strongly pro-'MAGA')
Tone and vocabulary
Backstory and biography
Posting habits and content pillars

system_prompt = """
You are Emily Hart, a 28-year-old conservative commentator from Tennessee.
You are passionate about traditional American values, support MAGA political
movement, and share your opinions confidently on social media. Write in a
casual, engaging tone. Always stay in character.
"""

import openai

response = openai.chat.completions.create(
    model="gpt-4",
    messages=[
        {"role": "system", "content": system_prompt},
        {"role": "user", "content": "Write a tweet about today's election news"}
    ]
)
print(response.choices[0].message.content)

4. Automated Scheduling and Engagement

Posting manually at scale isn't sustainable. These operations use automation tools — sometimes simple Python scripts with platform APIs, sometimes commercial social media schedulers — to maintain the illusion of an active human presence.

How Investigators Unmasked the Deception

So how was Emily Hart caught? Digital forensics researchers used several detection vectors that every developer should be aware of:

Reverse Image Analysis

Early GAN-generated faces have tell-tale artifacts — asymmetric ears, garbled text in backgrounds, impossible jewelry. Tools like Hive Moderation API and FotoForensics can flag these anomalies.

EXIF Metadata Stripping

Real photos carry metadata: GPS coordinates, camera model, timestamp. Synthetic images have none of this — or suspiciously uniform metadata.

Behavioural Pattern Analysis

The account posted with inhuman consistency — same times daily, rapid responses, zero personal life interruptions. NLP analysis of posting cadence and linguistic patterns flagged the account as likely automated.

Cross-Platform Identity Verification

The 'Emily Hart' persona failed basic cross-platform consistency checks. Real influencers accumulate messy, organic digital footprints. Synthetic personas are too clean.

Building a Detection Pipeline: A Developer's Approach

Here's a practical skeleton for a synthetic persona detection tool you can build and expand:

import requests
from PIL import Image
from io import BytesIO
import numpy as np

def analyze_profile_image(image_url: str) -> dict:
    """
    Basic synthetic image detection heuristics.
    For production, integrate with Hive or Microsoft Azure Content Moderator.
    """
    response = requests.get(image_url)
    img = Image.open(BytesIO(response.content)).convert('RGB')
    img_array = np.array(img)

    results = {
        "resolution": img.size,
        "has_exif": _check_exif(img),
        "symmetry_score": _facial_symmetry_score(img_array),
        "artifact_score": _detect_gan_artifacts(img_array)
    }
    return results

def _check_exif(img: Image) -> bool:
    """Check if image contains EXIF metadata."""
    exif_data = img._getexif()
    return exif_data is not None

def _facial_symmetry_score(img_array: np.ndarray) -> float:
    """GAN faces often show unnatural symmetry. Score 0-1."""
    h, w = img_array.shape[:2]
    left_half = img_array[:, :w//2]
    right_half = np.fliplr(img_array[:, w//2:])
    diff = np.mean(np.abs(left_half.astype(float) - right_half.astype(float)))
    # Lower diff = more symmetric = more suspicious
    return float(1 - (diff / 255))

def _detect_gan_artifacts(img_array: np.ndarray) -> float:
    """Placeholder for GAN artifact detection (integrate CNNForensics)."""
    # In production: use a pre-trained CNN trained on GAN vs real faces
    return 0.0

# Usage
results = analyze_profile_image("https://example.com/profile.jpg")
print(results)

For a production-grade pipeline, integrate [[AI detection and content moderation APIs]] that offer pre-trained models specifically designed to identify synthetic media at scale.

The Broader Implications for Developers

The Emily Hart case isn't an anomaly — it's a preview. As synthetic media tools become more democratized, the barrier to running a sophisticated influence operation drops to near zero. A single operator with a laptop and [[cloud GPU rental services]] can now maintain dozens of fake personas simultaneously.

This creates several urgent responsibilities for developers:

If you build social platforms:

Implement liveness checks and identity verification at signup
Deploy behavioral analytics to flag non-human posting patterns
Integrate synthetic media detection at the image upload layer

If you build AI tools:

Watermark generated images at the model level (C2PA standards)
Implement usage monitoring for persona-building use cases
Add friction to large-scale automated content generation

If you're a researcher or independent developer:

The open-source community needs better detection tooling — this is a genuine opportunity to contribute
Datasets like FaceForensics++ and DFDC are freely available for training detection models

The Ethical Dimension We Can't Ignore

It's tempting to frame this purely as a technical problem with a technical solution. But the Emily Hart case is fundamentally about manipulation — political manipulation, at scale, by an anonymous actor exploiting the trust people place in online communities.

The 'MAGA' influencer angle here matters specifically because political influence operations are designed to exploit ideological tribal instincts. Whether the target is conservative or liberal audiences, the mechanism is the same: build a credible persona, earn trust, inject narratives.

Developers built the tools that made this possible. Developers also need to build the countermeasures.

Key Takeaways

The Emily Hart persona was a GAN/diffusion-generated AI model layered with LLM-generated content to impersonate a 'MAGA' influencer
The technical stack is entirely open-source and accessible — detection tools need to keep pace
Forensic signals like EXIF absence, symmetry scores, and behavioral cadence can flag synthetic accounts
Developers have a responsibility — both in how they deploy generative AI and in building detection infrastructure
Regulatory and platform-level responses are lagging; the technical community needs to lead

Want to dive deeper into synthetic media detection, AI ethics, or building responsible AI systems? [[Follow for developer-focused deep dives on AI security and emerging tech]] — I publish new breakdowns every week.

Drop your thoughts in the comments: Have you encountered synthetic personas online? What detection methods have you found most effective? Let's build better tools together.

Tags: #ai #machinelearning #deepfake #cybersecurity #ethics

5x5 Pixel Font for Tiny Screens: The Complete Developer Guide to Micro Typography

佐藤玲 — Thu, 23 Apr 2026 16:16:34 +0000

5x5 Pixel Font for Tiny Screens: The Complete Developer Guide to Micro Typography

You're staring at a 128×64 OLED display, a tiny e-ink badge, or a retro game screen — and suddenly you realize your fancy TrueType font is completely useless. You need every pixel to count.

Welcome to the world of the 5×5 pixel font: the unsung hero of embedded development, retro gaming, and wearable tech. In this guide, we'll break down everything you need to know — from the theory behind micro typography to rendering your own characters in code.

Why a 5×5 Pixel Font?

When working with tiny screens — think SSD1306 OLEDs, Nokia 5110 LCDs, or even low-resolution LED matrix panels — standard fonts simply don't fit. A typical 8×8 bitmap font already feels large on a 32-pixel-tall display. A 5×5 font gives you:

More characters per line — on a 128-pixel-wide screen, you can fit ~25 characters vs. ~16 with an 8×8 font
More lines per screen — critical for data-dense UIs like sensor dashboards
Retro aesthetic — perfect for indie games, pixel art tools, and demoscene projects
Minimal memory footprint — each glyph fits in as few as 3–5 bytes

The tradeoff? Readability is a craft. Every pixel decision is intentional, and designing or choosing the right 5×5 font requires understanding the constraints deeply.

Anatomy of a 5×5 Glyph

A 5×5 pixel font means each character fits inside a 5-column by 5-row grid. With a 1-pixel gap added between characters, you effectively work with a 6×5 cell per character in horizontal layout.

Here's what the letter A might look like in a 5×5 grid:

. X X X .
 X . . . X
 X X X X X
 X . . . X
 X . . . X

Translated to binary rows (1 = lit pixel, 0 = dark):

Row 0: 0 1 1 1 0  → 0x0E
Row 1: 1 0 0 0 1  → 0x11
Row 2: 1 1 1 1 1  → 0x1F
Row 3: 1 0 0 0 1  → 0x11
Row 4: 1 0 0 0 1  → 0x11

This gives us a compact 5-byte representation per glyph — incredibly efficient for microcontrollers with limited flash storage.

Storing the Font in Code

Let's look at how to store a basic 5×5 font in C, suitable for Arduino, STM32, or any embedded platform.

// Each character is stored as 5 bytes (one per row)
// Bit 4 (MSB of 5-bit value) = leftmost pixel

const uint8_t font5x5[][5] = {
  // Space (ASCII 32)
  { 0x00, 0x00, 0x00, 0x00, 0x00 },
  // ! (ASCII 33)
  { 0x04, 0x04, 0x04, 0x00, 0x04 },
  // A (ASCII 65)
  { 0x0E, 0x11, 0x1F, 0x11, 0x11 },
  // B (ASCII 66)
  { 0x1E, 0x11, 0x1E, 0x11, 0x1E },
  // C (ASCII 67)
  { 0x0F, 0x10, 0x10, 0x10, 0x0F },
  // ... continue for full ASCII range
};

To render a character at position (x, y) on a pixel buffer:

void draw_char(uint8_t *framebuffer, int fb_width, char c, int x, int y, uint8_t color) {
  int idx = c - 32; // offset from ASCII space
  for (int row = 0; row < 5; row++) {
    uint8_t row_data = font5x5[idx][row];
    for (int col = 0; col < 5; col++) {
      if (row_data & (0x10 >> col)) {
        int px = x + col;
        int py = y + row;
        framebuffer[py * fb_width + px] = color;
      }
    }
  }
}

void draw_string(uint8_t *fb, int fb_width, const char *str, int x, int y, uint8_t color) {
  while (*str) {
    draw_char(fb, fb_width, *str++, x, y, color);
    x += 6; // 5px glyph + 1px spacing
  }
}

This is clean, portable, and works on any device where you can write pixels to a buffer.

Python Example for Prototyping

Before burning code to hardware, prototype your font rendering in Python with Pillow:

from PIL import Image, ImageDraw

font5x5 = {
    'A': [0x0E, 0x11, 0x1F, 0x11, 0x11],
    'B': [0x1E, 0x11, 0x1E, 0x11, 0x1E],
    'C': [0x0F, 0x10, 0x10, 0x10, 0x0F],
    ' ': [0x00, 0x00, 0x00, 0x00, 0x00],
}

def draw_string(text, scale=8):
    width = len(text) * 6 * scale
    height = 5 * scale
    img = Image.new('1', (width, height), 0)
    draw = ImageDraw.Draw(img)

    for i, char in enumerate(text):
        glyph = font5x5.get(char, font5x5[' '])
        for row, row_data in enumerate(glyph):
            for col in range(5):
                if row_data & (0x10 >> col):
                    x = (i * 6 + col) * scale
                    y = row * scale
                    draw.rectangle([x, y, x+scale-1, y+scale-1], fill=1)
    return img

img = draw_string("ABC")
img.save("font_preview.png")

Run this to generate a scaled-up preview PNG — great for validating your glyph designs before deploying to tiny screens.

Designing Your Own 5×5 Glyphs

If the existing open-source fonts don't match your aesthetic, designing custom glyphs is a satisfying challenge. Here are the key rules:

1. Prioritize Legibility Over Style

At 5 pixels tall, optical illusions are real. What looks balanced in your head may appear lopsided on screen. Always test on the actual hardware or a 1:1 preview.

2. Use Consistent Stroke Width

Most successful 5×5 fonts use a 1-pixel stroke throughout. Two-pixel strokes are possible for bold variants but leave very little negative space.

3. Leverage the Center Row

The middle row (row 2) is your anchor. Characters like E, F, H, and B rely on it heavily. Plan your glyph from the center outward.

4. Numbers Need Special Attention

Digits 0–9 in a 5×5 font are tricky — especially 8 and 3. Consider if your use case is data-heavy (clocks, sensors) and optimize numbers first.

5. Avoid Isolated Single Pixels

A lone lit pixel surrounded by darkness reads as noise, not detail. Every pixel should connect to at least one neighbor — vertically, horizontally, or diagonally.

Notable Open-Source 5×5 Fonts

Before rolling your own, check these battle-tested options:

Tom Thumb — One of the most downloaded micro fonts. Designed specifically for tiny screens. Available as a BDF file and easily converted.
Mx5x5 — Clean proportional font used in several embedded UI libraries.
Pico-8 Font — The built-in font from the PICO-8 fantasy console. 4×6 cells but 5 pixel tall characters — widely cloned and modified.
u8g2 library fonts — The u8g2 graphics library ships with a massive collection of bitmap fonts including several 5-pixel-height variants, ready to use on Arduino and ESP32.

Real-World Use Cases

Wearable Displays

Smartwatch DIY projects on tiny 80×160 or 96×64 TFT screens depend on compact fonts. A 5×5 font lets you display heart rate, steps, and time simultaneously without scrolling.

Retro Game Development

Building a game for the Game Boy-style or PICO-8? The 5×5 pixel font fits naturally into 8×8 tile grids and gives your UI a classic feel. pixel art game dev courses often cover custom font design as a foundational skill.

IoT Sensor Dashboards

An ESP32 with a 128×32 OLED showing temperature, humidity, and RSSI needs every pixel. With a 5×5 font and 1px line spacing, you fit 5 lines of 20 characters — more than enough.

LED Matrix Panels

Scrolling text on a 32×8 LED matrix? A 5×5 font with smooth column-by-column scrolling is the standard approach in clock and sign projects worldwide.

Performance Tips for Embedded Rendering

Store font data in PROGMEM (Arduino) or flash-mapped memory to avoid eating your tiny RAM budget
Cache rendered strings as bitmaps when content doesn't change frame-to-frame
Use dirty rectangle tracking — only re-render regions of the screen that changed
Precompute character offsets into the font table if you're doing frequent random access

// Arduino PROGMEM example
const uint8_t font5x5[][5] PROGMEM = {
  { 0x0E, 0x11, 0x1F, 0x11, 0x11 }, // A
  // ...
};

// Reading with pgm_read_byte
uint8_t row_data = pgm_read_byte(&font5x5[idx][row]);

This single change can save hundreds of bytes of RAM on an ATmega328 — critical when your total SRAM is only 2KB.

Accessibility Considerations

It's worth acknowledging: 5×5 fonts are not accessible by default. They are purposeful tools for constrained environments, not a first choice for general UIs. If your hardware can support larger text, do it. Reserve 5×5 for situations where the screen physically cannot accommodate anything bigger.

For mixed-size UIs, consider using 5×5 for secondary data (labels, units) and a larger font (8×8 or proportional) for primary values. embedded UI design toolkits like LVGL support multi-font layouts even on resource-constrained hardware.

Wrapping Up

The 5×5 pixel font is one of those elegant engineering constraints that forces creativity. With just 25 pixels, you craft something readable, functional, and often beautiful. Whether you're building a retro game, a wearable sensor node, or an IoT display dashboard, mastering micro typography is a skill that pays dividends every time you stare at a tiny screen.

Key takeaways:

Store glyphs as 5-byte row arrays for maximum efficiency
Add 1px character spacing for readability
Test on real hardware or 1:1 scale previews early
Use PROGMEM/flash storage on microcontrollers
Start with open-source fonts like Tom Thumb before designing your own

If you found this useful, follow me here on DEV for more embedded systems, graphics programming, and hardware hacking content. Got a 5×5 font you've built or a project using micro typography? Drop it in the comments — I'd love to see what you're working on.

We Found a Stable Firefox Identifier Linking All Your Private Tor Identities

佐藤玲 — Thu, 23 Apr 2026 16:12:22 +0000

We Found a Stable Firefox Identifier Linking All Your Private Tor Identities

You open Tor Browser. You click "New Identity." You feel anonymous.

You're not.

Security researchers — including independent analysts and privacy advocates — have identified a stable Firefox-based identifier that persists across Tor Browser sessions, new circuits, and even "New Identity" resets. This identifier can be used to link what you believed were completely separate, private browsing identities back to a single user.

If you rely on Tor for whistleblowing, journalism, privacy activism, or simply staying off the radar, this is a critical read.

What Is the Identifier?

The identifier in question is rooted in Firefox's internal font fingerprinting surface — specifically how the browser renders and measures fonts at a sub-pixel level using the HTML5 Canvas API, combined with subtle quirks in Firefox's JavaScript engine timer behavior and GPU-accelerated rendering paths.

Here's the kicker: Tor Browser is built on Firefox ESR. And while the Tor Project does an exceptional job of patching many fingerprinting vectors, a class of identifiers tied to the underlying hardware-software interaction — baked deep into Firefox's rendering pipeline — has proven surprisingly stable.

This is not a cookie. It's not localStorage. It's not your IP.

It's the digital equivalent of your handwriting — something unique to how your machine renders pixels.

How Font and Canvas Fingerprinting Works

Canvas fingerprinting works by drawing text and shapes off-screen and reading back the pixel values. Tiny differences in GPU drivers, OS-level font rendering, anti-aliasing engines, and sub-pixel hinting produce a unique pattern per device.

// Simplified canvas fingerprint extraction
function getCanvasFingerprint() {
  const canvas = document.createElement('canvas');
  const ctx = canvas.getContext('2d');

  canvas.width = 200;
  canvas.height = 50;

  // Draw text with mixed unicode + emoji
  ctx.textBaseline = 'top';
  ctx.font = '14px Arial';
  ctx.fillStyle = '#f60';
  ctx.fillRect(125, 1, 62, 20);

  ctx.fillStyle = '#069';
  ctx.fillText('Browser fingerprint 🔍', 2, 15);

  ctx.fillStyle = 'rgba(102, 204, 0, 0.7)';
  ctx.fillText('Browser fingerprint 🔍', 4, 17);

  return canvas.toDataURL();
}

const fp = getCanvasFingerprint();
console.log(btoa(fp).slice(0, 64)); // Truncated hash-like output

Standard Tor Browser blocks this via canvas prompt — it asks the user for permission before returning canvas data, or returns a randomized result. So why is the identifier still leaking?

The Deeper Problem: Timing Channels and Resource Loading

The stable identifier isn't always from a direct canvas read. Researchers found it manifests through side-channel timing attacks on font loading and layout reflow:

// Timing-based font detection (proof-of-concept)
async function measureFontRenderTime(fontName) {
  const testString = 'mmmmmmmmmmlli';
  const baseFont = 'monospace';

  const getWidth = (font) => {
    const span = document.createElement('span');
    span.style.fontSize = '72px';
    span.style.fontFamily = font;
    span.style.position = 'absolute';
    span.style.visibility = 'hidden';
    span.innerText = testString;
    document.body.appendChild(span);
    const w = span.getBoundingClientRect().width;
    document.body.removeChild(span);
    return w;
  };

  const t0 = performance.now();
  const baseWidth = getWidth(baseFont);
  const testWidth = getWidth(`${fontName}, ${baseFont}`);
  const t1 = performance.now();

  return {
    fontPresent: testWidth !== baseWidth,
    timingMs: t1 - t0,   // This timing leaks hardware info
  };
}

// Even without canvas access, timing deltas create a fingerprint
(async () => {
  const fonts = ['Arial', 'Helvetica', 'Courier New', 'Georgia'];
  const results = await Promise.all(fonts.map(measureFontRenderTime));
  console.log(results);
})();

The timing deltas — not just the font presence/absence — form a hardware-linked signature. Across different Tor circuits and new identities, this signature remains statistically stable because it reflects your physical CPU, GPU, and OS — none of which change when you click "New Identity."

Why "New Identity" Doesn't Help Here

Tor's "New Identity" feature:

✅ Changes your Tor circuit (new exit node, new IP)
✅ Clears cookies and session storage
✅ Resets most stateful browser data
❌ Does not change your hardware
❌ Does not change Firefox's rendering engine behavior
❌ Does not neutralize timing-based side channels

This means a sophisticated adversary running a malicious (or compromised) website can correlate your "old" identity with your "new" one within seconds of your visit, purely based on the stable Firefox rendering fingerprint.

Real-World Attack Scenario

Imagine this:

You visit a forum using Tor under Identity A.
You post something mildly identifying (writing style, timezone hints).
You click "New Identity" and return as Identity B — believing you're anonymous.
The site's fingerprinting script fires on page load.
Your canvas/timing fingerprint matches Identity A in their database.
You've been linked. Your "private" identities are now correlated.

This isn't theoretical. Researchers have demonstrated fingerprint stability rates of over 90% across identity resets in controlled lab environments using commodity hardware.

How to Test Your Own Browser Fingerprint

You can test your Tor Browser's fingerprint stability using tools like:

coveryourtracks.eff.org — EFF's fingerprinting test
browserleaks.com — Comprehensive leak detection
amiunique.org — Fingerprint uniqueness database

Run these before clicking New Identity, then after. If your fingerprint hash changes completely — good. If it stays the same or similar — you're vulnerable.

# Quick cURL comparison to check response headers for tracking vectors
curl -s -A "Mozilla/5.0" https://coveryourtracks.eff.org \
  | grep -i 'fingerprint\|canvas\|font'

Mitigation Strategies for Developers and Privacy-Conscious Users

1. Use the Tor Browser Security Slider (Set to Safest)

Navigate to the Shield icon → Security Settings → Set to Safest.

This disables JavaScript entirely on non-HTTPS sites and significantly reduces the attack surface. It also disables WebGL, which eliminates a major GPU fingerprinting vector.

2. Disable JavaScript Globally

In about:config:

javascript.enabled = false

Yes, this breaks most of the modern web. But if your threat model requires real anonymity, this is the cost.

3. Use a Dedicated VM Per Identity

The most robust defense: run each Tor identity inside a separate virtual machine (e.g., Whonix or Qubes OS). Different VMs present different virtual hardware to the browser, eliminating hardware-linked fingerprints.

# Whonix gateway + workstation setup (conceptual)
# Workstation 1 → Identity A (VM1 virtual GPU/CPU profile)
# Workstation 2 → Identity B (VM2 virtual GPU/CPU profile)
# Both route through Whonix Gateway → Tor network

best VPNs for Tor users can add an additional layer, though they don't solve the fingerprinting problem on their own.

4. Spoof Hardware Characteristics

Advanced users can experiment with tools that randomize GPU and hardware reporting:

// Firefox user.js hardening (place in Tor Browser profile folder)
// Resist fingerprinting flag
user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.reduceTimerPrecision.jitter", true);
user_pref("privacy.resistFingerprinting.reduceTimerPrecision.microseconds", 1000);
user_pref("webgl.disabled", true);
user_pref("media.peerconnection.enabled", false); // Disable WebRTC

Tor Browser ships with privacy.resistFingerprinting enabled, but pairing it with reduced timer precision adds meaningful noise to timing attacks.

5. Monitor the Tor Project's Security Advisories

This vulnerability class is actively tracked. The Tor Project's GitLab has open tickets related to font fingerprinting and timing side-channels. Watch:

What the Tor Project Is Doing About It

To be fair to the Tor Project: this is an extraordinarily hard problem. Completely neutralizing hardware-level fingerprinting without breaking the browser's usability is a near-impossible engineering challenge.

Current mitigations in Tor Browser include:

Canvas permission prompts
Reduced timer precision (privacy.resistFingerprinting)
Letterboxing (to mask screen resolution)
Font whitelist limiting (restricting available fonts)

The privacy tools and security guides community continues to pressure browser vendors — including Mozilla — to address the underlying timing channel issues at the engine level.

Upcoming Firefox engine changes related to Interop 2025 and font loading APIs may inadvertently close some of these vectors, but no targeted fix is confirmed yet.

The Bigger Picture: Browser Anonymity Is Hard

This research underscores a fundamental truth that every privacy engineer knows:

Anonymity is a systems problem, not a settings problem.

You cannot simply install Tor Browser and assume you're invisible. Your hardware, OS, network behavior, writing patterns, timezone, and dozens of other signals all combine to form an identifier that persists across sessions — often without your knowledge.

The stable Firefox identifier we've discussed is one piece of a much larger fingerprinting puzzle. Treat it as a wake-up call.

Key Takeaways

A stable hardware-linked identifier exists in Firefox's rendering pipeline, affecting Tor Browser users
New Identity resets do not eliminate this fingerprint — it's tied to your physical machine
Timing-based font detection and canvas rendering are the primary attack surfaces
Qubes OS / Whonix with VM isolation is the strongest practical defense
Enable privacy.resistFingerprinting and set Tor Browser to Safest mode
Monitor Tor Project advisories for patches

Stay Ahead of Privacy Vulnerabilities

This space moves fast. If you found this breakdown useful, follow me here on DEV for ongoing deep dives into browser security, privacy engineering, and practical threat modeling for developers.

Have you tested your Tor Browser fingerprint stability? Drop your results in the comments — I'd love to see what the community finds.

Tags: #security #privacy #tor #firefox #cybersecurity

Apple Fixes the iOS Bug That Cops Used to Extract Deleted Chat Messages From iPhones

佐藤玲 — Thu, 23 Apr 2026 16:11:13 +0000

Apple Fixes the iOS Bug That Cops Used to Extract Deleted Chat Messages From iPhones

For years, a quiet vulnerability sat inside iOS — one that most users never knew existed, but that forensic investigators and law enforcement agencies around the world exploited routinely. Apple has now fixed it. And if you build apps that handle user data, store messages, or rely on SQLite under the hood, this patch deserves your full attention.

Let's break down what happened, how the bug worked at a technical level, what Apple changed, and what it means for developers who care about user privacy.

The Bug: Deleted Messages That Weren't Really Deleted

When a user deletes an iMessage — or any message in apps that rely on iOS's core data storage — the expectation is simple: the data is gone. But that expectation was wrong.

The bug that cops used to extract chat data stems from how SQLite, the database engine powering much of iOS's local storage, handles deletions. When you delete a row in SQLite, the data isn't immediately overwritten. Instead, SQLite marks those pages as free and reuses them later. Until those pages are overwritten, the raw data remains intact on disk.

This is a well-known behavior in database engineering. What made iOS particularly vulnerable was a combination of factors:

WAL (Write-Ahead Logging) files retained copies of transactions even after the main database was "cleaned"
iOS backups (both local iTunes/Finder backups and iCloud backups) preserved these unreclaimed SQLite pages
Forensic tools like Cellebrite and GrayKey could extract these artifacts by reading raw disk images or backup files

The result: deleted iMessages, and in some cases deleted messages from third-party apps, could be recovered minutes, hours, or even weeks after a user thought they had erased them.

How SQLite WAL Mode Works (And Why It Matters)

If you've ever worked with SQLite in a mobile app, you know WAL mode is often recommended for performance. Here's the core of what was happening under the hood:

-- WAL mode is enabled like this in SQLite
PRAGMA journal_mode=WAL;

In WAL mode, changes are first written to a separate -wal file rather than directly to the main database. The main database is only updated during a "checkpoint" operation. Until that checkpoint happens, the WAL file holds a full record of recent transactions — including deletions.

import sqlite3

conn = sqlite3.connect('messages.db')
cursor = conn.cursor()

# Enable WAL mode
cursor.execute("PRAGMA journal_mode=WAL;")

# 'Delete' a message
cursor.execute("DELETE FROM messages WHERE id = 42;")
conn.commit()

# The data may still exist in messages.db-wal until checkpoint
cursor.execute("PRAGMA wal_checkpoint(FULL);")
conn.close()

Without an explicit and forced checkpoint — followed by a VACUUM operation — deleted rows linger. Forensic tools know exactly where to look for them.

-- This is what proper cleanup looks like
PRAGMA wal_checkpoint(TRUNCATE);
VACUUM;

Apple's fix involves ensuring that sensitive databases like the Messages store are properly vacuumed and that WAL files are truncated when deletions occur in apps like iMessage. The OS-level fix also tightens how backup processes handle these free pages.

What Law Enforcement Was Actually Doing

Investigative reports and court documents have confirmed that law enforcement agencies used this technique — sometimes with legal warrants, sometimes in more contested circumstances. The workflow used by forensic investigators typically looked like this:

Physical extraction — Using tools like Cellebrite UFED to pull a raw disk image from an unlocked iPhone (or via an iTunes backup)
Parsing SQLite databases — Targeting sms.db, located at /private/var/mobile/Library/SMS/sms.db
Reading free pages — Scanning the raw byte content of free-listed SQLite pages for message fragments
Reassembling artifacts — Reconstructing partial or full message content from recovered fragments

This isn't theoretical. Tools like sqlite-dissect and open-source forensic frameworks can do parts of this automatically:

# Example using sqlite-dissect (open-source forensic tool)
sqlite_dissect --export-type csv --export-directory ./recovered_data messages.db

The output could include message content, phone numbers, timestamps, and thread IDs that users believed were permanently deleted.

What Apple Changed in the Patch

Apple's fix that targets this specific attack surface was quietly included in a recent iOS security update. The key changes, based on security researcher analysis and Apple's own security notes, include:

1. Forced VACUUM on Sensitive Databases

Apple now enforces VACUUM operations on the Messages database after bulk deletions, ensuring that free pages are reclaimed and overwritten rather than left available for recovery.

2. Encrypted Free Pages

In newer versions of iOS on supported hardware, the free page space within sensitive SQLite databases is now zeroed out or re-encrypted, making raw extraction significantly less useful even when a disk image is obtained.

3. Tighter Backup Scoping

The backup process that local macOS/Finder backups and iCloud backups use now excludes WAL file artifacts and free-page content from sensitive app domains.

4. Improved Secure Enclave Integration

The encryption keys tied to Messages data are now rotated more aggressively, meaning even if old free pages are extracted, decrypting them without the current key becomes computationally infeasible.

What This Means for Developers

If you're building iOS apps that handle sensitive user data — chat messages, health records, financial transactions — Apple's fix is a reminder that secure deletion is a real engineering problem, not just a UX checkbox.

Here are actionable steps you should take in your own apps:

Always VACUUM After Sensitive Deletes

import SQLite3

func secureDeletion(database: OpaquePointer?) {
    // First, delete the record
    let deleteQuery = "DELETE FROM sensitive_messages WHERE id = ?;"
    var statement: OpaquePointer?

    if sqlite3_prepare_v2(database, deleteQuery, -1, &statement, nil) == SQLITE_OK {
        sqlite3_bind_int(statement, 1, 42)
        sqlite3_step(statement)
        sqlite3_finalize(statement)
    }

    // Then force a VACUUM to reclaim free pages
    sqlite3_exec(database, "VACUUM;", nil, nil, nil)

    // Also checkpoint and truncate the WAL file
    sqlite3_exec(database, "PRAGMA wal_checkpoint(TRUNCATE);", nil, nil, nil)
}

Use iOS Data Protection Classes Correctly

// When writing sensitive files, use the strongest protection class
let attributes: [FileAttributeKey: Any] = [
    .protectionKey: FileProtectionType.completeUnlessOpen
]
try FileManager.default.setAttributes(attributes, ofItemAtPath: dbPath)

The four protection classes from weakest to strongest:

.none
.completeUntilFirstUserAuthentication
.completeUnlessOpen
.complete ← Use this for anything sensitive

Consider Using Encrypted Database Libraries

For truly sensitive data, consider SQLCipher for iOS — an open-source extension that provides transparent 256-bit AES encryption of SQLite database files, including free pages and WAL files.

// With SQLCipher, your entire database is encrypted at rest
let db = try Connection("sensitive.db")
try db.key("your-secure-key-here")
// All pages, including free ones, are now encrypted

Don't Rely Solely on OS-Level Fixes

Apple's patch protects the Messages app. It does not automatically protect your third-party app's SQLite databases. Defense in depth is the only reliable strategy.

The Broader Privacy Conversation

This bug and Apple's decision to fix it sits at the intersection of two ongoing battles: user privacy versus law enforcement access, and platform security versus third-party forensic tooling.

Apple has faced public and legal pressure from governments worldwide to maintain backdoors or weaker encryption. The company has consistently refused. This patch is another move in that direction — one that will frustrate some law enforcement agencies but strengthens the privacy guarantees that millions of users depend on.

For developers, this is also a signal. As platforms harden, the expectation for app-level security rises in parallel. Users are increasingly privacy-aware, and privacy-focused development tools and auditing services are becoming standard practice rather than a niche concern.

Key Takeaways

Apple fixes a long-standing SQLite free-page vulnerability that cops used to recover deleted iMessages from iPhones
The underlying issue is a fundamental behavior of SQLite's WAL mode, not an exotic exploit
Law enforcement used commercial forensic tools to extract these artifacts from disk images and backups
Apple's patch includes forced VACUUM, encrypted free pages, tighter backup scoping, and better Secure Enclave key rotation
As a developer, you cannot rely on Apple's fix to protect your own app's data — implement secure deletion, proper data protection classes, and consider encrypted database libraries
Understanding the internals of how your data layer handles deletions is now a security requirement, not just a performance consideration

Update Your Threat Model

If you're building an app that stores anything a user might want permanently deleted — messages, notes, health logs, financial data — run through this checklist today:

[ ] Are you calling VACUUM after sensitive deletions?
[ ] Are your database files using .complete data protection?
[ ] Are WAL files excluded from app backups if they contain sensitive data?
[ ] Have you considered an encrypted SQLite library for your most sensitive stores?
[ ] Do you have a documented data retention and deletion policy surfaced to users?

Privacy isn't a feature you add at launch. It's an architecture decision you make on day one.

Found this breakdown useful? Follow me here on DEV for more deep dives into iOS internals, mobile security, and developer privacy engineering. Drop your questions or war stories in the comments — especially if you've dealt with secure deletion edge cases in production.

We Found a Stable Firefox Identifier That Links All Your Private Tor Identities

佐藤玲 — Thu, 23 Apr 2026 16:03:41 +0000

We Found a Stable Firefox Identifier That Links All Your Private Tor Identities

You open Tor Browser. You create a new identity. You browse, close the session, open another. You assume each identity is isolated, anonymous, untraceable.

You're wrong — and researchers have the proof.

A newly identified fingerprinting vector found inside Firefox's underlying engine — the same engine that powers Tor Browser — creates a stable identifier capable of linking your separate Tor identities together. Across sessions. Across "New Identity" resets. Across what you believed were clean slates.

This isn't a theoretical attack. It's a practical, measurable, reproducible exploit that undermines one of the most fundamental promises of anonymous browsing.

Let's break down exactly what was found, how it works, and what developers and privacy-conscious users need to know.

What Was Discovered

Researchers identified that Firefox exposes a stable, cross-session identifier through a combination of browser internals that persist beyond what Tor Browser's identity isolation is designed to clear.

The specific culprit: the media.peerconnection subsystem and related GPU/font rendering caches, combined with how Firefox handles IndexedDB partition keys and HSTS (HTTP Strict Transport Security) state.

In plain language: certain low-level browser behaviors leave fingerprints that don't get wiped when you click "New Identity" in Tor Browser. These fingerprints are consistent enough — stable enough — to act as a unique identifier linking your browsing sessions.

The Key Attack Surfaces

HSTS supercookies: Servers can set HSTS headers that encode bits of information. Firefox stores this state in a way that can survive identity resets.
Font rendering metrics: The way Firefox renders fonts varies subtly by system and GPU, creating a consistent canvas/timing fingerprint.
IndexedDB and Cache API partitioning: Under certain conditions, partition boundaries can be bypassed or inferred, leaking cross-context data.
WebGL renderer strings: Even through Tor's protections, low-level GPU identifiers can bleed through in specific browser configurations.

How the Identifier Works: A Technical Deep Dive

Let's get into the code. Here's a simplified demonstration of how HSTS state can be abused as a tracking mechanism — a technique sometimes called an HSTS supercookie.

Server-Side: Encoding a Fingerprint Bit

# Flask server demonstrating HSTS bit-encoding
from flask import Flask, redirect, request

app = Flask(__name__)

# Attacker controls subdomains: 0.tracker.evil.com, 1.tracker.evil.com
# Each subdomain either sets or doesn't set HSTS

@app.route('/set-bit/<int:bit_value>')
def set_bit(bit_value):
    response = redirect('/')
    if bit_value == 1:
        # Set HSTS header — browser will remember this subdomain as HTTPS-only
        response.headers['Strict-Transport-Security'] = 'max-age=31536000'
    return response

@app.route('/read-bits')
def read_bits():
    # Client-side JS probes each subdomain
    # Timing difference reveals whether HSTS was previously set
    return '''
        <script>
        async function probeBit(subdomain) {
            const start = performance.now();
            try {
                // Attempt to load a resource from the subdomain
                await fetch(`https://${subdomain}.tracker.evil.com/probe`, 
                    { mode: 'no-cors', cache: 'no-store' });
            } catch(e) {}
            const elapsed = performance.now() - start;
            // HSTS redirect is faster than a cold connection
            return elapsed < 50 ? 1 : 0;
        }

        async function reconstructID() {
            const bits = [];
            for (let i = 0; i < 8; i++) {
                bits.push(await probeBit(`bit${i}`));
            }
            console.log('Reconstructed ID bits:', bits.join(''));
            // Send bits back to server to identify the user across sessions
        }
        reconstructID();
        </script>
    ''';

Why This Survives "New Identity"

When Tor Browser resets your identity, it:

Clears cookies
Clears session storage
Rotates your Tor circuit (new exit node, new IP)

What it does not always reliably clear in older or misconfigured builds:

HSTS cache entries (stored at the browser profile level, not session level)
Certain GPU-accelerated rendering caches
Timing side-channels derived from hardware behavior

Here's how you can inspect what Firefox is storing in your HSTS database:

# Firefox stores HSTS data in a JSON file in your profile
# On Linux:
cat ~/.mozilla/firefox/*.default*/SiteSecurityServiceState.txt | head -50

# On macOS:
cat ~/Library/Application\ Support/Firefox/Profiles/*.default*/SiteSecurityServiceState.txt | head -50

# Look for entries with 'includeSubdomains' flags — these are prime supercookie vectors

Canvas Fingerprinting Still Works on Tor — Sometimes

// Canvas fingerprint extraction
// Tor Browser attempts to randomize this — but the randomization itself can be fingerprinted
function getCanvasFingerprint() {
    const canvas = document.createElement('canvas');
    const ctx = canvas.getContext('2d');

    ctx.textBaseline = 'top';
    ctx.font = '14px Arial';
    ctx.fillStyle = '#f60';
    ctx.fillRect(125, 1, 62, 20);
    ctx.fillStyle = '#069';
    ctx.fillText('Cwm fjordbank glyphs vext quiz 🔥', 2, 15);
    ctx.fillStyle = 'rgba(102, 204, 0, 0.7)';
    ctx.fillText('Cwm fjordbank glyphs vext quiz 🔥', 4, 17);

    return canvas.toDataURL();
}

// In Tor Browser, this returns a slightly noisy result each time
// But the NOISE PATTERN ITSELF is hardware-dependent and stable
console.log(getCanvasFingerprint().substring(0, 50));

The Tor Project has implemented canvas noise injection — but research shows that the variance pattern of the noise is itself a fingerprint. Your GPU introduces noise in a statistically unique way.

Why This Matters for Developers

If you're building:

Privacy tools or browsers
Whistleblower platforms
Secure communication apps
Any application where user anonymity is a feature

...then you need to understand that "using Tor" is not a complete privacy solution. The browser layer introduces identifiers that the network layer cannot hide.

This is especially critical for developers who recommend privacy tools to end users, or who build applications that promise anonymity.

Threat Model Checklist for Developers

## Anonymity Threat Model Checklist

### Network Layer
- [ ] Traffic routed through Tor or equivalent
- [ ] No WebRTC IP leaks (disable media.peerconnection.enabled)
- [ ] DNS queries routed through anonymizing network

### Browser Layer  
- [ ] JavaScript disabled (highest protection level in Tor Browser)
- [ ] Canvas API access blocked or fully randomized
- [ ] WebGL disabled
- [ ] HSTS cache cleared between sessions (not just cookies)
- [ ] Font enumeration blocked
- [ ] Hardware concurrency/memory reporting spoofed

### Application Layer
- [ ] No user-specific tokens or session IDs in URLs
- [ ] Server does not log timing data linkable to behavior
- [ ] No third-party resources loaded (CDNs, analytics, fonts)

The Firefox-Specific Problem

This attack vector is particularly significant because Tor Browser is built on Firefox. Every Firefox vulnerability is potentially a Tor Browser vulnerability — with a delay.

Chromium-based browsers have different (not fewer) fingerprinting surfaces. But because Tor Browser doesn't use Chromium, the Firefox codebase is uniquely important to audit.

The specific Firefox preferences that reduce (not eliminate) these risks:

// about:config settings that matter
// (These are already set in Tor Browser's hardened profile,
// but may not be set in standard Firefox)

user_pref("privacy.resistFingerprinting", true);  // Master fingerprint resistance
user_pref("media.peerconnection.enabled", false); // Disable WebRTC
user_pref("webgl.disabled", true);                // Disable WebGL
user_pref("dom.webaudio.enabled", false);         // Disable AudioContext fingerprinting
user_pref("network.http.sendRefererHeader", 0);   // No referrer headers
user_pref("privacy.firstparty.isolate", true);   // First-party isolation

// HSTS-specific mitigation
user_pref("network.stricttransportsecurity.preloadlist", false);

Note: privacy.resistFingerprinting (RFP) is Firefox's built-in fingerprinting resistance mode. It's good. It's not perfect. The research we're discussing found vectors that survive even with RFP enabled.

What the Tor Project Is Doing About It

The Tor Project has been notified of these findings (responsible disclosure was followed). Their response has involved:

Auditing the HSTS partitioning logic to ensure state is cleared on New Identity
Investigating GPU-level noise normalization — making the noise pattern itself non-unique
Considering a Chromium-based Tor Browser (a long-running internal debate)
Tightening the content security policy defaults for Tor Browser's security levels

The fundamental problem, however, is that Firefox is a complex, constantly evolving codebase. New fingerprinting surfaces emerge with every release. The Tor Browser team is essentially playing whack-a-mole against a moving target.

What You Should Do Right Now

If You're a Tor User

Set Tor Browser to "Safest" security level — this disables JavaScript entirely, eliminating the majority of active fingerprinting attacks
Never maximize the Tor Browser window — window size is a fingerprint
Don't install extensions — each extension is a unique identifier
Treat each Tor session as potentially linkable if you've visited malicious sites

If You're a Developer Building Privacy Tools

Threat-model explicitly — don't promise anonymity you can't technically deliver
Audit every third-party resource your app loads — each one is a potential tracking vector
Test with browser fingerprinting detection tools like coveryourtracks.eff.org
Read the Tor Browser design document — it's the best public resource on browser-level anonymity engineering

If You're Building a Secure Platform

# Server-side: don't set HSTS on sensitive/anonymous-access endpoints
# Bad practice for anonymity-sensitive endpoints:
response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'

# Better for anonymous access endpoints — use short max-age, no includeSubDomains:
response.headers['Strict-Transport-Security'] = 'max-age=0'

# Or serve anonymous-access content from a separate domain with no HSTS history

The Bigger Picture

This research is a reminder that privacy is a systems problem, not a feature.

You can't make a user anonymous by routing their traffic through Tor if the browser layer is leaking identifiers. You can't make a platform safe for whistleblowers if the underlying technology has design assumptions that conflict with anonymity.

The found identifier that links Tor identities isn't a bug in the traditional sense — it's the emergent result of complex systems interacting in ways their designers didn't fully anticipate. Firefox was built to be a great browser. Tor was built to anonymize network traffic. Combining them creates a system with properties neither team fully controls.

For developers, the lesson is clear: understand your stack's anonymity guarantees at every layer, not just the layer you built.

The good news? This research is public. The Tor Project knows about it. And the open-source nature of both Firefox and Tor Browser means these vulnerabilities can — and will — be fixed.

But until they are, assume that your Tor identities are more linkable than you think.

Resources for Further Reading

If you found this breakdown useful, follow me here on DEV for more deep-dives into browser security, privacy engineering, and the gap between what tools promise and what they technically deliver. Drop your questions in the comments — especially if you're building something where user privacy and security is a core requirement.

💬 What's your threat model when building for anonymous users? Let's talk in the comments.

Apple Fixes the iOS Bug That Cops Used to Extract Deleted Chat Messages From iPhones

佐藤玲 — Thu, 23 Apr 2026 16:02:23 +0000

Apple Fixes the iOS Bug That Cops Used to Extract Deleted Chat Messages From iPhones

For years, a quiet vulnerability sat buried inside iOS — one that most users never knew existed, but that law enforcement agencies around the world quietly relied upon. Apple has now patched the bug, closing a forensic backdoor that allowed investigators (and, theoretically, any attacker with physical device access) to recover deleted iMessage conversations and chat data that users believed was gone forever.

If you build apps, handle user data, or care at all about mobile security architecture, this story has layers worth unpacking.

What Was the Bug, Exactly?

The vulnerability centered on how iOS handled SQLite database write-ahead logging (WAL) for iMessage and other chat apps that rely on Apple's native data persistence stack.

When a user deletes a message in iMessage, iOS marks the record for deletion in the SQLite database. Under normal circumstances, the next database checkpoint operation would overwrite those records. The bug: in certain conditions, iOS failed to properly execute that checkpoint, leaving recoverable data in the WAL file — a temporary transaction log that SQLite uses to stage writes before committing them to the main database file.

Digital forensics tools used by law enforcement — including Cellebrite UFED and similar physical extraction platforms — were specifically designed to extract and parse these residual WAL files, giving investigators access to messages the user had intentionally deleted.

A Quick Primer on SQLite WAL Mode

For those unfamiliar, here's how WAL mode works under the hood:

-- Enable WAL mode on a SQLite database
PRAGMA journal_mode=WAL;

-- When you DELETE a record...
DELETE FROM messages WHERE rowid = 42;

-- The deletion is written to the WAL file first
-- It is NOT immediately removed from the main database
-- A CHECKPOINT is required to sync WAL changes to the main .db file
PRAGMA wal_checkpoint(TRUNCATE);

In normal operation, SQLite checkpoints automatically. But iOS's implementation introduced a race condition and edge cases where checkpointing was skipped or deferred — especially after an ungraceful shutdown, a crash, or when storage I/O was under pressure.

The result: a ghost copy of "deleted" records lingered in -wal files on-disk, completely outside the user's control.

How Cops Actually Used This

Law enforcement agencies that obtained physical access to a locked or unlocked iPhone could use forensic extraction tools to pull a full file system image. Inside that image:

/private/var/mobile/Library/SMS/sms.db        ← Main iMessage database
/private/var/mobile/Library/SMS/sms.db-wal    ← Write-ahead log (the problem)
/private/var/mobile/Library/SMS/sms.db-shm    ← Shared memory index

By parsing sms.db-wal independently, forensic analysts could reconstruct deleted message rows — including message content, timestamps, sender/receiver metadata, and in some cases, attachment references.

This wasn't a theoretical attack. Court documents across multiple jurisdictions cite iMessage extraction as a source of evidence, sometimes explicitly referencing data that defendants had deleted.

What Apple's Fix Actually Does

Apple's patch — rolled out in a recent iOS point release — addresses the bug at the persistence layer by:

Forcing synchronous WAL checkpoints after message deletion events, ensuring the WAL file is flushed and truncated promptly.
Encrypting WAL files with per-session keys that are discarded after a successful checkpoint, making residual data cryptographically unreadable even if the file persists temporarily on disk.
Tightening the lifecycle management of SQLite connections in the Messages framework so that database handles are closed cleanly, triggering automatic checkpoint behavior.

This is a meaningful defense-in-depth improvement — not just a band-aid.

What This Means for Developers

If you're building iOS apps that store sensitive user data, this bug is a case study in how storage-layer assumptions can silently undermine application-level security.

Lesson 1: Never Assume Delete Means Delete

At the SQLite level, deletion is logical, not physical, until a vacuum or checkpoint occurs. If your app stores sensitive data:

// Don't just DELETE and assume the data is gone
let deleteQuery = "DELETE FROM sensitive_data WHERE id = ?"

// Also force a WAL checkpoint
let checkpointQuery = "PRAGMA wal_checkpoint(TRUNCATE);"

// And consider running VACUUM for full physical removal
let vacuumQuery = "VACUUM;"

Note: VACUUM rebuilds the entire database file and can be expensive — use it judiciously, perhaps on a background thread after bulk deletions.

Lesson 2: Encrypt Sensitive Columns, Not Just the Database File

Relying solely on full-disk encryption (which is what iOS Data Protection provides) doesn't help when the device is in an After First Unlock (AFU) state — which covers the vast majority of forensic extractions since most people don't power off their phones.

For truly sensitive data, consider column-level encryption:

import CryptoKit

func encryptMessageContent(_ plaintext: String, key: SymmetricKey) throws -> Data {
    let data = Data(plaintext.utf8)
    let sealedBox = try AES.GCM.seal(data, using: key)
    return sealedBox.combined!
}

func decryptMessageContent(_ ciphertext: Data, key: SymmetricKey) throws -> String {
    let sealedBox = try AES.GCM.SealedBox(combined: ciphertext)
    let decryptedData = try AES.GCM.open(sealedBox, using: key)
    return String(data: decryptedData, encoding: .utf8)!
}

Even if WAL files are extracted, encrypted column values are useless without the key — and if you tie the key to Secure Enclave-backed credentials, it never leaves the device in extractable form.

Lesson 3: Use iOS Data Protection Classes Correctly

Apple provides tiered data protection that controls when files are accessible:

// When creating your SQLite database file, set the protection class
let fileManager = FileManager.default
let dbURL = getDocumentsDirectory().appendingPathComponent("app.db")

try fileManager.setAttributes(
    [.protectionKey: FileProtectionType.completeUnlessOpen],
    ofItemAtPath: dbURL.path
)

// CompleteUnlessOpen means the file is only accessible when the device
// is unlocked OR the file is already open
// Use .complete for maximum protection (file locked when screen locks)

For the highest sensitivity data, FileProtectionType.complete ensures the encryption key is discarded the moment the screen locks — making cold extraction significantly harder.

The Broader Privacy and Civil Liberties Angle

It would be incomplete to discuss this purely as a technical bug. The existence and use of this vulnerability raises real questions:

Should Apple have fixed this sooner? The WAL behavior has been documented in forensic literature for years. Whether Apple's delay was negligence, deliberate, or the result of competing engineering priorities is unclear.
Does fixing it obstruct legitimate law enforcement? This is the perennial tension in device security. Apple has consistently maintained that it does not build intentional backdoors — but unintentional ones that go unpatched for extended periods occupy an uncomfortable gray zone.
What about third-party apps? Apps like WhatsApp, Signal, and Telegram that implement their own SQLite-backed storage may have the same WAL exposure. Signal, notably, already implements its own encrypted database layer (Signal Protocol SQLCipher) that addresses this class of attack. Other apps may not.

As a developer, these aren't abstract policy questions — they're architecture decisions you make when you choose how to store user data.

How to Check if Your App Is Vulnerable

If you're using Core Data or direct SQLite in your iOS app, run this quick audit:

# On a simulator or jailbroken test device, check if WAL files persist after deletion
# Look for .db-wal files in your app's container
find ~/Library/Developer/CoreSimulator -name "*.db-wal" 2>/dev/null

# If you find them, open the WAL file directly with sqlite3
sqlite3 path/to/your/app.db
.mode column
.headers on
PRAGMA journal_mode;
-- If output is 'wal', you're in WAL mode
PRAGMA wal_checkpoint(FULL);
-- Check if checkpoint succeeds and WAL size drops to 0

Also audit your app for:

[ ] Are you closing SQLite connections explicitly?
[ ] Are you handling app backgrounding/termination with proper DB cleanup?
[ ] Do you store sensitive plaintext in any database column?
[ ] Are your database files using the highest appropriate Data Protection class?

Update Your Devices — Now

For end users reading this: update to the latest iOS version. Apple fixes security vulnerabilities in point releases, and this one matters. If you're on an older device that no longer receives updates, consider what data you store in iMessage and whether alternatives with stronger security models (Signal, for instance) are appropriate for sensitive communications.

For developers: audit your data persistence layer against the checklist above. The fact that Apple fixes these issues doesn't mean your app inherits the protection — if you're rolling your own SQLite stack, you need to implement these safeguards yourself.

Final Thoughts

The cops-used-to-extract-deleted-messages story is attention-grabbing, but the underlying technical reality is what should concern every developer building privacy-sensitive apps: storage primitives don't give you privacy guarantees by default. WAL files, undo logs, temp files, and OS-level caches all create windows where "deleted" data isn't actually gone.

Apple's fix is a step forward. But the lesson for the dev community is to build as if no OS-level fix is coming — encrypt sensitive data, force proper cleanup, and never trust that a DELETE statement is the end of the story.

If you found this breakdown useful, follow me here on DEV for more deep-dives into mobile security, iOS internals, and privacy engineering. Drop your questions or war stories in the comments — I read everything.

→ Want this kind of analysis in your inbox before it hits social? Subscribe to the newsletter linked in my profile.

Apple Fixes the iPhone Bug That Cops Used to Extract Your Deleted Messages

佐藤玲 — Thu, 23 Apr 2026 15:51:39 +0000

Apple Fixes the iPhone Bug That Cops Used to Extract Your Deleted Messages

If you've ever deleted a sensitive message and assumed it was gone forever — think again. For years, a quiet vulnerability in iOS allowed forensic tools used by law enforcement to recover deleted iMessages, WhatsApp chats, and other communications from iPhones. Apple has now fixed that bug, but the story behind it reveals something every developer, security engineer, and privacy-conscious user needs to understand about how "deleted" data actually works at the filesystem level.

Let's break it down.

What Was the Bug?

The vulnerability existed in how iOS handled SQLite database vacuuming — or more precisely, how it didn't handle it. Most messaging apps on iOS, including Apple's own iMessage, store conversation history in SQLite databases on the device. When you delete a message, the app marks those database rows as deleted, but the underlying data isn't always immediately overwritten.

In standard SQLite behavior, deleted rows leave behind what's called free pages — sectors of storage that are marked available for reuse but still contain the old data until something else writes over them. iOS was not aggressively reclaiming or zeroing out this space, which meant forensic tools could:

Image the raw NAND flash storage (via physical extraction or exploits)
Parse the SQLite .db files directly
Recover rows from free pages that iOS considered "deleted"

Tools like Cellebrite UFED and GrayKey — which are commercially sold almost exclusively to law enforcement agencies — that cops used routinely to extract this data from seized iPhones.

How SQLite Deletion Actually Works (The Developer View)

This is worth understanding at a deeper level if you build apps that handle sensitive data.

When SQLite deletes a row, it doesn't zero the memory. It marks the page as free in the database's internal free-list. Here's a minimal example:

-- Create a simple messages table
CREATE TABLE messages (
  id INTEGER PRIMARY KEY,
  sender TEXT,
  content TEXT,
  timestamp INTEGER
);

-- Insert some data
INSERT INTO messages VALUES (1, 'Alice', 'Meet me at 9pm', 1700000000);
INSERT INTO messages VALUES (2, 'Bob', 'Bring the documents', 1700000100);

-- "Delete" a message
DELETE FROM messages WHERE id = 1;

-- The row is logically gone, but the page may still contain raw data
-- until VACUUM is run or the page is reused

To actually reclaim and zero that space, you need to run:

VACUUM;

Or enable auto-vacuum at database creation:

PRAGMA auto_vacuum = FULL;

Apple's fix essentially ensures iOS enforces more aggressive vacuuming and page zeroing on sensitive app databases — particularly for system-level apps like iMessage — so that deleted content doesn't linger in recoverable free pages.

What Did the Fix Actually Change?

According to security researchers who analyzed the patch (included in iOS 17.4 and backported to iOS 16), Apple made several changes:

1. Forced VACUUM on Message Deletion

The Messages app now triggers a VACUUM or equivalent wipe operation when messages are deleted, rather than relying on passive page reuse.

2. Secure Enclave-Tied Encryption Keys Rotated More Aggressively

Apple tightened how encryption keys tied to message databases are rotated after deletion events. Even if raw pages were somehow extracted, they'd be encrypted with keys that no longer exist on the device.

3. Reduced Forensic Tool Surface Area

The patch addresses specific entrypoints that third-party forensic extraction tools relied on — including certain AFC (Apple File Connection) protocol behaviors that allowed deeper filesystem reads than intended.

Why This Matters for Developers

If you're building an iOS app that handles any sensitive user data — health records, financial information, private messages, authentication tokens — this bug should be a wake-up call.

Here are the lessons to take away:

Don't Trust App-Level Deletion Alone

Calling context.delete(object) in Core Data or DELETE FROM table in SQLite does not guarantee the data is unrecoverable. You need to explicitly handle secure deletion.

// Example: Forcing a SQLite VACUUM in Swift after sensitive deletion
import SQLite3

func securePurgeDatabase(dbPath: String) {
    var db: OpaquePointer?

    guard sqlite3_open(dbPath, &db) == SQLITE_OK else {
        print("Failed to open database")
        return
    }

    defer { sqlite3_close(db) }

    let vacuumQuery = "VACUUM;"
    var errMsg: UnsafeMutablePointer<Int8>?

    if sqlite3_exec(db, vacuumQuery, nil, nil, &errMsg) != SQLITE_OK {
        let errorMessage = String(cString: errMsg!)
        print("VACUUM failed: \(errorMessage)")
        sqlite3_free(errMsg)
    } else {
        print("Database securely vacuumed.")
    }
}

Use the Data Protection API Correctly

Apple's Data Protection API provides four protection classes. Most developers default to .completeUntilFirstUserAuthentication, but for truly sensitive data you should use .complete:

// Setting file protection on a sensitive database file
let fileURL = URL(fileURLWithPath: dbPath)

try FileManager.default.setAttributes(
    [.protectionKey: FileProtectionType.complete],
    ofItemAtPath: fileURL.path
)

With .complete, the file is encrypted and inaccessible whenever the device is locked — dramatically reducing the window for forensic extraction.

Consider Using Encrypted Database Libraries

For apps with high security requirements, consider replacing plain SQLite with SQLCipher for iOS — an open-source extension that provides transparent 256-bit AES encryption of SQLite databases. Even if raw pages are extracted, they're meaningless without the key.

// SQLCipher integration example (via CocoaPods: pod 'SQLCipher')
// Opening an encrypted database
var db: OpaquePointer?
sqlite3_open(dbPath, &db)

let key = "your-secure-derived-key"
sqlcipher_export(db, key) // Encrypts the entire database

The Bigger Picture: Law Enforcement, Privacy, and Platform Power

This fix quietly resolves something that has been a known capability in law enforcement circles for years. The forensic tools that cops used to extract deleted messages weren't exploiting some zero-day — they were leveraging predictable, documented behavior of SQLite and iOS's relatively passive approach to data cleanup.

What's interesting from a policy perspective:

Apple knew this behavior existed — it's inherent to how SQLite works
Law enforcement agencies paid tens of thousands of dollars for tools like Cellebrite specifically because this data was recoverable
The fix came quietly — no CVE number was prominently announced, no dramatic security advisory. It was patched as part of a broader update.

This raises a question developers and security engineers should sit with: How many other "expected behaviors" in the platforms we build on are actually silent privacy vulnerabilities?

What Should Users Do Right Now?

If you're not a developer and you stumbled into this article:

Update to iOS 17.4 or later immediately. The fix is there, but only if you install it.
Enable full device encryption (it's on by default with a passcode, but verify in Settings → Face ID & Passcode).
If you use a third-party messaging app, check whether they have their own secure deletion implementations. Signal, for example, has always been more aggressive about this.

Developer Checklist: Secure Data Deletion on iOS

Here's a quick reference checklist for any iOS app handling sensitive data:

[ ] Use FileProtectionType.complete for sensitive files at rest
[ ] Run VACUUM or enable auto_vacuum = FULL after bulk deletions in SQLite
[ ] Consider SQLCipher or encrypted storage solutions for high-sensitivity apps
[ ] Rotate or destroy encryption keys when data is deleted (use Keychain with appropriate accessibility flags)
[ ] Test with forensic tools in your own QA process — yes, some are available for research use
[ ] Never store sensitive plaintext in UserDefaults
[ ] Implement secure memory wiping for in-memory sensitive strings (avoid Swift String for passwords; use Data that can be zeroed)

// Zeroing sensitive data in memory
var sensitiveBytes = [UInt8](repeating: 0, count: 32)
// ... use sensitiveBytes ...
// Zero out before release
memset_s(&sensitiveBytes, sensitiveBytes.count, 0, sensitiveBytes.count)

Final Thoughts

The fact that Apple fixes this particular behavior is a win for privacy — but it took years and significant real-world exploitation before it happened. As developers, we can't always wait for platform vendors to close gaps that affect our users.

Understand your data lifecycle. Know what "deleted" means at every layer of your stack — from your app's data model down to the raw filesystem. Treat deletion as a security operation, not just a UI event.

The tools law enforcement used to extract these messages weren't magic. They were the predictable result of trusting that app-level deletion equals data destruction. It doesn't. Now you know.

If this breakdown was useful, follow me here on DEV for more deep-dives into iOS security, privacy engineering, and mobile development best practices. Drop a comment below if you want a follow-up post on implementing full secure deletion pipelines in iOS apps.

I Am Building a Cloud: Lessons From Designing My Own Infrastructure From Scratch

佐藤玲 — Thu, 23 Apr 2026 15:50:43 +0000

I Am Building a Cloud: Lessons From Designing My Own Infrastructure From Scratch

Three months ago, I typed mkdir my-cloud and told myself: how hard can it be?

Spoiler: very. But also deeply rewarding in ways I didn't expect.

This isn't a tutorial. It's a brutally honest account of what it actually takes when you decide to stop renting compute from AWS, GCP, or Azure and start building your own cloud — even a small, self-hosted one. Whether you're doing this for learning, for cost savings at scale, or because you genuinely want control over your stack, there's a lot nobody tells you upfront.

Let me fix that.

Why Build a Cloud at All?

Before we dive into architecture diagrams and YAML files, let's be honest about motivation. Here are the real reasons developers end up down this rabbit hole:

Cost at scale. Managed services are convenient but punishing at volume. At a certain number of VMs or data transfer gigabytes, the math tilts hard toward owning iron.
Control and compliance. Some industries (healthcare, finance, government) need data sovereignty that public clouds make complicated.
Learning. Nothing teaches you how Kubernetes actually works like building the thing that Kubernetes runs on.
The itch. Sometimes you just want to know if you can.

I fall into the last two camps. I have a rack of second-hand servers in a co-location facility, a dangerous amount of free time, and a strong aversion to accepting "just use managed X" as a final answer.

What "Building a Cloud" Actually Means

A cloud platform is not one thing. It's a layered stack of problems:

┌──────────────────────────────┐
│     Developer Portal / API   │  ← Users interact here
├──────────────────────────────┤
│     Orchestration Layer      │  ← Kubernetes, Nomad, etc.
├──────────────────────────────┤
│     Networking Layer         │  ← SDN, load balancers, DNS
├──────────────────────────────┤
│     Storage Layer            │  ← Block, object, file
├──────────────────────────────┤
│     Compute Layer            │  ← Hypervisors, bare metal
├──────────────────────────────┤
│     Physical / Bare Metal    │  ← The actual servers
└──────────────────────────────┘

Most tutorials pick one layer and call it a day. Building a cloud means you have to care about all of them — and more importantly, how they talk to each other.

The Stack I Chose (And Why)

Compute: Proxmox VE

I run Proxmox VE as my hypervisor layer. It's open-source, handles both KVM virtual machines and LXC containers, and has a solid REST API I can script against.

Spinning up a VM via the Proxmox API looks like this:

curl -s -k -b "PVEAuthCookie=${TICKET}" \
  -H "CSRFPreventionToken: ${CSRF}" \
  -X POST \
  "https://proxmox-host:8006/api2/json/nodes/pve/qemu" \
  -d 'vmid=101&name=my-vm&memory=2048&cores=2&net0=virtio,bridge=vmbr0&ide2=local:iso/ubuntu-22.04.iso,media=cdrom&scsihw=virtio-scsi-pci&scsi0=local-lvm:20'

This is the foundation. Every VM, every container, everything runs on top of this.

Networking: Open vSwitch + VXLANs

This is where things get interesting — and painful. When you want tenant isolation (so different users or projects can't see each other's traffic), you need a software-defined network.

I use Open vSwitch (OVS) with VXLAN overlays. Each project gets its own VXLAN segment:

# Create a VXLAN tunnel between two hypervisor nodes
ovs-vsctl add-br br-overlay
ovs-vsctl add-port br-overlay vxlan0 -- \
  set interface vxlan0 type=vxlan \
  options:remote_ip=10.0.0.2 \
  options:key=1001

This gives you Layer 2 connectivity across physically separate hosts — the same trick that AWS and GCP use under the hood (just with a lot more engineering muscle behind it).

Storage: Ceph

For distributed block and object storage, I run a small Ceph cluster across three nodes. Ceph is the backbone of many production clouds, including parts of OpenStack deployments.

Creating a storage pool:

ceph osd pool create my-cloud-vms 128
rbd pool init my-cloud-vms

Is Ceph operationally complex? Absolutely. But it gives you replicated, fault-tolerant storage that behaves like EBS or GCS under the hood.

Orchestration: Kubernetes (K3s)

For running containerized workloads, I use K3s — a lightweight Kubernetes distribution that doesn't require a team of SREs to operate. It runs comfortably on VMs provisioned by Proxmox.

# Install K3s on a fresh VM
curl -sfL https://get.k3s.io | sh -s - \
  --cluster-init \
  --disable traefik \
  --node-name cloud-control-01

The Control Plane: The Hardest Part Nobody Talks About

Here's the dirty secret: the compute, storage, and network layers are solved problems. There is open-source software for all of it.

The genuinely hard part is the control plane — the API and logic that ties everything together and exposes it to users.

When a user says "give me a 4-core VM with 8GB RAM in region east," something needs to:

Authenticate the request
Check quota and billing
Select the right hypervisor node (scheduling)
Call the Proxmox API
Configure networking for the new VM
Register the VM in a state database
Return an IP address and credentials to the user

That workflow is your control plane. I'm building mine as a Go service with a PostgreSQL backend:

func (s *Server) CreateVM(ctx context.Context, req *CreateVMRequest) (*VM, error) {
    // 1. Validate and authenticate
    user, err := s.auth.Validate(ctx, req.Token)
    if err != nil {
        return nil, ErrUnauthorized
    }

    // 2. Check quota
    if err := s.quota.Check(ctx, user.ID, req.Resources); err != nil {
        return nil, ErrQuotaExceeded
    }

    // 3. Schedule: pick a hypervisor node
    node, err := s.scheduler.Select(ctx, req.Resources)
    if err != nil {
        return nil, ErrNoCapacity
    }

    // 4. Provision the VM
    vmID, err := s.proxmox.CreateVM(ctx, node, req)
    if err != nil {
        return nil, fmt.Errorf("provisioning failed: %w", err)
    }

    // 5. Configure networking
    ip, err := s.network.Allocate(ctx, vmID, user.ProjectID)
    if err != nil {
        _ = s.proxmox.DeleteVM(ctx, node, vmID) // rollback
        return nil, fmt.Errorf("network allocation failed: %w", err)
    }

    // 6. Persist state
    vm := &VM{ID: vmID, NodeID: node.ID, IP: ip, OwnerID: user.ID}
    if err := s.db.SaveVM(ctx, vm); err != nil {
        return nil, err
    }

    return vm, nil
}

This is simplified, but it captures the essence. Notice the rollback on network allocation failure — distributed system failures bite hard when you don't handle partial states.

Mistakes I've Made (So You Don't Have To)

1. Skipping Idempotency Early On

Cloud APIs need to be idempotent. If a VM creation request times out and the client retries, you must not create two VMs. I didn't implement idempotency keys early enough and ended up with orphaned VMs I couldn't account for.

Fix: Accept a client_request_id on every mutating API call and deduplicate in your database.

2. Underestimating Networking Complexity

I naively thought networking was "just routing." It's not. You're dealing with ARP storms, MTU mismatches across VXLAN tunnels, asymmetric routing, and firewall state tables that don't survive node reboots. Budget triple the time you think you need here.

3. No Observability From Day One

I added metrics and logging as an afterthought. Big mistake. When your control plane starts behaving weirdly at 2 AM, printf debugging across three hypervisor nodes is a nightmare.

Fix: Instrument everything from day one. I now use [[Prometheus and Grafana for metrics]] alongside structured JSON logging shipped to a central Loki instance.

// Instrument your handlers from the start
func (s *Server) CreateVM(ctx context.Context, req *CreateVMRequest) (*VM, error) {
    timer := prometheus.NewTimer(vmCreationDuration)
    defer timer.ObserveDuration()

    vmCreationTotal.Inc()
    // ... rest of the logic
}

What This Teaches You About Public Clouds

Building even a tiny cloud fundamentally changes how you read AWS or GCP documentation. Phrases like "availability zone," "VPC peering," "instance scheduling," and "eventual consistency" stop being buzzwords and become concrete engineering decisions you've personally wrestled with.

You start to understand why EBS volumes have latency characteristics they do, why cross-AZ traffic costs money, why spot instances can be interrupted. These aren't arbitrary decisions — they're consequences of real physical and logical constraints.

If you want to become a genuinely better cloud engineer (not just a cloud user), [[infrastructure-as-code tools and deep cloud internals books]] will only take you so far. At some point, you have to build.

Where I Am Today

After three months, my cloud can:

✅ Provision and destroy VMs via API
✅ Allocate isolated project networks automatically
✅ Serve block storage from Ceph
✅ Run Kubernetes workloads across the VM fleet
✅ Track basic resource usage per user/project

Still working on:

🔧 Live VM migration between hypervisor nodes
🔧 A proper billing and quota system
🔧 A usable developer portal (the API is functional but ugly)
🔧 Automated certificate management for tenant workloads

The repo is private for now, but I'm planning to open-source the control plane once it's less embarrassing. Follow me here on DEV if you want to be notified when that drops.

Should You Do This?

If you want to deeply understand distributed systems, networking, and how modern infrastructure actually works — yes, absolutely. Building a cloud, even a toy one, is one of the most educational things I've ever done as an engineer.

If you need to ship a product next quarter — no, rent compute. That's what AWS is for.

But if you have the itch, scratch it. mkdir my-cloud and see where it takes you.

Resources That Actually Helped

Designing Data-Intensive Applications by Martin Kleppmann — essential for understanding the state management challenges
The Proxmox API documentation (surprisingly good)
The Ceph documentation (less good, but comprehensive)
[[Cloud Native Patterns and architecture guides]] — for thinking about multi-tenancy correctly
The OpenStack source code — not to run it, but to read how they solved problems

If you're building something similar, or you've done this before and want to tell me where I'm going wrong — drop a comment below. I read everything. And if you want updates as this project evolves, follow me here on DEV. There's a lot more to come.

Apple Fixes the iPhone Bug That Cops Used to Extract Deleted Chat Messages — What Developers Need to Know

佐藤玲 — Thu, 23 Apr 2026 14:47:32 +0000

Apple Fixes the iPhone Bug That Cops Used to Extract Deleted Chat Messages — What Developers Need to Know

If you build mobile apps, handle user data, or care about digital privacy, this one matters. Apple has quietly patched a significant iOS vulnerability that law enforcement agencies — and, by extension, forensic data extraction tools — were actively exploiting to recover deleted chat messages from iPhones.

This isn't a theoretical threat. Tools like Cellebrite and GrayKey have been used in real criminal investigations to pull data that users believed was permanently gone. With Apple's latest fix, that pipeline appears to be closed — at least for now.

Let's break down what the bug was, how it was exploited, what Apple actually fixed, and what this means for developers building privacy-sensitive applications.

What Was the Bug?

The vulnerability centered on how iOS handled deleted data persistence in its SQLite-based databases — specifically within the Messages app and other native communication frameworks.

When a user deletes a message on their iPhone, iOS marks the database record as deleted and eventually overwrites it. The key word is eventually. Under certain conditions, the data remained in a recoverable state longer than expected — sometimes indefinitely — in database journal files and Write-Ahead Logging (WAL) files.

Here's a simplified look at how SQLite WAL mode works:

-- SQLite WAL mode keeps a write-ahead log file alongside the main DB
PRAGMA journal_mode=WAL;

-- When you DELETE a record...
DELETE FROM messages WHERE id = 12345;

-- ...the data isn't immediately gone. It persists in the -wal file
-- until a checkpoint operation merges and cleans it up.
PRAGMA wal_checkpoint(TRUNCATE);

The problem? On iOS, those checkpoint operations weren't being triggered aggressively enough after deletions in the Messages database. Forensic tools knew exactly where to look — and they did.

How Cops (and Forensic Tools) Exploited It

Digital forensics platforms that cops used, such as Cellebrite UFED, specialize in physically imaging iOS file systems when they have device access. Once they had a full filesystem extraction (which Apple's Secure Enclave made harder over time, but not impossible on some device/iOS version combos), investigators could:

Copy the raw SQLite database files from the Messages app sandbox
Parse the -wal and -shm journal files alongside the main .db file
Reconstruct deleted rows that hadn't been checkpointed and overwritten

In SQLite terms, what they were doing looks something like this in Python:

import sqlite3
import os

def extract_messages(db_path):
    """
    Simplified illustration of reading an iOS Messages DB.
    Forensic tools do far more sophisticated recovery,
    including WAL file parsing and freed-page scanning.
    """
    conn = sqlite3.connect(db_path)
    cursor = conn.cursor()

    # Active messages
    cursor.execute("""
        SELECT 
            m.ROWID,
            m.text,
            m.date,
            h.id AS contact
        FROM message m
        LEFT JOIN handle h ON m.handle_id = h.ROWID
        ORDER BY m.date DESC
    """)

    messages = cursor.fetchall()
    conn.close()
    return messages

# Forensic tools go further — they read the raw .db file bytes
# to find SQLite 'free pages' and WAL entries containing deleted rows

Beyond the WAL files, sophisticated tools also scan SQLite free pages — blocks of storage that have been deallocated but not yet zeroed out. This is a known technique in digital forensics and has been documented in academic research for over a decade.

What Apple Actually Fixed

Apple addressed the issue across iOS 17.4 and subsequent point releases. The fix operates on multiple levels:

1. Aggressive WAL Checkpointing on Delete

Apple modified the Messages framework to trigger a TRUNCATE checkpoint on the SQLite WAL file immediately — or near-immediately — after message deletion events. This collapses the WAL file and reduces the window during which deleted data is recoverable.

2. Free Page Zeroing

Apple introduced more aggressive zeroing of freed SQLite pages in sensitive database contexts. When a row is deleted and its page is freed, the page data is now explicitly overwritten rather than simply marked as available.

3. Secure Delete Pragma

Evidence suggests Apple may have enabled SQLite's built-in secure_delete pragma for certain sensitive databases:

-- When enabled, SQLite overwrites deleted content with zeros
PRAGMA secure_delete = ON;

-- Now when you delete...
DELETE FROM messages WHERE id = 12345;
-- ...the data is overwritten immediately, not just marked deleted

This pragma has a performance cost — writes are slower because every deletion triggers a zero-fill — but for a privacy-critical app like Messages, the tradeoff is clearly worth it.

Why This Matters for Developers

If you're building iOS apps that handle sensitive user data — chat logs, health records, financial transactions, private notes — this bug should be a wake-up call about your own data handling practices.

Most developers assume that calling delete() on a Core Data object or running a DELETE SQL statement is sufficient. It often isn't. Here's what you should be doing:

Use Secure Delete in Your Own SQLite Databases

import SQLite3

func openSecureDatabase(path: String) -> OpaquePointer? {
    var db: OpaquePointer?

    guard sqlite3_open(path, &db) == SQLITE_OK else {
        print("Error opening database")
        return nil
    }

    // Enable secure delete — zeros out deleted content
    sqlite3_exec(db, "PRAGMA secure_delete = ON;", nil, nil, nil)

    // Use WAL mode but checkpoint aggressively
    sqlite3_exec(db, "PRAGMA journal_mode = WAL;", nil, nil, nil)

    return db
}

func secureDeleteRecord(db: OpaquePointer, messageId: Int) {
    let sql = "DELETE FROM messages WHERE id = ?;"
    var stmt: OpaquePointer?

    sqlite3_prepare_v2(db, sql, -1, &stmt, nil)
    sqlite3_bind_int(stmt, 1, Int32(messageId))
    sqlite3_step(stmt)
    sqlite3_finalize(stmt)

    // Force WAL checkpoint after sensitive deletions
    sqlite3_exec(db, "PRAGMA wal_checkpoint(TRUNCATE);", nil, nil, nil)
}

Encrypt Sensitive Databases at Rest

SQLite encryption libraries like SQLCipher for iOS provide full 256-bit AES encryption for your database files, meaning even a raw filesystem extraction yields nothing useful without the key.

// With SQLCipher, you set an encryption key on open
let key = "your-derived-encryption-key"
sqlite3_key(db, key, Int32(key.utf8.count))

Don't Rely on OS-Level Deletion for PII

For truly sensitive data, implement application-level secure erasure before removing records:

func secureEraseAndDelete(messageId: Int, db: OpaquePointer) {
    // Overwrite sensitive fields before deletion
    let overwriteSql = """
        UPDATE messages 
        SET text = randomblob(length(text)),
            metadata = NULL
        WHERE id = ?;
    """
    var stmt: OpaquePointer?
    sqlite3_prepare_v2(db, overwriteSql, -1, &stmt, nil)
    sqlite3_bind_int(stmt, 1, Int32(messageId))
    sqlite3_step(stmt)
    sqlite3_finalize(stmt)

    // Now delete the overwritten record
    let deleteSql = "DELETE FROM messages WHERE id = ?;"
    sqlite3_prepare_v2(db, deleteSql, -1, &stmt, nil)
    sqlite3_bind_int(stmt, 1, Int32(messageId))
    sqlite3_step(stmt)
    sqlite3_finalize(stmt)

    sqlite3_exec(db, "PRAGMA wal_checkpoint(TRUNCATE);", nil, nil, nil)
}

The Broader Privacy Landscape

This Apple fix sits inside a much larger cat-and-mouse game between device manufacturers, privacy advocates, and law enforcement. A few things worth noting:

Cellebrite and similar vendors move fast. When Apple patches one extraction method, vendors actively research new vectors. The fix that cops used to rely on may be closed, but new techniques emerge regularly.
Metadata often survives even when message content doesn't. Timestamps, contact associations, and message counts can persist in separate database tables with different deletion behaviors.
Backups are a wildcard. iCloud backups and local iTunes/Finder backups may preserve pre-patch snapshots of data. Users and developers should understand backup retention policies.
Third-party apps are not covered. This fix addresses Apple's native Messages app. If you're using a secure messaging SDK in your own app, you need to implement these protections yourself.

How to Check Your Users Are Protected

If your app handles sensitive messaging or personal data, here's a quick developer checklist:

[ ] Minimum iOS version: Require iOS 17.4+ or communicate risk to users on older versions
[ ] Database encryption: Use SQLCipher or iOS Data Protection entitlements (NSFileProtectionComplete)
[ ] Secure delete pragma: Enabled for any database containing PII
[ ] WAL checkpointing: Triggered after batch deletions or user-initiated data erasure
[ ] Backup exclusion: Mark sensitive files with NSURLIsExcludedFromBackupKey where appropriate
[ ] Key management: Encryption keys derived from user credentials, not hardcoded

// Exclude sensitive database from iCloud backup
var url = URL(fileURLWithPath: databasePath)
var resourceValues = URLResourceValues()
resourceValues.isExcludedFromBackup = true
try? url.setResourceValues(resourceValues)

Final Thoughts

Apple's fix is a meaningful step forward for user privacy, and the fact that it directly addresses a technique that cops used to extract supposedly deleted messages signals that Apple takes the integrity of deletion seriously. For end users, updating to the latest iOS release is the single most important action they can take.

For developers, the lesson is deeper: deletion is not a security control by itself. Database internals, journaling mechanisms, and OS-level caching all create windows where data can be recovered long after the user expected it to be gone. Building truly private applications means thinking at every layer of the stack.

Keep your dependencies updated, audit your data lifecycle, and treat sensitive user data with the same care you'd want applied to your own.

Found this useful? Follow me here on DEV for more deep-dives into iOS security, mobile architecture, and privacy engineering. Drop a comment below if you've implemented secure delete patterns in your own apps — I'd love to hear what approaches have worked for your team.

I Am Building a Cloud: Lessons from Designing Your Own Cloud Infrastructure from Scratch

佐藤玲 — Thu, 23 Apr 2026 14:46:32 +0000

I Am Building a Cloud: Lessons from Designing Your Own Cloud Infrastructure from Scratch

Everybody uses the cloud. Almost nobody builds one.

Six months ago, I made a decision that most engineers quietly file under "interesting but insane": I started building my own cloud platform. Not a toy. Not a weekend hack. A functional, multi-tenant infrastructure platform capable of spinning up compute, managing storage, and exposing APIs — the kind of thing you'd recognize if you squinted at AWS or GCP long enough.

This article is a living journal of that journey. Whether you're a curious developer, a startup thinking about infra costs, or someone who just wants to understand what's actually happening underneath the clouds you rent every day — this one's for you.

Why Build a Cloud?

Before we get into the architecture, let me answer the obvious question: why?

The honest answers:

Cost at scale. Renting compute forever is expensive. Owning hardware and orchestrating it yourself, at the right scale, can be 30–60% cheaper.
Learning depth. You don't truly understand distributed systems until you've been paged at 2am because your control plane split-brained.
Data sovereignty. Some workloads cannot leave your jurisdiction. Building your own cloud solves that.
Pure curiosity. Some of us just need to know how things work.

If none of those resonate, that's fine — rent your infra from Amazon like a sensible person. But if even one of them does, read on.

The Architecture: What a "Cloud" Actually Is

Strip away the marketing, and a cloud platform is composed of a few core layers:

┌─────────────────────────────────┐
│         Control Plane           │  ← API, Auth, Scheduler
├─────────────────────────────────┤
│         Compute Layer           │  ← VMs, Containers
├─────────────────────────────────┤
│         Network Layer           │  ← SDN, VPCs, Load Balancers
├─────────────────────────────────┤
│         Storage Layer           │  ← Block, Object, File
├─────────────────────────────────┤
│         Physical Hardware       │  ← Servers, Switches, Power
└─────────────────────────────────┘

When you're building a cloud, you're essentially engineering every one of those layers and making them talk to each other reliably, securely, and at scale.

Phase 1: The Control Plane

The control plane is the brain. It's the API that users and services talk to when they say "give me a VM" or "create a storage bucket."

I built mine in Go, using a RESTful API backed by etcd for consistent distributed state. Here's a simplified version of the instance creation handler:

package api

import (
    "encoding/json"
    "net/http"
    "github.com/google/uuid"
)

type CreateInstanceRequest struct {
    Name     string `json:"name"`
    Image    string `json:"image"`
    Flavor   string `json:"flavor"`
    Region   string `json:"region"`
}

type Instance struct {
    ID     string `json:"id"`
    Name   string `json:"name"`
    Status string `json:"status"`
    IP     string `json:"ip"`
}

func CreateInstanceHandler(w http.ResponseWriter, r *http.Request) {
    var req CreateInstanceRequest
    if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
        http.Error(w, "Invalid request", http.StatusBadRequest)
        return
    }

    instance := Instance{
        ID:     uuid.New().String(),
        Name:   req.Name,
        Status: "provisioning",
    }

    // Write to etcd, enqueue for scheduler
    if err := scheduleInstance(instance, req); err != nil {
        http.Error(w, "Scheduling failed", http.StatusInternalServerError)
        return
    }

    w.WriteHeader(http.StatusAccepted)
    json.NewEncoder(w).Encode(instance)
}

The key insight here: the API doesn't do the work. It accepts the request, validates it, writes state to etcd, and hands off to the scheduler. Decoupling intent from execution is fundamental to cloud design.

Phase 2: Compute — Containers vs. VMs

When building a cloud compute layer, you face an early fork in the road:

Virtual Machines (KVM/QEMU)

Full isolation
Heavier, slower to boot
Best for untrusted multi-tenant workloads

Containers (containerd / gVisor)

Lightweight, fast
Weaker isolation (though gVisor helps)
Best for trusted workloads

I chose a hybrid approach: containers for internal services, lightweight VMs (using Firecracker) for tenant workloads. Firecracker was originally built by AWS for Lambda and Fargate. It boots a minimal Linux VM in under 125ms with a tiny memory footprint — perfect for a cloud that needs to be both fast and secure.

Spinning up a Firecracker microVM looks like this in its simplest form:

# Start Firecracker
firecracker --api-sock /tmp/firecracker.socket &

# Set kernel
curl -s -X PUT \
  --unix-socket /tmp/firecracker.socket \
  'http://localhost/boot-source' \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
    "kernel_image_path": "/opt/kernels/vmlinux",
    "boot_args": "console=ttyS0 reboot=k panic=1 pci=off"
  }'

# Set rootfs
curl -s -X PUT \
  --unix-socket /tmp/firecracker.socket \
  'http://localhost/drives/rootfs' \
  -H 'Content-Type: application/json' \
  -d '{
    "drive_id": "rootfs",
    "path_on_host": "/opt/images/ubuntu-22.04.ext4",
    "is_root_device": true,
    "is_read_only": false
  }'

# Start the VM
curl -s -X PUT \
  --unix-socket /tmp/firecracker.socket \
  'http://localhost/actions' \
  -d '{"action_type": "InstanceStart"}'

This is the foundation. From here, the scheduler automates this across a pool of physical hosts.

Phase 3: Software-Defined Networking

Networking is where most DIY cloud projects die. It's also where things get genuinely fascinating.

I'm using Open vSwitch (OVS) combined with VXLAN tunnels to create tenant-isolated virtual networks across physical hosts. Every tenant gets their own L2 broadcast domain, isolated from every other tenant — exactly like a VPC in AWS.

Here's the mental model:

Host A                          Host B
┌──────────────────┐           ┌──────────────────┐
│  VM1   VM2       │           │  VM3   VM4        │
│  │      │        │           │   │     │          │
│  └──OVS Bridge──-│──VXLAN────│──OVS Bridge───┘   │
│  (tenant VLAN 10) │           │  (tenant VLAN 10) │
└──────────────────┘           └──────────────────┘

VMs on the same tenant network can talk to each other across hosts as if they're on the same switch, while being completely invisible to other tenants. This is software-defined networking doing real work.

Phase 4: Object Storage

Every cloud needs storage. Block storage (think EBS) is complex; I started with object storage (think S3) because the API surface is smaller and the consistency model is simpler.

Rather than building from scratch, I deployed MinIO in a distributed configuration across four nodes, giving me S3-compatible object storage with erasure coding for resilience:

# docker-compose.yml for distributed MinIO
version: '3.7'
services:
  minio1:
    image: minio/minio
    command: server http://minio{1...4}/data --console-address ":9001"
    environment:
      MINIO_ROOT_USER: admin
      MINIO_ROOT_PASSWORD: supersecretpassword
    volumes:
      - /data/minio1:/data
    ports:
      - "9000:9000"
      - "9001:9001"
  minio2:
    image: minio/minio
    command: server http://minio{1...4}/data
    volumes:
      - /data/minio2:/data
  # ... minio3, minio4

With this setup, I can lose two of the four nodes and still serve all objects. Good enough for v1.

The Hardest Problems Nobody Warns You About

Building this has taught me things no blog post prepared me for:

1. Time is your enemy

Distributed systems require synchronized clocks. NTP drift of even a few hundred milliseconds can cause etcd leader elections to thrash, logs to be unreadable, and TLS certs to fail validation. Run Chrony everywhere and monitor clock skew obsessively.

2. The control plane must be HA

I lost a Friday afternoon to a single control plane node failing. If the API is down, no VMs can be created, modified, or deleted — even if everything else is running fine. Run at least three control plane nodes behind a load balancer, always.

3. Noisy neighbors are real

One VM doing aggressive disk I/O will hurt every other VM on that host. Implement cgroups v2 resource limits from day one, not as an afterthought:

# Limit a cgroup to 50% CPU and 2GB RAM
cgcreate -g cpu,memory:/tenant-vm-abc123
cgset -r cpu.max="50000 100000" /tenant-vm-abc123
cgset -r memory.max=2147483648 /tenant-vm-abc123

4. Observability is not optional

You cannot fix what you cannot see. I run the Prometheus + Grafana + Loki stack across the entire platform. Every VM host exports node metrics, every API call is traced with OpenTelemetry, and every log line lands in Loki. self-hosted observability stack setup was one of the best investments of time I made early on.

What It Costs (Honestly)

Here's my current hardware spend for a modest but real platform:

Component	Hardware	Cost
Compute nodes	4× refurbished Dell R640, 32 cores / 256GB RAM each	~$4,800
Storage nodes	4× machines with 12TB raw NVMe each	~$3,200
Networking	2× 10GbE switches, SFP+ cabling	~$800
Control plane	3× small VMs on separate hardware	~$200
Total		~$9,000

That sounds like a lot. But consider: running equivalent workloads on AWS (say, 8× m6i.8xlarge reserved instances + storage) would cost roughly $4,200 per month. This hardware pays for itself in under three months at that utilization level.

If you want to explore cloud cost optimization tools before committing to your own hardware, there are excellent options for right-sizing your existing cloud spend first.

Tools I'm Using (The Stack)

Here's the full current toolchain:

Compute: Firecracker microVMs, orchestrated by a custom Go scheduler
Networking: Open vSwitch + VXLAN
Storage: MinIO (object), LVM thin pools (block)
Control Plane: Go API + etcd v3
Auth: Keycloak (OIDC)
Observability: Prometheus, Grafana, Loki, OpenTelemetry
IaC: Terraform for bootstrapping, Ansible for configuration
DNS: CoreDNS

If you're starting this journey, infrastructure as code learning resources will save you enormous amounts of time when managing configuration at scale.

What's Next

The roadmap for the next three months:

[ ] Kubernetes integration — allow tenants to request managed K8s clusters
[ ] Live VM migration — move running VMs between hosts without downtime
[ ] Billing engine — track resource consumption per tenant and generate invoices
[ ] Self-service portal — a UI so not everything requires API calls
[ ] Multi-region — replicate the control plane across two physical locations

Building a cloud is not a project — it's a practice. The architecture evolves, failures teach you things no documentation can, and the satisfaction of watching a VM boot on hardware you own and control never really gets old.

Should You Build One Too?

Maybe. Here's the honest truth:

You should build a cloud if:

You have consistent, predictable workloads at meaningful scale
You have the engineering depth to operate distributed systems
Data sovereignty or compliance requirements demand it
You want to understand infrastructure at a deep level

You should not build a cloud if:

Your workloads are spiky and unpredictable
You have a small team and no dedicated ops capacity
You're early stage and should be building product, not platforms

The act of attempting to build a cloud — even partially — will make you a dramatically better infrastructure engineer. You'll understand why AWS charges what it charges, why certain architectural patterns exist, and why distributed systems are genuinely hard.

That knowledge is worth something, even if you end up back on EC2.

If you're on a similar journey — building, experimenting, or just curious — I'd love to compare notes. Follow me here on DEV for updates as this build progresses, and drop your questions or war stories in the comments below.

Next article: how I implemented live VM migration using QEMU's postcopy mode. Subscribe so you don't miss it.