Your Computer Isn't Yours (sneak.berlin) 345
Security researcher Jeffrey Paul, writes in a blog post: On modern versions of macOS, you simply can't power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored. It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn't realize this, because it's silent and invisible and it fails instantly and gracefully when you're offline, but today the server got really slow and it didn't hit the fail-fast code path, and everyone's apps failed to open if they were connected to the internet. Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings: Date, Time, Computer, ISP, City, State, Application Hash; Apple (or anyone else) can, of course, calculate these hashes for common programs: everything in the App Store, the Creative Cloud, Tor Browser, cracking or reverse engineering tools, whatever.
This means that Apple knows when you're at home. When you're at work. What apps you open there, and how often. They know when you open Premiere over at a friend's house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city. "Who cares?" I hear you asking. Well, it's not just Apple. This information doesn't stay with them: These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables. These requests go to a third-party CDN run by another company, Akamai. Since October of 2012, Apple is a partner in the US military intelligence community's PRISM spying program, which grants the US federal police and military unfettered access to this data without a warrant, any time they ask for it. In the first half of 2019 they did this over 18,000 times, and another 17,500+ times in the second half of 2019.
This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns. For some people, this can even pose a physical danger to them. Now, it's been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch (really, the only thing keeping me using macOS at this point). In the default configuration, it blanket allows all of this computer-to-Apple communication, but you can disable those default rules and go on to approve or deny each of these connections, and your computer will continue to work fine without snitching on you to Apple. The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don't permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.
This means that Apple knows when you're at home. When you're at work. What apps you open there, and how often. They know when you open Premiere over at a friend's house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city. "Who cares?" I hear you asking. Well, it's not just Apple. This information doesn't stay with them: These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables. These requests go to a third-party CDN run by another company, Akamai. Since October of 2012, Apple is a partner in the US military intelligence community's PRISM spying program, which grants the US federal police and military unfettered access to this data without a warrant, any time they ask for it. In the first half of 2019 they did this over 18,000 times, and another 17,500+ times in the second half of 2019.
This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns. For some people, this can even pose a physical danger to them. Now, it's been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch (really, the only thing keeping me using macOS at this point). In the default configuration, it blanket allows all of this computer-to-Apple communication, but you can disable those default rules and go on to approve or deny each of these connections, and your computer will continue to work fine without snitching on you to Apple. The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don't permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.
you think the cops care about you pirating? (Score:3, Interesting)
in NYC they don't care if your car gets stolen, they tell you to call your insurance. same with many other property crimes. Many other towns and cities in the USA are the same way. Do you think the NSA cares about you pirating software?
Re:you think the cops care about you pirating? (Score:5, Insightful)
It depends on how much money the plantiff has.
the cops don't need to care (Score:2)
This is pretty much entirely out of the hands of cops, for the most part.
You will be sent a warning letter by your ISP, or, if it is deemed as a bigger issue or a repeat offence, you will be notified you have committed and offence and will be given a court date.
It's not like the cops are going to be busting down your door because you downloaded a bunch of movies.
Unless you are a large scale operation distributing copyrighted material illegally.
For small offences, this is all handled entirely out of the hand
Re: (Score:3)
For small offences, this is all handled entirely out of the hands of the police - unless of course you fail to go to court if summoned.
This was 10-12 years ago, but I've witnessed two officers arresting a guy selling DVDs out of his car. I've gone through the collection before, lots of Spanish language stuff. All of it on writable media with inkjet printer inserts in the clamshell cases. Anyone from a city knows exactly the sort of operation I'm talking about.
Did the city charge him with every possible crime, including copyright violation, then let him plea down? Almost certainly.
Re:the cops don't need to care (Score:5, Insightful)
I'm a little surprised.
The article claims that pretty much everything you do, what computer you do it on, and where, is being logged and sent to Apple, and the comment people are discussing is "doesn't matter, nobody cares whether I am pirating software"?
That's the only part of privacy that matters, the ability to pirate software in private?
Re:the cops don't need to care (Score:5, Informative)
The deeper in the thread we get, the more off onto a tangent we find ourselves. I think there are potentially multiple concerns:
If Apple knows what software you're running, they may know if you're pirating Apple software. Will they have lawyers chase you down with civil suits? Possibly. Will armed police officers kick in your door in the middle of the night? Seems unlikely, but I would bet it has happened at least once in the past.
If Apple knows you are pirating third-party software an open question is if they'll share that information with third parties. Some of those parties may file civil cases against offenders, demanding a settlement, and failing that moving on to discovery and getting their hands on your computer to root around for the evidence of the alleged crime.
And I outside of the piracy question. Knowing what software you use on a regular basis can be turned into privacy-violating market research data. Advertisements directed at an individual are very worrying to privacy advocated, although not illegal in most jurisdictions. I think courts and legislature need to address how much harm there is in warehousing deeply specific data. What potential harm is possible if this data be misused. What processes are in place to prevent misused. What consequences are there when processes are violated. What monitoring for misuse of personal data should be done. And how will the privacy laws be enforced against companies in a way that is consistent with other consumer protection laws. Is it a big deal if the whole world knows I load a particular text editor every weekend? Maybe I'd get hit for ads on Amazon to sell me books on writing? This seems annoying, but it's not clear in that particular example that there is a potential for harm. A better example is needed to make a convincing argument for privacy.
And finally, a lot of this application use data can be designed to be anonymized and optional. Rather than attaching data to a specific identity to the application use data, a scoreboard organized by region or age or anything else that seems useful for broader marketing. There are pitfalls to that, where seemingly anonymous data can be unmasked if your buckets are too restrictive. Pitfalls are pretty well understood, even though the solutions are not widely adopted.
Re:the cops don't need to care (Score:4, Insightful)
It can get worse than that:
* An employer pulling Apple's data to see if an employee is running games while on the clock.
* An estranged spouse pulling that info for a messy divorce.
* Stalkers/doxxers fetching that info to harm a target.
* DAs will have a field day with that info. Even if that info cannot be used to make a case, it can be used to lead a fake investigation with "clues" that would be 100% spotless, legal-wise. Parallel construction.
What is the real pisser is that Apple promises privacy, and people pay 2-10 times as much for their hardware than a regular PC because Apple has a great name for having 100% security and excellent privacy. Then this shit happens.
I was going to buy a MacBook Pro, because I like ARM. Looks like that is off my list.
Re:the cops don't need to care (Score:5, Informative)
With a big database of where you were and when, over a long period of time, "authorities" can eventually find some crime that occurred in the same vicinity that you were in at a similar point in time. That's enough to at least detain and question, and possibly arrest you. Why would they do that, you ask?
Well, people are framed for crimes they had nothing to do with all the time. This kind of database we're discussing just makes framing people for crimes that they did not commit far easier. The innocent are all put under suspicion. But worse, it can be used as a tool for punishing people.
Who would that be you ask? Anyone.
Are you a whistleblower?
Did you speak with an investigative reporter lately?
Did you call the cops on someone, and they know it was you?
Does your GF have an ex-BF that's a cop, who could decide to stalk anyone that she goes out with?
This list could go on for days.
Re: (Score:3, Funny)
Google are blocking all links from "thedonald.win" because its a nutbag conspiracy bullshit website.
Umm, yeah, like Donald Duck could ever win a US election. He's not even a real person. Jeesh!
Re:How about iPhones censoring voter fraud links? (Score:4, Insightful)
I liked social media before censorship. The when we could see the racists and idiots first hand, and cancel them.
The problem is, they don't get cancelled. The racists and idiots get boosted, exponentially shared, liked and praised. They convince others who in turn get boosted.
The people who *do* try to cancel them get insulted, attacked and doxxed.
So if we lived in your utopia where racists aren't loved by millions then sure we could give them a soapbox.
But we don't, so deleting them from the platforms is the better course of action.
Re:you think the cops care about you pirating? (Score:5, Insightful)
Nobody cares now. But maybe one day you become a person who believes in second amendment rights, which are inconvenient for the New York cops? Maybe one day you start believing black people shouldn't get searched much more often than other people and they decide you are a BLM agitator? Maybe you start believing that your cop ex boyfriend shouldn't be allowed to stalk [psmag.com] you?
When one of those issues comes up and you become an inconvenient person, then knowing that you are a software pirate can be a very useful way to disappear you. You don't have to do anything, just be unlucky and be in the wrong place at the wrong time. The logs can be incredibly useful for fitting you up. Some pretext to look at the logs and then just look for a crime that matches with were and when you were and suddenly they have most of the evidence they need.
Re: (Score:2)
What are you talking about? Software piracy -- unless you're distributing -- is just a civil offense. If you're distributing (e.g. torrenting or actually a member of some group), then your OS is the least of your concerns.
Re:you think the cops care about you pirating? (Score:5, Interesting)
What are you talking about? Software piracy -- unless you're distributing -- is just a civil offense. If you're distributing (e.g. torrenting or actually a member of some group), then your OS is the least of your concerns.
Software piracy is a thing provable directly from the Apple logs - once they have that evidence it's enough to get access to all the rest of your data and searching things like location since they want to check if you were you distributing. That is the entry to start searching for something more they can fit you up with, for example did you happen to be close to a number of different assaults or thefts or something?
This is the problem with mass, as opposed to targeted surveillance. If you do targeted checks on someone who you already have a suspicion of, then you can likely prove or disprove whether they did something. If the suspect you are drug dealing then they watch you for that. The chance that, by coincidence and entirely innocently you start to communicate with a member of the drugs gang they are investigating is very low. If you have mass surveillance then coincidence becomes more important. They can put in a database of all crimes that they ever heard about, search for matches with your locations and eventually find a pattern in the data. If they now pull out that pattern and never admit to having done the database comparison then it may well look very damning. Add in a small amount of planted evidence and they have you.
Mass surveillance, especially in private databases is much more dangerous to freedom than targeted surveillance against criminals. Stuff like Apple is doing should be illegal.
Re:you think the cops care about you pirating? (Score:5, Insightful)
This is the problem with mass, as opposed to targeted surveillance. If you do targeted checks on someone who you already have a suspicion of, then you can likely prove or disprove whether they did something.
Yes, and the state of Federal search warrants in the US makes this situation even worse.
Warrants used to be narrow enough that they were actually confined to one of the 4 provisions for granting them. These days they often include catchall provisions, like "any evidence that indicates violation of Federal or state statutes", which essentially means look everywhere for anything, regardless of the actual crime known or suspected.
Re:you think the cops care about you pirating? (Score:5, Insightful)
Honestly dude they're not going to bother (Score:5, Interesting)
When you show up to protest something the Establishment doesn't like (the real Establishment, the billionaire class) that's when they'll move, and they won't give a rat's ass what's on your laptop. Go look at what they did to Occupy Wall Street. Go read about Nixon's Drug War. Go look at how much effort Florida puts into keeping ex-cons from getting their voting rights back.
We're all nerds so we like to think computers are the world and they're what matters. They're not. They're really not.
Re:you think the cops care about you pirating? (Score:4, Informative)
The RIAA cares. And the RIAA will make the NSA care. A lot.
Re: (Score:2)
Re: (Score:3)
Whatever happened to 'broken windows' policing?
1) The theory was a load of shit. Broken windows, it turns out, do not reproduce and do not spread by visual contact.
2) Crime didn't go down
3) Disproportional arrest and prosecution of minorities increased
4) The whole concept seems to have been created backwards as an excuse to use heavy-handed police tactics in minority neighborhoods. There were never reasons to believe it was true. Knowing why you believe some new idea is true is an important step that should come before enacting the new policy.
Good reason not to upgrade. (Score:5, Informative)
Just block all traffic at the router except for your outgoing VPN. Problem solved.
Re: (Score:3, Funny)
Re:Good reason not to upgrade. (Score:4, Funny)
No, if your a serial killer you use a surface pro
Re: (Score:2)
Not if my a serial killer.
That's impossible (Score:4, Funny)
Re: (Score:2)
Re:Good reason not to upgrade. (Score:5, Interesting)
Ostensibly, somebody probably convinced their upper management that it's a security feature. Various Apple APIs do various checks to see if apps have been blacklisted as part of their malware prevention. In theory, if you let those requests get routed through a VPN, then malware could hijack the network and prevent its detection (at least until the malware definitions get updated with the next OS release).
The biggest problem with the new approach, of course, is that if you are in a situation where the VPN is the only usable path out of a network (e.g. the way many corporate computers are configured), those malware definitions will never get updated, because they'll never be able to connect to Apple's servers. And that means that in trying to make an extraordinarily unlikely attack vector impossible, they've greatly reduced security in an extraordinarily common configuration.
This change is crap. Pure, unadulterated crap.
A better solution, rather than fundamentally breaking the networking stack, is to make the user aware that their connection has been hijacked and is unable to update its malware definitions. After all, if your system is compromised to that point, then the binary signature blacklist probably isn't going to be adequate at cleaning up the machine anyway. Better to inform the user that something is wrong.
Unfortunately, that's not the Apple way, at least lately. Just look at what a nightmare it is to figure out why a Time Machine backup didn't complete, for example, and you begin to realize just how many failures Apple silently hides from the user, often to the user's detriment. Apple seems to prefer silent failures and hoping for the best over informing the user so that things can get fixed. It really is time for Apple to undergo a major course correction, before it is too late.
Re: (Score:3)
Re:Good reason not to upgrade. (Score:5, Insightful)
Re: (Score:2)
Yep, the easiest way is to just use hundreds of IPs in a common scope such as azure or aws and port 443. Good luck blocking that if you want to use the internet.
Really? (Score:4, Insightful)
Comment removed (Score:5, Insightful)
Re: (Score:3, Informative)
Which they apparently don't, unless someone can come up with a really, really, super good reason why Apple needs to log every Apple user in the world's attempts to start an application.
Is the reason "this blogger lied to you" good enough?
"These OCSP requests" as the blogger calls them are PKI certificate revocation checks.
Your web browser just made 13 of those when you loaded the slashdot homepage, no matter which browser and OS you are using.
The certs of published software you run aren't sent anywhere.
The certificate revocation list itself is downloaded in whole, and yes this is over http, but is itself a signed CRL. It isn't accepted if it isn't signed by their root key.
It also isn't '
Re:Really? (Score:4, Insightful)
I always find those US to China "We both do it!" comparisons funny. It'd be like one wife whose husband gets drunk once or twice a year and smacks her, looking to another woman whose husband keeps her chained in the basement while he's at work and receives daily beatings if her chores aren't done and saying "We're basically in the same situation.".
Guilt isn't binary. You can have two countries that both engage in similar behavior but the scope and level of the action can still mean that one is much worse. Condemn both actions but don't pretend they're equal.
Obviously (Score:5, Insightful)
Mine computer is mine. Because I run an OS that does not rat on me.
If you don't, you wandered into wrong site.
Re: (Score:3, Insightful)
Re:Obviously (Score:5, Insightful)
Immediate comfort is not always necessarily the superior option.
Your are confounding the lack of negative for a positive. Sitting on a couch all day, eating junk food while watching movies is certainly very comfortable, but does it really bring joy at the end of the day?
You are also forgetting to rank the negatives. What good is avoiding a small discomfort if it leads to a bitter end?
Re: (Score:3)
In April I upgraded a bunch of computers to the Kubuntu 20.04 desktop and so far everything works as expected.
The same was true for the past years and these machines don't leak my data.
I'm especially glad I didn't have to go through the 'upgrade' from Win7 to Win10.
Re:Obviously (Score:4, Funny)
If you don't, you wandered into wrong site.
I wonder into lots of wrong sites. I often picture the poor Microsoft telemetry analyser opening the links I look at in Edge and saying "Wait what are they doing with that pineap... oh God!"
It's apple... (Score:3)
Of course they are making a wall garden. They want to give you a walled garden where every path is pay-walled. The whole Unix thing was a trap all along. They are selling curated appliances, no longer selling general purpose computers.
Apple sells Apples (Score:5, Insightful)
Apples come with many strings attached. If you need or want an Apple, buy an Apple. If you value privacy, buy a PC and run Linux. You can take the savings of having a mac with only 16GB Ram and buy a separate machine for all you non Apple-specific stuff. In short, use your Apple for the specific things that require an Apple, and a regular PC for everything else.
Re: (Score:3)
use your Apple for the specific things that require an Apple
This makes me wonder. What are those things that require an Apple? What is the killer app these days? Surely it can't be Photoshop anymore.
Re:Apple sells Apples (Score:5, Insightful)
This makes me wonder. What are those things that require an Apple? What is the killer app these days? Surely it can't be Photoshop anymore.
Showing off to your hipster friends is the only thing that comes to mind.
Re: (Score:2)
What are those things that require an Apple?
Certain steps of porting an application to macOS and iOS.
Re: (Score:2)
As a cloud engineer the experience is hard to beat. Developing python or node on windows is a nightmare imho. We would use linux, but the tools needed to meet compliance such as MDM, DLP, and EDR tools are not there.
It's the closest we can get to what we want in a corporate setting.
Re:Apple sells Apples (Score:5, Insightful)
Many people don't want the utter frustration of Windows (when it goes wrong, it really goes wrong)
This trope was true 20 years ago, but it really isn't any more. If you buy a name-brand Windows box (not some Frankenboxen you build) running Windows 10, it just works.
I've been using Surface Pros since early 2014. I've never had one crash or bluescreen.
Re: (Score:3)
Ableton Live was a big driver in Macs becoming common among gigging musicians. It has since been ported to Windows, but for several years, a Mac was the only option in town. And now that those people have invested in Mac software, they don't want to jump ship.
Ableton has been on Windows for quite some time. The reason DJs use Macs (other than fashion) is because the AV software on Windows adds about 3/4 of a second of latency to the MIDI controllers. If you are trying to trigger loops and sounds via MIDI then that's a non-starter. You could make it work by turning off your AV software but that's too hard for most DJs. So they spend an extra $1000 per laptop to just have it all work.
Re: (Score:2)
I mean, you can technically just run MacOS in a VM, at least for now. Possibly a breach of contract, but that's between you and your god.
Hopefully one or both of two things happen: 1) Someone implements a generic version of the M series chip(s) with a little clean room reverse engineering, or 2) Apple keeps pumping out x86 Macs of some flavor in parallel with their custom chips, which keeps MacOS x86 alive indefinitely.
But...it's still mine (Score:2)
I mean, I still control where and when (and how) it gets used, even if Apple knows about it.
Re: (Score:3)
You do not control if Apple gets to use or know it.
APPLE computers are still owned by Apple Inc. (Score:3)
Apple, the privacy-focused company... (Score:2, Interesting)
Has become, like Facebook and Google, a privacy rapist.
Re:Apple, the privacy-focused company... (Score:5, Insightful)
Wrong: it always has been. It just managed to project that privacy-friendly image and the fanbois swallowed it line, hook and sinker.
What name is the little snitch option? (Score:2)
Have to save some of my dignity and I'm still on 10.
Denial aint a river in Eygpt (Score:3, Insightful)
Funny how Apple had all these sanctimonious ads talking about how much better their privacy was than Google's. Now it turns out, it's exactly the same, maybe worse.
Might be worth sniffing traffic for similar stuff (Score:3)
It might be worth sniffing traffic, looking for similar signatures coming from machines running other OSes.
Once the spooks get a bright idea working on one platform, you can count on them feeling itchy if they can't get the same visibility on others.
Not a security guy? Got a switch or a hub connecting you to your network? (Or an Ethernet cable hooking your machine to your landline modem or hooking your wifi router to your landline modem - switches are just a few bucks. Buy one and a short Ethernet jumer and hook it in series.)
Look at the lights when you're doing nothing. Are they flickering? Why is that? Launch an app that should be purely local. Did they flicker some more? Why is that? Do something that should be local - like editing text in a window or saving a file. More flickers? Why is that?
SO many fails (Score:3)
First, that you could not open an app because your computer couldn't inform your overlords of your activities? Seems like a pretty huge bug, DOS* because you cannot log your activities. What if the server fails, you sit around waiting for a prompt?
Second, though:
"new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them."
So, essentially, your VPN is no longer actually secure. what other rules, those we do not yet know, bypass the VPN? Legal surveillance requests from authorities?
No, I don't pretend Windows is any better, but that's not a very high bar. Apple can set aside their mantra of 'the privacy' when it suits them, and welcome to the world us Windows users live in, where this is all at the convenience and forbearance of the vendor(s) patronized. We can only hope Linux can be made less intrusive, in some flavor, since there are flavors to be had.
* - in this context, DOS is a denial of a service. Maybe not flooding your web server, but instead preventing you from accessing a service or services on 'your' computer.
nsa guide (Score:5, Informative)
The NSA's most recent guide for hardening macOS computers was taken off their website.
But you can still get it at https://github.com/nsacyber/ns... [github.com]
It is very dated. I haven't seen a newer version.
Re: (Score:2)
So macOS computeroids (that's what they are) are a way into the NSA...
Everyone else on the planet: Write that down Write that down!
EULA (Score:2)
And where in the EULA did I agree to this level of information sharing?
Re: (Score:2, Insightful)
There need to be criminal charges filed formany instances of unlawful access to a network (your LANs), and a class action for false advertising.
Re:EULA (Score:4, Informative)
And where in the EULA did I agree to this level of information sharing?
Sharing information about the apps you run is an opt-in checkbox that comes up whenever you run a new macOS upgrade: "Share information with developers."
Little Snitch costs 45USD (Score:2)
and yeah, I bet the "small price to pay for your privacy" argument has a point, but still.
/etc/hosts (Score:2)
Add to /etc/hosts:
0.0.0.0 ocsp.apple.com
Then restart DNS cache:
$ sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Re: (Score:2)
Re: (Score:2)
Blacklists are fallacious by definition. Whitelists are only avoided due to the amount of work they pose initially. I found graylists (deny at first, but allow if some special conditions are met.) to be a nice solution, if that concept is applicable here.
And I recommend running your own DNS server, and adding whitelists or blacklists in there.
Anyone know any definition of "non-evil destination of a IP packet" that can be turned into an algorithm?
Re: (Score:2)
I presume, however, that blackholing their cert's OSCP provider would cause all TLS connections to fail.
Of couse, I don't have any Apple to know for sure, but the name suggests it's trying to break Apple TLS connections through breaking OSCP.
Re: (Score:2)
I presume, however, that blackholing their cert's OSCP provider would cause all TLS connections to fail.
No. It would fall back to the local cache of the CRL. And if that's empty, your local certificate store is all you have to protect you. What you might do is cause a delay before it falls back, but that's just an inconvenience for yourself.
Illegal under the GDPR (Score:5, Insightful)
Lots of ways [ico.org.uk]: consent must be freely given If the individual has no real choice, consent is not freely given and it will be invalid [ico.org.uk]; the user must have consented This requires more than just a confirmation that they have read terms and conditions â" there must be a clear signal that they agree [ico.org.uk]; etc, etc.
However I do not expect the ICO (UK data protection) or others to complain as the respective governments probably share in the data slurp.
Re:Illegal under the GDPR (Score:5, Interesting)
Hmm, in Germany, these cases are starting to actually get prosecuted now, after the relevant entities have accustomed to the new situation.
My gut says you can sue and would likely win a court case here now.
so apple really does not want the pro market any (Score:2)
so apple really does not want the pro market any more?? as this is an big turn off to enterprise.
Also if the new cpu for the pro system don't have pci-e slots or high video cards any more then may as well just say it now and put out the last call for the mac pro they have now.
Re: (Score:2)
The first systems are SoC-based. They still probably have to develop bridge chips if they want access to more. And they still might. But why would you not want the SoC out on the market while that's in development? They'd rather have the M1 problems fixed before pairing it with another chip.
THIS: "can't block any OS level processes" (Score:2)
The new APIs don't permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.
The very second an OS overrides it's firewall rules is the exact very second it becomes completely untrustworthy.
I think even Microsoft, with all of it's bad PR call-home telemetry, doesn't bypass its internal firewall. Now going thru the gobs of rules to disable it is one thing, but it doesn't override your settings behind your back (OK so it might "fix" them after an upgrade. I chalk that up to very sloppy programming and management, and they can be reenabled.) If not, Windows goes in the bin as well
*sigh* So just turn it off (Score:5, Informative)
Google and Apple will fight to the death (Score:2)
Why isn't this more widely known? (Score:2)
Now, it's been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch
If this has been known to security guys for long enough to have a popular app to block AND/OR filter it, why ISN'T it widely known?
The risk is yours (Score:2)
It's the Tuttle/Buttle situation when all your data is collected - obscurity by numbers. (Reference - https://en.wikipedia.org/wiki/... [wikipedia.org] )
This is the price you pay for convenience.
In the vast amount of cases (so far), the only risk you face is your data being stolen.
But if we extrapolate the data collected and the "legal" parties allowed to access that data, it can indeed paint a dystopian picture.
Whilst there's a Tuttle/Buttle chance that you may be accidentally "marked" by authorities, the bigger risk is .
"On modern versions of macOS" (Score:2)
Based on the recent complaints about apps not working, this seems to only mean the just-released latest version - Big Sur, macOS 11. Does anyone have any evidence this is happening on other versions of macOS?
Has Apple tried to make any defense of this practice?
Also, I will mention that Linux Mint runs quite well on my 2015 MacBook Pro.
Wait until someone makes a smart firewall monitor (Score:5, Interesting)
Wait until someone makes a smart firewall monitor....
Really thinking about this... A big "did you know X was happening" type system.
"Hey the machine you joined to wifi last night, reappeared this morning at 2am and downloaded 30meg from these 4 sites".
"Hey your desktop started talking to a new server it hasn't talked to before, during hours you were asleep. Here's the sites".
"Hey we detected small trickle of data leaving machines that can't be decrypted using the certificates in the cert store, perhaps you should look into this (blob of traffic here).".
I really want this. We need some kind of smarter monitor to catch apps doing this crap.
How do you run Little Snitch without them knowing? (Score:3)
Little Snitch can be set to filter reports, so it looks like you're wide open but you can run particular apps without them being reported. Or so it would seem.
But how do you launch Little Snitch without the OS reporting that Little Snitch is being l launched - before it can start interfering with the reports?
Correction (Score:5, Informative)
"Your MacOS computer running MacOS is leaking your application usage behavior and potentially deanonymizes you while being online"
FTFY.
Let's get away with exaggerated yellow headlines. The more important thing here is to discuss how severely locked down Mac hardware is and how difficult it is to run anything other than MacOS on them but then it applies to a wide range of devices, including Android/iOS phones and Chromebooks. E.g. absolute most people are unable to replace their Android OS with anything different.
Let's talk about how to force OEMs and Apple to make their devices open (specifications, APIs, access keys) and suitable for third party software. This would be interesting.
I for one would like to have a MacBook with M1 running Linux but I suspect it will never be possible considering how proprietary Mac hardware has become. Even though the M1 SoC features the Arch 64 architecture that Linux supports, good luck trying to utilize their ML engine, GPU, sensors, disk encryption module, not to mention RAM whose operational mode (HSA) and layout are quite different to what we've had before.
It just usually works (Score:2)
Re:It just usually works (Score:4, Informative)
Spyware? Seriously?
They are Online Certificate Status Protocol requests. If something is signed (any app from the App Store, or any trusted app, or the Microsoft Store, etc. etc.) you need to check the validity of the certificate.
The more interesting revelation was iMessage (Score:2)
Apple touts the end-to-end encryption of iMessage, and the security of iPhones such that they can't help out law enforcement with breaking into a device. (though there are third-party apps in wide use by police to do exactly that)
What this blog entry points out is that iCloud backups are encrypted with keys managed by Apple, and what gets included in a backup is all your iMessage conversations. So given their involvement in PRISM, the govt can simply ask for those backups, and gain access to your text con
Re: (Score:3)
It isn't a computer you're using! (Score:3)
Unless you are the one programming that universal information processing machine, you're not using the computer.
You're using an appliance with modules, that merely happen to be implemented on a computer. If you call that a computer, you must call your washing machine a computer too. (It probably has an ARM-based computer inside.)
It’s a device, designed like what somebody with no clue about computers imagines a computer to be. You know, like how in movies they imagine a hacker to have an octopus that holds seventeen displays with huge fonts and do nothing but frantically type to make images and windows pop up and close and code and hexdumps flowing past in the background. ;)
Because basically, that's what happened: We let PHBs and iLuddites design our computers to fit their wishes, even though they completely lacked the knowledge to imagine the actual possibilities and power and freedom and concepts behind them that a computer gives you.
And currently we do the same thing to the Internet. (At least they are still mostly confined to the web. But I assume the WhatWG will come out with webTCPIP for a webInternet any time now.
This is probably how technicians and mechanics feel about IKEA electric screwers with a whopping 1.5Nm (instead of 50 or 800) of screwing force, no spec sheet, and no replacements parts source. Or how a carhead feels about vehicles that can't be serviced anymore.
Y'know... (Score:2)
A real journalist would've at least tried to contact Apple and get their response to this - even a "no comment" would be something.
Not that I don't believe it's happening but I'm hard pressed to understand how/why the evil US NSA would need to know whenever/whereever you open Safari and it's NOT because you left your ANALYTICS USAGE TURNED ON!
Most computer users are not computer literate. (Score:2)
They buy a fashion accessory/surfing appliance. Customers don't care about their fashion accessories phoning home or Apple and Android wouldn't be spectacularly successful.
Those who do choose differently.
Uncaring Linux user here (Score:2)
go on...
Hmmm popcorn.
Illegal in Europe? (Score:5, Interesting)
Re: (Score:3)
Same question but for Canada. Surely that can't be legal here.
my computer sure is mine (Score:3)
Your computer isn't yours? (Score:3)
https://raptorcs.com/ [raptorcs.com]
But if you can buy Apple products, this probably isn't that bad for you anyway especially if you go with a Blackbird based system.
Open source motherboard, open source firmware, open source BMC. You currently have a choice Linux, FreeBSD, and OpenBSD.
Personally, my big complaint are all the weird kernel bugs in Linux that are ignored because it's a niche platform... But you'll completely own your computer.
Re: (Score:3)
Maybe the System 76 Bonobo is what you are looking for? https://system76.com/laptops/b... [system76.com] Bit pricey but it meets your specs (except it's Intel not AMD) and comes with Pop! or Ubuntu already loaded.
Caveat: I've never purchased from System 76, so if anyone knows anything good/bad about the company, chime in.
System76 (Score:2)
Caveat: I've never purchased from System 76, so if anyone knows anything good/bad about the company, chime in.
Just ordered a Gazelle for a work computer refresh (but haven't lit it up yet). Bunch of reviews say it's one of the most popular development platforms for Linux guys.
System76 says it disables the Intel Management Engine (ME). Try to find THAT from another vendor. (Have to figure out how to check that.)
Re: (Score:2)
I got a laptop from them a few years back. I've been pretty happy with it; it still runs well.
Re: (Score:3)
Re: (Score:2)
and you're sure all the Apple telemetry endpoints are in that block list? I'm not....
Re: (Score:3)
Re: (Score:3)
You should be running your own DNS server anyways, if you care even a little about privacy.
Are you sure they use DNS? Microsoft doesn't, it uses hard-coded IP addresses for many things.
(so that pirates can't redirect calls to windows update, apparently)
Re: (Score:3)