Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Apple Your Rights Online

Your Computer Isn't Yours (sneak.berlin) 345

Security researcher Jeffrey Paul, writes in a blog post: On modern versions of macOS, you simply can't power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored. It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn't realize this, because it's silent and invisible and it fails instantly and gracefully when you're offline, but today the server got really slow and it didn't hit the fail-fast code path, and everyone's apps failed to open if they were connected to the internet. Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings: Date, Time, Computer, ISP, City, State, Application Hash; Apple (or anyone else) can, of course, calculate these hashes for common programs: everything in the App Store, the Creative Cloud, Tor Browser, cracking or reverse engineering tools, whatever.

This means that Apple knows when you're at home. When you're at work. What apps you open there, and how often. They know when you open Premiere over at a friend's house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city. "Who cares?" I hear you asking. Well, it's not just Apple. This information doesn't stay with them: These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables. These requests go to a third-party CDN run by another company, Akamai. Since October of 2012, Apple is a partner in the US military intelligence community's PRISM spying program, which grants the US federal police and military unfettered access to this data without a warrant, any time they ask for it. In the first half of 2019 they did this over 18,000 times, and another 17,500+ times in the second half of 2019.

This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns. For some people, this can even pose a physical danger to them. Now, it's been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch (really, the only thing keeping me using macOS at this point). In the default configuration, it blanket allows all of this computer-to-Apple communication, but you can disable those default rules and go on to approve or deny each of these connections, and your computer will continue to work fine without snitching on you to Apple. The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don't permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.

This discussion has been archived. No new comments can be posted.

Your Computer Isn't Yours

Comments Filter:
  • by known_coward_69 ( 4151743 ) on Friday November 13, 2020 @12:30PM (#60720158)

    in NYC they don't care if your car gets stolen, they tell you to call your insurance. same with many other property crimes. Many other towns and cities in the USA are the same way. Do you think the NSA cares about you pirating software?

    • by OrangeTide ( 124937 ) on Friday November 13, 2020 @12:40PM (#60720202) Homepage Journal

      It depends on how much money the plantiff has.

      • This is pretty much entirely out of the hands of cops, for the most part.

        You will be sent a warning letter by your ISP, or, if it is deemed as a bigger issue or a repeat offence, you will be notified you have committed and offence and will be given a court date.

        It's not like the cops are going to be busting down your door because you downloaded a bunch of movies.
        Unless you are a large scale operation distributing copyrighted material illegally.

        For small offences, this is all handled entirely out of the hand

        • For small offences, this is all handled entirely out of the hands of the police - unless of course you fail to go to court if summoned.

          This was 10-12 years ago, but I've witnessed two officers arresting a guy selling DVDs out of his car. I've gone through the collection before, lots of Spanish language stuff. All of it on writable media with inkjet printer inserts in the clamshell cases. Anyone from a city knows exactly the sort of operation I'm talking about.

          Did the city charge him with every possible crime, including copyright violation, then let him plea down? Almost certainly.

          • by Geoffrey.landis ( 926948 ) on Friday November 13, 2020 @01:51PM (#60720606) Homepage

            I'm a little surprised.

            The article claims that pretty much everything you do, what computer you do it on, and where, is being logged and sent to Apple, and the comment people are discussing is "doesn't matter, nobody cares whether I am pirating software"?

            That's the only part of privacy that matters, the ability to pirate software in private?

            • by OrangeTide ( 124937 ) on Friday November 13, 2020 @03:13PM (#60720952) Homepage Journal

              The deeper in the thread we get, the more off onto a tangent we find ourselves. I think there are potentially multiple concerns:

              If Apple knows what software you're running, they may know if you're pirating Apple software. Will they have lawyers chase you down with civil suits? Possibly. Will armed police officers kick in your door in the middle of the night? Seems unlikely, but I would bet it has happened at least once in the past.

              If Apple knows you are pirating third-party software an open question is if they'll share that information with third parties. Some of those parties may file civil cases against offenders, demanding a settlement, and failing that moving on to discovery and getting their hands on your computer to root around for the evidence of the alleged crime.

              And I outside of the piracy question. Knowing what software you use on a regular basis can be turned into privacy-violating market research data. Advertisements directed at an individual are very worrying to privacy advocated, although not illegal in most jurisdictions. I think courts and legislature need to address how much harm there is in warehousing deeply specific data. What potential harm is possible if this data be misused. What processes are in place to prevent misused. What consequences are there when processes are violated. What monitoring for misuse of personal data should be done. And how will the privacy laws be enforced against companies in a way that is consistent with other consumer protection laws. Is it a big deal if the whole world knows I load a particular text editor every weekend? Maybe I'd get hit for ads on Amazon to sell me books on writing? This seems annoying, but it's not clear in that particular example that there is a potential for harm. A better example is needed to make a convincing argument for privacy.

              And finally, a lot of this application use data can be designed to be anonymized and optional. Rather than attaching data to a specific identity to the application use data, a scoreboard organized by region or age or anything else that seems useful for broader marketing. There are pitfalls to that, where seemingly anonymous data can be unmasked if your buckets are too restrictive. Pitfalls are pretty well understood, even though the solutions are not widely adopted.

              • by Anonymous Coward on Friday November 13, 2020 @07:43PM (#60721806)

                It can get worse than that:

                * An employer pulling Apple's data to see if an employee is running games while on the clock.

                * An estranged spouse pulling that info for a messy divorce.

                * Stalkers/doxxers fetching that info to harm a target.

                * DAs will have a field day with that info. Even if that info cannot be used to make a case, it can be used to lead a fake investigation with "clues" that would be 100% spotless, legal-wise. Parallel construction.

                What is the real pisser is that Apple promises privacy, and people pay 2-10 times as much for their hardware than a regular PC because Apple has a great name for having 100% security and excellent privacy. Then this shit happens.

                I was going to buy a MacBook Pro, because I like ARM. Looks like that is off my list.

            • by Sir Holo ( 531007 ) on Friday November 13, 2020 @05:38PM (#60721432)

              With a big database of where you were and when, over a long period of time, "authorities" can eventually find some crime that occurred in the same vicinity that you were in at a similar point in time. That's enough to at least detain and question, and possibly arrest you. Why would they do that, you ask?

              Well, people are framed for crimes they had nothing to do with all the time. This kind of database we're discussing just makes framing people for crimes that they did not commit far easier. The innocent are all put under suspicion. But worse, it can be used as a tool for punishing people.

              Who would that be you ask? Anyone.

              Are you a whistleblower?
              Did you speak with an investigative reporter lately?
              Did you call the cops on someone, and they know it was you?
              Does your GF have an ex-BF that's a cop, who could decide to stalk anyone that she goes out with?
              This list could go on for days.

    • by AleRunner ( 4556245 ) on Friday November 13, 2020 @12:50PM (#60720258)

      Nobody cares now. But maybe one day you become a person who believes in second amendment rights, which are inconvenient for the New York cops? Maybe one day you start believing black people shouldn't get searched much more often than other people and they decide you are a BLM agitator? Maybe you start believing that your cop ex boyfriend shouldn't be allowed to stalk [psmag.com] you?

      When one of those issues comes up and you become an inconvenient person, then knowing that you are a software pirate can be a very useful way to disappear you. You don't have to do anything, just be unlucky and be in the wrong place at the wrong time. The logs can be incredibly useful for fitting you up. Some pretext to look at the logs and then just look for a crime that matches with were and when you were and suddenly they have most of the evidence they need.

      • What are you talking about? Software piracy -- unless you're distributing -- is just a civil offense. If you're distributing (e.g. torrenting or actually a member of some group), then your OS is the least of your concerns.

        • by AleRunner ( 4556245 ) on Friday November 13, 2020 @02:01PM (#60720670)

          What are you talking about? Software piracy -- unless you're distributing -- is just a civil offense. If you're distributing (e.g. torrenting or actually a member of some group), then your OS is the least of your concerns.

          Software piracy is a thing provable directly from the Apple logs - once they have that evidence it's enough to get access to all the rest of your data and searching things like location since they want to check if you were you distributing. That is the entry to start searching for something more they can fit you up with, for example did you happen to be close to a number of different assaults or thefts or something?

          This is the problem with mass, as opposed to targeted surveillance. If you do targeted checks on someone who you already have a suspicion of, then you can likely prove or disprove whether they did something. If the suspect you are drug dealing then they watch you for that. The chance that, by coincidence and entirely innocently you start to communicate with a member of the drugs gang they are investigating is very low. If you have mass surveillance then coincidence becomes more important. They can put in a database of all crimes that they ever heard about, search for matches with your locations and eventually find a pattern in the data. If they now pull out that pattern and never admit to having done the database comparison then it may well look very damning. Add in a small amount of planted evidence and they have you.

          Mass surveillance, especially in private databases is much more dangerous to freedom than targeted surveillance against criminals. Stuff like Apple is doing should be illegal.

          • by BrainJunkie ( 6219718 ) on Friday November 13, 2020 @03:19PM (#60720972)

            This is the problem with mass, as opposed to targeted surveillance. If you do targeted checks on someone who you already have a suspicion of, then you can likely prove or disprove whether they did something.

            Yes, and the state of Federal search warrants in the US makes this situation even worse.

            Warrants used to be narrow enough that they were actually confined to one of the 4 provisions for granting them. These days they often include catchall provisions, like "any evidence that indicates violation of Federal or state statutes", which essentially means look everywhere for anything, regardless of the actual crime known or suspected.

      • by nerdonamotorcycle ( 710980 ) on Friday November 13, 2020 @01:38PM (#60720540)
        "Give me six lines written by the most honest of men and I will find enough in them to hang him.' —Cardinal Richielieu
      • by rsilvergun ( 571051 ) on Friday November 13, 2020 @02:49PM (#60720866)
        with your software history. If you're just a keyboard warrior you're not in "inconvenient person". If you're a gun owner the cops don't care, didn't you see all those pics of guys open carrying in camo hanging around the cops?

        When you show up to protest something the Establishment doesn't like (the real Establishment, the billionaire class) that's when they'll move, and they won't give a rat's ass what's on your laptop. Go look at what they did to Occupy Wall Street. Go read about Nixon's Drug War. Go look at how much effort Florida puts into keeping ex-cons from getting their voting rights back.

        We're all nerds so we like to think computers are the world and they're what matters. They're not. They're really not.
    • by Tokolosh ( 1256448 ) on Friday November 13, 2020 @12:59PM (#60720310)

      The RIAA cares. And the RIAA will make the NSA care. A lot.

    • Sure, sure, sure. They don't care NOW. But that doesn't mean the data is deleted. They keep it anyway. Just in case. So if something DOES come up? They have a mountain of leverage against you. So go right ahead, ignore all of it. Continue to allow your privacy to be violated, be tracked and logged every millisecond. Typical myopian. Enjoy your denial.
  • by dgatwood ( 11270 ) on Friday November 13, 2020 @12:31PM (#60720162) Homepage Journal

    Just block all traffic at the router except for your outgoing VPN. Problem solved.

    • Re: (Score:3, Funny)

      by olsmeister ( 1488789 )
      This is not an option if you are travelling, which is necessary if you are a serial killer so you do not cluster all your kills in one geographical area near where you live - dead giveaway (no pun intended).
    • I don't get it, why would the phone-home functionality not just go out through the VPN.
      • by dgatwood ( 11270 ) on Friday November 13, 2020 @01:16PM (#60720396) Homepage Journal

        Ostensibly, somebody probably convinced their upper management that it's a security feature. Various Apple APIs do various checks to see if apps have been blacklisted as part of their malware prevention. In theory, if you let those requests get routed through a VPN, then malware could hijack the network and prevent its detection (at least until the malware definitions get updated with the next OS release).

        The biggest problem with the new approach, of course, is that if you are in a situation where the VPN is the only usable path out of a network (e.g. the way many corporate computers are configured), those malware definitions will never get updated, because they'll never be able to connect to Apple's servers. And that means that in trying to make an extraordinarily unlikely attack vector impossible, they've greatly reduced security in an extraordinarily common configuration.

        This change is crap. Pure, unadulterated crap.

        A better solution, rather than fundamentally breaking the networking stack, is to make the user aware that their connection has been hijacked and is unable to update its malware definitions. After all, if your system is compromised to that point, then the binary signature blacklist probably isn't going to be adequate at cleaning up the machine anyway. Better to inform the user that something is wrong.

        Unfortunately, that's not the Apple way, at least lately. Just look at what a nightmare it is to figure out why a Time Machine backup didn't complete, for example, and you begin to realize just how many failures Apple silently hides from the user, often to the user's detriment. Apple seems to prefer silent failures and hoping for the best over informing the user so that things can get fixed. It really is time for Apple to undergo a major course correction, before it is too late.

    • The implication of the above is that they can circumvent any firewall rules that are 'inconvenient' to their data collection, which should be an obvious assumption to make considering that the firewall is part of macOS -- so the title is accurate: you don't own your own computer, Apple does, and they'll do as they please. Glad I don't use Windows *or* have anything made by Apple.
  • Really? (Score:4, Insightful)

    by Eric Freyhart ( 752088 ) on Friday November 13, 2020 @12:34PM (#60720172) Journal
    Does this surprise anyone? We have NO privacy protections in the United States. Period. And anything that exists is a complete joke.
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Friday November 13, 2020 @02:17PM (#60720746)
      Comment removed based on user account deletion
      • Re: (Score:3, Informative)

        by Anonymous Coward

        Which they apparently don't, unless someone can come up with a really, really, super good reason why Apple needs to log every Apple user in the world's attempts to start an application.

        Is the reason "this blogger lied to you" good enough?

        "These OCSP requests" as the blogger calls them are PKI certificate revocation checks.
        Your web browser just made 13 of those when you loaded the slashdot homepage, no matter which browser and OS you are using.

        The certs of published software you run aren't sent anywhere.
        The certificate revocation list itself is downloaded in whole, and yes this is over http, but is itself a signed CRL. It isn't accepted if it isn't signed by their root key.

        It also isn't '

  • Obviously (Score:5, Insightful)

    by rastos1 ( 601318 ) on Friday November 13, 2020 @12:36PM (#60720180)

    Mine computer is mine. Because I run an OS that does not rat on me.

    If you don't, you wandered into wrong site.

    • Re: (Score:3, Insightful)

      by Anonymous Coward
      I only installed 2 programs on KDE Neon this morning and neither of them worked without my having to fix something. It takes a special type of person to believe that is a superior experience.
      • Re:Obviously (Score:5, Insightful)

        by lorinc ( 2470890 ) on Friday November 13, 2020 @01:43PM (#60720562) Homepage Journal

        Immediate comfort is not always necessarily the superior option.

        Your are confounding the lack of negative for a positive. Sitting on a couch all day, eating junk food while watching movies is certainly very comfortable, but does it really bring joy at the end of the day?

        You are also forgetting to rank the negatives. What good is avoiding a small discomfort if it leads to a bitter end?

    • by thegarbz ( 1787294 ) on Friday November 13, 2020 @03:06PM (#60720932)

      If you don't, you wandered into wrong site.

      I wonder into lots of wrong sites. I often picture the poor Microsoft telemetry analyser opening the links I look at in Edge and saying "Wait what are they doing with that pineap... oh God!"

  • by WorBlux ( 1751716 ) on Friday November 13, 2020 @12:36PM (#60720184)

    Of course they are making a wall garden. They want to give you a walled garden where every path is pay-walled. The whole Unix thing was a trap all along. They are selling curated appliances, no longer selling general purpose computers.

  • Apple sells Apples (Score:5, Insightful)

    by John Allsup ( 987 ) <slashdot@chal i s q u e.net> on Friday November 13, 2020 @12:39PM (#60720194) Homepage Journal

    Apples come with many strings attached. If you need or want an Apple, buy an Apple. If you value privacy, buy a PC and run Linux. You can take the savings of having a mac with only 16GB Ram and buy a separate machine for all you non Apple-specific stuff. In short, use your Apple for the specific things that require an Apple, and a regular PC for everything else.

    • use your Apple for the specific things that require an Apple

      This makes me wonder. What are those things that require an Apple? What is the killer app these days? Surely it can't be Photoshop anymore.

      • by Anonymous Coward on Friday November 13, 2020 @12:58PM (#60720298)

        This makes me wonder. What are those things that require an Apple? What is the killer app these days? Surely it can't be Photoshop anymore.

        Showing off to your hipster friends is the only thing that comes to mind.

      • by tepples ( 727027 )

        What are those things that require an Apple?

        Certain steps of porting an application to macOS and iOS.

      • As a cloud engineer the experience is hard to beat. Developing python or node on windows is a nightmare imho. We would use linux, but the tools needed to meet compliance such as MDM, DLP, and EDR tools are not there.

        It's the closest we can get to what we want in a corporate setting.

    • I mean, you can technically just run MacOS in a VM, at least for now. Possibly a breach of contract, but that's between you and your god.

      Hopefully one or both of two things happen: 1) Someone implements a generic version of the M series chip(s) with a little clean room reverse engineering, or 2) Apple keeps pumping out x86 Macs of some flavor in parallel with their custom chips, which keeps MacOS x86 alive indefinitely.

  • I mean, I still control where and when (and how) it gets used, even if Apple knows about it.

  • FTFY, oh and who knew?
  • Has become, like Facebook and Google, a privacy rapist.

  • Have to save some of my dignity and I'm still on 10.

  • by big-giant-head ( 148077 ) on Friday November 13, 2020 @12:46PM (#60720228)

    Funny how Apple had all these sanctimonious ads talking about how much better their privacy was than Google's. Now it turns out, it's exactly the same, maybe worse.

  • It might be worth sniffing traffic, looking for similar signatures coming from machines running other OSes.

    Once the spooks get a bright idea working on one platform, you can count on them feeling itchy if they can't get the same visibility on others.

    Not a security guy? Got a switch or a hub connecting you to your network? (Or an Ethernet cable hooking your machine to your landline modem or hooking your wifi router to your landline modem - switches are just a few bucks. Buy one and a short Ethernet jumer and hook it in series.)

    Look at the lights when you're doing nothing. Are they flickering? Why is that? Launch an app that should be purely local. Did they flicker some more? Why is that? Do something that should be local - like editing text in a window or saving a file. More flickers? Why is that?

  • by rickb928 ( 945187 ) on Friday November 13, 2020 @12:48PM (#60720240) Homepage Journal

    First, that you could not open an app because your computer couldn't inform your overlords of your activities? Seems like a pretty huge bug, DOS* because you cannot log your activities. What if the server fails, you sit around waiting for a prompt?

    Second, though:

    "new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them."

    So, essentially, your VPN is no longer actually secure. what other rules, those we do not yet know, bypass the VPN? Legal surveillance requests from authorities?

    No, I don't pretend Windows is any better, but that's not a very high bar. Apple can set aside their mantra of 'the privacy' when it suits them, and welcome to the world us Windows users live in, where this is all at the convenience and forbearance of the vendor(s) patronized. We can only hope Linux can be made less intrusive, in some flavor, since there are flavors to be had.

    * - in this context, DOS is a denial of a service. Maybe not flooding your web server, but instead preventing you from accessing a service or services on 'your' computer.

  • nsa guide (Score:5, Informative)

    by fulldecent ( 598482 ) on Friday November 13, 2020 @12:49PM (#60720250) Homepage

    The NSA's most recent guide for hardening macOS computers was taken off their website.

    But you can still get it at https://github.com/nsacyber/ns... [github.com]

    It is very dated. I haven't seen a newer version.

    • So macOS computeroids (that's what they are) are a way into the NSA...

      Everyone else on the planet: Write that down Write that down!

  • And where in the EULA did I agree to this level of information sharing?

    • Re: (Score:2, Insightful)

      There need to be criminal charges filed formany instances of unlawful access to a network (your LANs), and a class action for false advertising.

    • Re:EULA (Score:4, Informative)

      by Applehu Akbar ( 2968043 ) on Friday November 13, 2020 @02:11PM (#60720728)

      And where in the EULA did I agree to this level of information sharing?

      Sharing information about the apps you run is an opt-in checkbox that comes up whenever you run a new macOS upgrade: "Share information with developers."

  • and yeah, I bet the "small price to pay for your privacy" argument has a point, but still.

  • Add to /etc/hosts:

    0.0.0.0 ocsp.apple.com

    Then restart DNS cache:

    $ sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

    • As I just said to someone else: no reason to believe that they won't have multiple ways of accessing their own 'telemetry' servers much like Microsoft does, to ensure they get the data and circumvent any attempts at circumvention. You'd have to play some Whac-a-Mole with your macOS for a while to find them all.
    • Blacklists are fallacious by definition. Whitelists are only avoided due to the amount of work they pose initially. I found graylists (deny at first, but allow if some special conditions are met.) to be a nice solution, if that concept is applicable here.

      And I recommend running your own DNS server, and adding whitelists or blacklists in there.

      Anyone know any definition of "non-evil destination of a IP packet" that can be turned into an algorithm?

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Friday November 13, 2020 @12:57PM (#60720292) Homepage

    Lots of ways [ico.org.uk]: consent must be freely given If the individual has no real choice, consent is not freely given and it will be invalid [ico.org.uk]; the user must have consented This requires more than just a confirmation that they have read terms and conditions â" there must be a clear signal that they agree [ico.org.uk]; etc, etc.

    However I do not expect the ICO (UK data protection) or others to complain as the respective governments probably share in the data slurp.

  • so apple really does not want the pro market any more?? as this is an big turn off to enterprise.

    Also if the new cpu for the pro system don't have pci-e slots or high video cards any more then may as well just say it now and put out the last call for the mac pro they have now.

    • The first systems are SoC-based. They still probably have to develop bridge chips if they want access to more. And they still might. But why would you not want the SoC out on the market while that's in development? They'd rather have the M1 problems fixed before pairing it with another chip.

  • The new APIs don't permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.

    The very second an OS overrides it's firewall rules is the exact very second it becomes completely untrustworthy.

    I think even Microsoft, with all of it's bad PR call-home telemetry, doesn't bypass its internal firewall. Now going thru the gobs of rules to disable it is one thing, but it doesn't override your settings behind your back (OK so it might "fix" them after an upgrade. I chalk that up to very sloppy programming and management, and they can be reenabled.) If not, Windows goes in the bin as well

  • by infinsq ( 673626 ) on Friday November 13, 2020 @01:05PM (#60720330)
    OCSP is the gatekeeper daemon. If you donâ(TM)t want it on, turn it off. Then youâ(TM)re responsible for making sure apps havenâ(TM)t been modified and that are none are known to be bad actors. Thatâ(TM)s your trade off.
  • For control of your computers and phones. Google controls all web development and keeps Mozilla as a puppet and Apple controls most Phones and Macs. Apple directlly influences Android (notice how home buttons disappeared after iPhone X). Microsoft trys to get in the fight sometimes but they gave up their mobile os and own browser thanks to Google already. The biggest fight is yet to come, but the two trillion dollar titans are going to deal a lot of damage to each other.
  • ... in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. ... Lots of people didn't realize this, ... ...
    Now, it's been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch ...

    If this has been known to security guys for long enough to have a popular app to block AND/OR filter it, why ISN'T it widely known?

  • It's the Tuttle/Buttle situation when all your data is collected - obscurity by numbers. (Reference - https://en.wikipedia.org/wiki/... [wikipedia.org] )

    This is the price you pay for convenience.
    In the vast amount of cases (so far), the only risk you face is your data being stolen.
    But if we extrapolate the data collected and the "legal" parties allowed to access that data, it can indeed paint a dystopian picture.

    Whilst there's a Tuttle/Buttle chance that you may be accidentally "marked" by authorities, the bigger risk is .

  • Based on the recent complaints about apps not working, this seems to only mean the just-released latest version - Big Sur, macOS 11. Does anyone have any evidence this is happening on other versions of macOS?

    Has Apple tried to make any defense of this practice?

    Also, I will mention that Linux Mint runs quite well on my 2015 MacBook Pro.

  • by AcidFnTonic ( 791034 ) on Friday November 13, 2020 @01:14PM (#60720382) Homepage

    Wait until someone makes a smart firewall monitor....

    Really thinking about this... A big "did you know X was happening" type system.

    "Hey the machine you joined to wifi last night, reappeared this morning at 2am and downloaded 30meg from these 4 sites".
    "Hey your desktop started talking to a new server it hasn't talked to before, during hours you were asleep. Here's the sites".

    "Hey we detected small trickle of data leaving machines that can't be decrypted using the certificates in the cert store, perhaps you should look into this (blob of traffic here).".

    I really want this. We need some kind of smarter monitor to catch apps doing this crap.

  • Little Snitch can be set to filter reports, so it looks like you're wide open but you can run particular apps without them being reported. Or so it would seem.

    But how do you launch Little Snitch without the OS reporting that Little Snitch is being l launched - before it can start interfering with the reports?

  • Correction (Score:5, Informative)

    by Artem S. Tashkinov ( 764309 ) on Friday November 13, 2020 @01:15PM (#60720388) Homepage

    "Your MacOS computer running MacOS is leaking your application usage behavior and potentially deanonymizes you while being online"

    FTFY.

    Let's get away with exaggerated yellow headlines. The more important thing here is to discuss how severely locked down Mac hardware is and how difficult it is to run anything other than MacOS on them but then it applies to a wide range of devices, including Android/iOS phones and Chromebooks. E.g. absolute most people are unable to replace their Android OS with anything different.

    Let's talk about how to force OEMs and Apple to make their devices open (specifications, APIs, access keys) and suitable for third party software. This would be interesting.

    I for one would like to have a MacBook with M1 running Linux but I suspect it will never be possible considering how proprietary Mac hardware has become. Even though the M1 SoC features the Arch 64 architecture that Linux supports, good luck trying to utilize their ML engine, GPU, sensors, disk encryption module, not to mention RAM whose operational mode (HSA) and layout are quite different to what we've had before.

  • How does it make you feel when you can't use your computer because it's spyware isn't working? Still like Apple? I never have.
  • Apple touts the end-to-end encryption of iMessage, and the security of iPhones such that they can't help out law enforcement with breaking into a device. (though there are third-party apps in wide use by police to do exactly that)

    What this blog entry points out is that iCloud backups are encrypted with keys managed by Apple, and what gets included in a backup is all your iMessage conversations. So given their involvement in PRISM, the govt can simply ask for those backups, and gain access to your text con

    • by EvilSS ( 557649 )
      This has been known for a while, and I believe it is documented by Apple. Apple has even said that they will turn over the data they have from you on their servers if ordered to (it's come up in some of the "terrorist" cases with iPhones in the past). You can turn off the iCloud backups in iOS directly if you want, along with turning off messages use of iCloud (which is a separate thing from backups). It sounds like the behavior in MacOS can't be disabled using the built in GUI, and may not have been docume
  • by BAReFO0t ( 6240524 ) on Friday November 13, 2020 @01:18PM (#60720406)

    Unless you are the one programming that universal information processing machine, you're not using the computer.
    You're using an appliance with modules, that merely happen to be implemented on a computer. If you call that a computer, you must call your washing machine a computer too. (It probably has an ARM-based computer inside.)

    It’s a device, designed like what somebody with no clue about computers imagines a computer to be. You know, like how in movies they imagine a hacker to have an octopus that holds seventeen displays with huge fonts and do nothing but frantically type to make images and windows pop up and close and code and hexdumps flowing past in the background.
    Because basically, that's what happened: We let PHBs and iLuddites design our computers to fit their wishes, even though they completely lacked the knowledge to imagine the actual possibilities and power and freedom and concepts behind them that a computer gives you.
    And currently we do the same thing to the Internet. (At least they are still mostly confined to the web. But I assume the WhatWG will come out with webTCPIP for a webInternet any time now. ;)

    This is probably how technicians and mechanics feel about IKEA electric screwers with a whopping 1.5Nm (instead of 50 or 800) of screwing force, no spec sheet, and no replacements parts source. Or how a carhead feels about vehicles that can't be serviced anymore.

  • A real journalist would've at least tried to contact Apple and get their response to this - even a "no comment" would be something.

    Not that I don't believe it's happening but I'm hard pressed to understand how/why the evil US NSA would need to know whenever/whereever you open Safari and it's NOT because you left your ANALYTICS USAGE TURNED ON!

  • They buy a fashion accessory/surfing appliance. Customers don't care about their fashion accessories phoning home or Apple and Android wouldn't be spectacularly successful.

    Those who do choose differently.

  • go on...

    Hmmm popcorn.

  • Illegal in Europe? (Score:5, Interesting)

    by fgouget ( 925644 ) on Friday November 13, 2020 @02:09PM (#60720718)
    How can this be legal in Europe? It's not just the RGPD [wikipedia.org], but countries also have strict rules around building databases that contain personally identifiable information. Or does Apple disable this functionality if it detects the computer is located in Europe?
  • by aRTeeNLCH ( 6256058 ) on Friday November 13, 2020 @03:54PM (#60721090)
    I run Manjaro Linux on a Pine Book Pro. I don't have the friends that would be impressed with me owning and operating an Apple device, nor do I have a need for such a device (which some people may certainly have).
  • by neuro88 ( 674248 ) on Friday November 13, 2020 @10:22PM (#60722292)
    Your computer isn't yours anymore? No shit. But it doesn't have to be that way. Freedom isn't free, there's a hefty fuckin' fee:
    https://raptorcs.com/ [raptorcs.com]

    But if you can buy Apple products, this probably isn't that bad for you anyway especially if you go with a Blackbird based system.

    Open source motherboard, open source firmware, open source BMC. You currently have a choice Linux, FreeBSD, and OpenBSD.

    Personally, my big complaint are all the weird kernel bugs in Linux that are ignored because it's a niche platform... But you'll completely own your computer.

You are always doing something marginal when the boss drops by your desk.

Working...